Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Security foundations

Updated on July 1, 2021

Security and privacy are concerns at the forefront of every organization. Understanding security foundations better help you to implement a comprehensive security solution.

Application and data security are major concerns of information technology organizations today.

The combination of an evolving regulatory environment and threat landscape have put a burden on customer engagement and digital process automation teams. Critical business systems have become more interconnected and need to leverage increasingly sensitive data as regulations expand. Securing these systems against attack becomes critical to avoid negative customer perception and potential regulatory sanctions.

Defining security objectives

Security policies and standards are the framework used to define the requirements and controls. Our teams must comply to prevent unauthorized access to systems and mitigate attacks that negatively impact the confidentiality, integrity, and availability of our client environments. These types of events cost our clients time, money, and brand integrity.

The components of the Pega security framework include:

  • Policies: The ground level requirements for relevant in-scope functions
  • Standards: Detailed requirements for relevant in-scope functions
  • Procedures: Documented guidelines and instructions to maintain compliance with the policies and standards

Pega operates a broad policy stack where corporate functions such as HR, legal, IT, and other relevant groups supporting the entire company maintain policies and standards applicable to the entire workforce and relevant subcontractors. Business groups then build on these policies and standards with additional requirements based on regulatory or contractual obligations in support of the business outcomes, however these cannot be defined in any less restrictive way than the corporate function policies.

Successful implementation of and compliance with the Pega security framework allows for:

  • Access control: Prevention of unauthorized access to systems and data
  • Availability control: Prevention of attacks on systems that degrade the confidentiality, integrity, or availability of Pega environments
  • Audit management: Avoidance of costly and time-consuming audits to determine the source or impact of a security event

CIA triad

Confidentiality, integrity, and availability, is a model designed to guide policies for information security within an organization. The elements of the triad are considered the three most crucial components of security.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us