Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Security is a Shared Responsibility

Updated on December 18, 2020


Pega takes application and system security seriously. Security is a shared responsibility between Pega and our clients.

Each successive release of Pega Platform has augmented the security features and capabilities available to harden Applications and Systems against improper access and to protect the data that those applications manage.

Pega publishes security guidelines and leading practices on the Pega Developer Community and regularly updates these guidelines as new capabilities are added. Specifically, these guidelines include a Security Checklist that is intended to ensure that applications and systems follow these leading practices before production deployment and the commencement of managing sensitive data.

For more information, see the Security Checklist.


Pega recommends all systems are evaluated against this checklist:

  • Before initial production deployment
  • Whenever any significant application, system, or environment changes are rolled into production
  • At regular intervals, at least annually, to ensure changes have not been introduced inadvertently and to stay abreast of the latest security leading-practices that may involve third-party as well as Pega components

Our strongest security guideline, in keeping with OWASP Top 10 and industry leading practices is to keep systems current with the latest security patches and features. This applies to Pega components as well as to third-party stack elements.

Ensure that you are always on the current version of Pega Platform by referring to What's New in Pega Platform. If you are running an older version it does not have the latest and improved security features and you should plan to upgrade and/or apply patches and stay current.

We Can Help You

The Security Checklist provides advice and direction for securing infrastructure, stack, and Pega Platform settings, as well as application design.

Pega Cloud clients have many checklist items already applied by the Pega Cloud operations team as part of the service provided within the terms of their agreements. However, settings at the application design level, still require client attention.

Beyond the leading practice guidance and the checklist, we are continuously upgrading the tooling, enablement, and service offerings to assist you in undertaking a review and potential hardening of your applications and systems.

If you have questions or would like to engage our help in reviewing your security settings against leading practices, please email us.


Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us