Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Compliance with regulatory standards

Updated on March 15, 2022

Regulatory compliance ensures that organizations are aware of and comply with relevant laws, policies, and regulations. Regulatory compliance is when a business follows international and local laws and regulations that are relevant to its operations.

The specific requirements can vary, depending on the industry and type of business. Regulatory compliance also pertains to specific industries. No matter the industry or company size, all businesses must adhere to certain laws and regulations as part of operations.

The specific requirements can also vary depending on the country in which the business operates in. For example, if your company is based in the United States but serves customers in Europe, you must follow the local standards (such as the General Data Protection Regulation) that ensure the rights of your European customers.

Regulatory compliance should not be confused with compliance with company policies and procedures, and compliance with internal requirements set forth by the business. While all three types of compliance are important to ensure integrity, safety, and ethical behavior in businesses, it helps to understand the difference.

Pega clients need to comply with local regulations when developing and managing their applications. For example:

  • A healthcare provider in the United States must keep the Health Insurance Portability and Accountability Act (HIPAA) standards in mind when developing an application, because personal identifiable information must be encrypted to be kept secure and in compliance.
  • A United States-based financial services company that does business in Europe would have to abide by the regulations set forth in the General Data Protection Regulation (GDPR) for their European customers. GDPR regulations need to be considered during development, but also when the application is live, because GDPR gives European customers the right to have their data deleted.

California Consumer Privacy Act - United States regulation

The California Consumer Privacy Act (CCPA) is a state-wide data privacy law that regulates how businesses all over the world are allowed to handle the personal information (PI) of California residents.

Note: For more information, see the official California Consumer Privacy Act website.

Health Insurance Portability and Accountability Act - United States regulation

HIPAA was created primarily to modernize the flow of healthcare information in the United States, stipulate how personally identifiable information is maintained by the healthcare and insurance industries, and address limitations on healthcare insurance coverage. Dominantly, HIPAA provides security provisions and data privacy to keep patients’ medical information safe.

Note: For more information, see the official Health Insurance Portability and Accountability Act website.

Federal Risk and Authorization Management Program - United States regulation

The Federal Risk and Authorization Management Program (FedRAMP) is a United States government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

FedRAMP simplifies security for the digital age by providing a standardized approach to security for the cloud.

Note: For more information, see the official FedRAMP website.

  • General Data Protection Regulation

    Implementing client-based access control (CBAC) helps you satisfy the data privacy requirements of the European Union (EU) General Data Protection Regulation (GDPR) and similar regulations. Personal data is associated with an actual person, not with an abstract entity such as a business.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us