Pega provides transparency about our compliance posture on emerging and established international and local regulations and standards. We maintain an extensive set of compliance certifications and attestations, and third party assessments to give you confidence in our solutions.

"Our customers require a higher level of security, and Pega exceeds those requirements."
ISO 27001 preview card

ISO/IEC 27001:2013

Pegasystems Inc. has obtained ISO/IEC 27001:2013 (“ISO 27001”) certification of its information security management system supporting infrastructure and services used to support the Pega Cloud Managed Service Infrastructure. ISO 27001 is a globally recognized standard for the establishment and certification of an information security management system (ISMS). 

GDPR preview card

General Data Protection Regulation

The GDPR goes into effect May 25, 2018, and has major repercussions for companies worldwide. With potential fines of up to 4% of revenue, this is much more than a compliance issue. Currently, there is no official certification for GDPR compliance. Pega is committed to providing secure solutions that enable our customers to fully comply with data privacy and security best practices, including the GDPR.

AICPA preview card

Service Organization Controls

Pega has received a SOC 2 Type 2 report from an independent audit firm which describes how Pega Cloud complies with Service Organization Controls framework. This report provides Pega Cloud clients with confidence in Pega's information security practices.

HIPAA preview card

Health Insurance Portability and Accountability Act

Currently, there is no official certification for HIPAA or HITECH Act compliance. However, Pega has received an assessment from an independent audit firm which concluded Pega Cloud meets the requirements of the HIPAA/HITECH privacy and security regulations. This assessment provides Pega Cloud clients with confidence that they can securely process and store PHI (Protected Health Information) in Pega Cloud.

PCI DSS preview card

Payment Card Industry Data Standard

Pega has received an Attestation of Compliance (AOC) from a qualified security assessor which demonstrates that Pega Cloud is compliant with PCI DSS. This enables Pega Cloud clients to reduce the associated effort and costs to obtain PCI certification for an end-to-end solution which leverages Pega Cloud as a component.

Privacy Shield preview card

EU-U.S. and Swiss-U.S. Privacy Shield Frameworks

Pega complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework for protecting personal data transferred from the EU and Switzerland. Pega's adherence to the Privacy Shield Principles allows clients to comply with the data protection requirements of the EU Data Protection Directive when transferring personal data to Pega and its affiliates outside of the EEA and with the requirements of the Swiss Federal Act on Data Protection when transferring personal data outside of Switzerland.

FedRamp preview card


Pega Cloud for Government is in the process of achieving FedRAMP compliance and an Authority to Operate (ATO) at the Moderate level. The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. Federal government program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services, in order to accelerate the adoption of secure cloud solutions by government agencies.

VPAT preview card

Rehabilitation Act of 1973, Section 508

Pega Cloud meets the accessibility requirements as outlined by Voluntary Product Accessibility Template (VPAT), in accordance with the Section 508 standards. The VPAT assists U.S. Federal contracting and procurement officials in understanding how Pega Cloud meets accessibility requirements.

FDA preview card

FDA CFR Title 21 Part 11

Although regulatory authorities do not certify individual products or services as Part 11 compliant, the Pega Platform provides life sciences organizations with the necessary process and technical controls needed to achieve compliance with FDA CFR Part 11.

Gcloud preview card

UK G-Cloud

Pega Cloud is listed as a cloud service provider on the G-Cloud Digital Marketplace. This enables U.K. government agencies to easily locate and procure Pega Cloud services.