Skip to main content

Client Data Rights and Responsibilities for Pega Cloud

Suggest edit Updated on April 27, 2022

This content applies only to Pega Cloud environments

This article is part of the Pega Cloud Subscription Documentation.

 

Clients must agree to comply with the Pega Cloud Acceptable Use Policy.

The below rights and responsibilities will govern clients’ use of the Subscription Services in addition to and in accordance with the terms of clients’ Agreement and an applicable Schedule.

During the term of the Subscription Services, Client will:

  • Notify Pegasystems of specific data domiciling or regulatory requirements, such as U.S. or EU-only data storage or Business Associate Agreements;
  • Be responsible for the accuracy, integrity and legality of content and data;
  • Be responsible for the classification and use of the application data they collect, including:
    • Data minimization and retention
    • Data use limitation
    • Data quality and content integrity
  • Be responsible for configuring a Guardrail Compliant Client Application;    
  • Be responsible for verifying that the application design for Client application adheres to performance best practices, by utilizing Pega Predictive Diagnostic Cloud (PDC) and adopting performance recommendations;     
  • Be responsible for any third-party software, tool, library or component that is installed and/or used by or on behalf of the Client in any Environment in connection with the Subscription Services;
  • Not include Protected Health Information (PHI) in a Production Environment unless using Pega Cloud HIPAA/HITECH Edition;
  • Not include Personally-Identifiable Information (PII) in a Production Environment unless identified in the Schedule to the Agreement;
  • Not include confidential or sensitive data in the Client Application log files; 
  • Create and protect security credentials related to Client’s use of the Subscription Services;
  • Notify Pega within twenty-four (24) hours if it becomes aware of any actual or alleged data security incident at the application layer;
  • Be responsible for third party data flows that the Client integrates with and into the Environments;
  • Agree that Pega will update Pega software to stay current on Pega's latest generally-available release;
  • Acknowledge that Pega stores names and email addresses for client-identified named contacts who may contact Pega Support.  If Client has regional or industry requirements that prohibit client’s PII as it relates to the names and email addresses of their staff’s assigned contacts in Pega’s My Support Portal (MSP), it is the Client’s responsibility to register anonymous names and email address for these named contacts.  It is then Client’s additional responsibility to manage internal routing of these anonymous emails to their named staff.
  • If Client elects to move private or confidential data to non-production environments (sandbox or non-production mirror sandbox), Client will be mindful of security best practices as described in the Security Checklist.

For additional information on accomplishing these tasks, see the below articles, which are not part of the Pega Cloud Subscription Documentation:

In addition, clients agree to maintain certain controls in their Pega Cloud environments, which complement the controls in Pega Cloud. 

Clients must agree to:

  • Establish, manage, monitor, and otherwise control all application user accounts and privileges within their developed applications.
  • Report issues and incidents to Pega Cloud, and follow  up on the status of those issues to ensure that they are resolved.
  • Configure appropriate security controls in their application, and monitor the security of the developed application by using Pega Platform tools. 
  • Configure appropriate masking for fields where customer data is private or confidential (where applicable and based on client security policies). 

For additional information on accomplishing these tasks, see the below articles, which are not part of the Pega Cloud Subscription Documentation:

Did you find this content helpful? YesNo

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us