Defining security objectives

Security policies and standards are the framework used to define the requirements and controls. Our teams must comply to prevent unauthorized access to systems and mitigate attacks that negatively impact the confidentiality, integrity, and availability of our client environments. These types of events cost our clients time, money, and brand integrity.

The components of the Pega security framework include:

• Policies: The ground level requirements for relevant in-scope functions
• Standards: Detailed requirements for relevant in-scope functions
• Procedures: Documented guidelines and instructions to maintain compliance with the policies and standards

Pega operates a broad policy stack where corporate functions such as HR, legal, IT, and other relevant groups supporting the entire company maintain policies and standards applicable to the entire workforce and relevant subcontractors. Business groups then build on these policies and standards with additional requirements based on regulatory or contractual obligations in support of the business outcomes, however these cannot be defined in any less restrictive way than the corporate function policies.

Successful implementation of and compliance with the Pega security framework allows for:

• Access control: Prevention of unauthorized access to systems and data
• Availability control: Prevention of attacks on systems that degrade the confidentiality, integrity, or availability of Pega environments
• Audit management: Avoidance of costly and time-consuming audits to determine the source or impact of a security event

CIA triad

Confidentiality, integrity, and availability, is a model designed to guide policies for information security within an organization. The elements of the triad are considered the three most crucial components of security.