Pega Trust Center
Secure. Reliable. Compliant. Pega Cloud empowers the world’s biggest brands to meet – and exceed – the challenges of today and tomorrow. Learn how.
Comprehensive security. Without compromise.
Our security, privacy, and compliance programs adhere to industry best practices. We regularly validate Pega Cloud against rigorous global security and privacy standards, so you can rest assured your customer data is safe.
Security
Our security policies provide a framework for safeguarding against unauthorized access and preventing/mitigating attacks that compromise performance and availability.
Authorization & access
Manage user and system data access with role-based controls. Simplify native identity access management and integration with leading single sign-on technologies, including SAML, OAuth, and Active Directory.
Network protection
Our network architecture is designed to meet a range of security control requirements. Gain a secure operating environment isolated from fellow Pega clients and internal services thanks to our network rulesets and access controls.
Secure system integration
We offer multiple ways to integrate with systems in enterprise environments, including HTTPS, Direct Connect, Virtual Private Network, and SFTP.
Privacy
We know privacy is critical to any process involving your customers’ data. We continually evolve our standards to meet global regulations regarding the use and management of personal data.
Client-based access control
Client-based access control rules define where and how customer data is stored and accessed. We associate personal data with actual people, not abstract entities such as businesses, ensuring we meet privacy regulation requirements like GDPR.
Data encryption
Encryption is critical to protecting data, whether it’s in transit or at rest. We employ encryption that meets – or exceeds – client and regulatory requirements across all environments. When data is at rest, AES 256-bit encryption is our standard. For data in transit, we use TLS 1.2.
Compliance Certifications & Attestations
We keep pace with emerging and established international and local standards and regulations, maintaining extensive compliance certifications and attestations, plus third-party assessments.
Certifications
HITRUST
SOC 2, Type 2
PCI/DSS
FedRAMP
IRAP
Attestations
FDA
GDPR
HIPAA/HITECH.
Privacy Shield
VPAT 508
Service Reliability
Whenever you need us, we’re there – 24/7, 365. Because reliability is the cornerstone of strong service.
Global service operation centers
From Cambridge, Massachusetts to Krakow, Poland and Bangalore, India, the Pega Cloud global service operation center teams provide around-the-clock vulnerability and security management for environments and managed systems.
Complete system monitoring
We monitor for virtual infrastructure component issues and employ monitoring tools in order to get a full view of our network hosting environment. Plus, with Pega Access Manager, you gain a single view of your security model.
Risk & remediation
We handle risk and remediation by focusing on two areas of operational support: platform maintenance and incident response. Maintaining an updated platform is key to ensure all known vulnerabilities are patched. Our comprehensive approach to mitigation is designed to minimize the impact of any attempted attack.
"With more than 30 years of experience working with the world’s most respected brands, Pega understands the importance of security. This experience extends to Pega’s products and services that enable Pega to establish long-term partnerships with customers that are built on trust and transparency."