Skip to main content

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
   Apache Log4j vulnerability update: Learn what steps Pega is taking to address this 
Pega Products hero

Pega Trust Center

Secure. Reliable. Compliant. Pega Cloud empowers the world’s biggest brands to meet – and exceed – the challenges of today and tomorrow. Learn how.

Outline Circle
Little Circle
Outline Circle

Comprehensive security. Without compromise.

Our security, privacy, and compliance programs adhere to industry best practices. We regularly validate Pega Cloud against rigorous global security and privacy standards, so you can rest assured your customer data is safe.


Our security policies provide a framework for safeguarding against unauthorized access and preventing/mitigating attacks that compromise performance and availability.

Authorization & access

Manage user and system data access with role-based controls. Simplify native identity access management and integration with leading single sign-on technologies, including SAML, OAuth, and Active Directory.

Network protection

Our network architecture is designed to meet a range of security control requirements. Gain a secure operating environment isolated from fellow Pega clients and internal services thanks to our network rulesets and access controls.

Secure system integration

We offer multiple ways to integrate with systems in enterprise environments, including HTTPS, Direct Connect, Virtual Private Network, and SFTP.

Client-based access control

Client-based access control rules define where and how customer data is stored and accessed. We associate personal data with actual people, not abstract entities such as businesses, ensuring we meet privacy regulation requirements like GDPR.

Data encryption

Encryption is critical to the protection of data whether it is in transit or at rest. Pega Cloud employs encryption across all environments that meet or exceed client and regulatory requirements. When data is at rest, AES 256-bit encryption is the standard. For data in transit, Pega Cloud Services employs TLS 1.2.


Use our services to enable you to implement your own privacy and compliance strategies. We continually evolve our platform to provide the features and security measures that you may use to support your security and privacy strategy.

Compliance Certifications, Attestations, and Accessibility

We keep pace with emerging and established international and local standards and regulations, maintaining extensive compliance certifications, attestations, and accessibility, plus third-party assessments. 

When evaluating Pega's compliance posture it should be noted that Pega relies on a common set of controls. These common controls exist across the Pega Infinity platform, the underlying infrastructure, and the operations, administration and management provided by Pega. Pega applications deployed within/on the Pega Platform inherit these controls which are attested to in the current scope. For details and exclusions, please review our compliance statements here.

French HDS France HDS See certification
 ISO 27001

Certificate Number: 1745248-5

See certification
 ISO 22301

Certificate Number: 1408884-1

See certification


Learn more
AICPA logo

SOC 2, Type 2

Learn more


Learn more
FedRAMP logo


Learn more
Cyber Essentials logo

Cyber Essentials

Learn more
CSA logo

Cloud Security Alliance

Learn more
Seal of California state

California Consumer Privacy Act (CCPA)

Learn more
HIPAA preview card


Learn more
Privacy Shield preview card

Privacy Shield

Learn more

Voluntary Product Accessibility Template for Pega v8.7

Voluntary Product Accessibility Template for Pega v8.6

Voluntary Product Accessibility Template for Pega v8.5

Web Content Accessibility Guidelines (WCAG) Overview

Service Reliability

Whenever you need us, we’re there – 24/7, 365. Because reliability is the cornerstone of strong service.

Real-time system status:


Global service operation centers

From Cambridge, Massachusetts and Dulles, Virginia in the US to Sydney, Australia and Bangalore, India, the Pega Cloud global service operation center teams provide around-the-clock and follow the sun vulnerability and security management for environments and managed systems.

Complete system monitoring

We monitor for virtual infrastructure component issues and employ monitoring tools in order to get a full view of our network hosting environment. Plus, with Pega Access Manager, you gain a single view of your security model.

Risk & remediation

We handle risk and remediation by focusing on two areas of operational support: platform maintenance and incident response. Maintaining an updated platform is key to ensure all known vulnerabilities are patched. Our comprehensive approach to mitigation is designed to minimize the impact of any attempted attack.

Customer quote background image

"With more than 30 years of experience working with the world’s most respected brands, Pega understands the importance of security. This experience extends to Pega’s products and services that enable Pega to establish long-term partnerships with customers that are built on trust and transparency."

Alan Trefler CEO, Pegasystems