Skip to main content

Change Management process

Suggest edit Updated on June 2, 2022

Pega Cloud provides comprehensive change management Pega Cloud. Pega efficiently and securely plans, reviews, tests, implements, and validates your requested changes.


Pega manages changes Pega Cloud, which includes the underlying cloud infrastructure and patches to Pega-licensed products. You are responsible for the top-layer application layer applications and must conform them to the established Pega Platform best practice and Guardrail Compliance instructions.

For more information, see Improving your compliance score.

For more information about client responsibilities pertaining to client requests to change access levels, data, or the platform, see the Access, data, and platform changes section below.

Requesting changes

To request a Pega Cloud environment change, make a request by selecting New request in My Support Portal. Select For something I need, then select Cloud Change. In this change request, provide the following items:
  • All relevant change plan information, including:
    • Complete description of the change
    • Change plan with at least one task for the Pega Cloud team
  • All significant production change requests (CC) require your organization's Security Contact.
  • Materials
  • Supporting documentation
  • Proposed start and end dates, times, and time zones for the change

All significant production change requests (CC), requires Security Contact approval. For such cases we need the Security Contact to approve the CC support case in My Support Portal. For guidance to complete the approval process, see Cloud Change approval process .

Pega cannot make a change unless the change is explicitly mentioned in the request.

Client requests to migrate your customer data or other client-confidential information into a non-Production environment are not supported and such requests will be denied.

When submitting your Cloud Change request, you should provide a minimum two hour's notice for Pega Cloud to complete the change. If you require less time for a high priority change, the team will complete your request using a Severity 1 ticket; downtime is required. For such high-priority changes, use the Pega Support Contact Information link to request assistance from a representative.

After you submit the request, you can view the status and progress of the requested change within My Support Portal until your confirm with Pegasystems Global Client Support that your requested change works satisfactorily. Pega Cloud coordinates and schedules all approved change requests with you to verify that the change has minimal impact to your Pega Cloud environment.

You should only submit change requests for activities that you cannot otherwise perform through the Dev Studio. For example, you can create and import RAP files that contain rules, classes, and data without Pega assistance. For Pega software upgrades and other changes required for the proper operation of cloud environments submit a request to My Support Portal.

If you have change requests for multiple environments, please submit a separate request for each environment.

Change categories

The individual tasks in a change request are divided into the following two categories:

  • Standard: Low-risk changes that are specific, concrete, and pose little information security or compliance risk.
  • Significant: Higher-risk changes that require review by the Pega Cloud Change Advisory Board.

    Tasks in this category are further subdivided into the following categories:

    • Access changes
    • Data changes
    • Platform changes

    For more information about client responsibilities pertaining to client requests to change access levels, data, or the platform, see the Access, data, and platform changes section below.

    Change request tasks can be classified as singular or non-singular. For singular tasks, you cannot add additional tasks to your change request.

Production changes

To make sure that changes to production environments conform to security, compliance, and quality controls, change requests that include one or more Significant-category change tasks to production environments must undergo technical review and be approved by the Pega Cloud Change Advisory Board (CAB) for security and business-risk purposes. Change requests for Standard change tasks do not require technical approval or CAB review.

For Significant change requests in production environments, Pega recommends that you test the change in a non-production environment (development or staging) before submitting the change request for the production environment. When submitting the production change request, provide the change request case ID from the test in the non-production environment. This best practice helps prevent untested and potentially harmful changes from being rolled out to production.

The CAB includes Security, Compliance, and Operations representatives; it meets three times weekly on Monday, Wednesday, and Friday mornings on Eastern Time. The CAB reviews all significant production changes from baseline, both before and after "Go live," so that Pega does not introduce security issues, performance problems, unapproved configurations, compliance deviations, or non-standard features. Pega Cloud cannot make a change that alters security control or violate industry and government compliance regulations.

All production environment change request that include one or more Significant-category change tasks, with the exception of Emergency change requests (see section below), require the following items:

  • A description of the change
  • A completed Change Plan that details the required tasks
  • A reference request for the change in the lower (non-production) environment
  • Test results for full testing of the change in the lower (non-production) environment
  • Requested start and end dates, times, and time zone for the requested change
Note: For production environments, the requested change can only be made during your specified maintenance window.

When you request a change, provide the above information in your request. If Pega is making the change for maintenance reasons, Pega Cloud will create the request and include the above information.

Pega Cloud Change Advisory Board might deny a requested change due to security, operations compliance, or other business reasons including, but not limited to, restrictions outlined by the Pega Cloud Subscription documentation. Pega Cloud will include the reason for denial in the request, as well as alternative options (when available) and additional instructions or questions.

You can appeal denied change request by resubmitting the request with additional justification, or by confirming you took rectifying steps as recommended.

Withdrawing or rolling back change requests

You can withdraw a change request up to 30 minutes before its scheduled start time. To withdraw a change request, the the Pega Support Contact Information link or update a Pulse note in My Support Portal before the implementation starts. If the change request implementation has already started, you can request to roll back the change. After Pegasystems Global Client Support implements your change request, it remains open for 96 hours so that you can validate it if needed.

Access, data, and platform changes

To protect the security of Pega Cloud client information in production environments, Pega requires written authorization from your Client Security Contact for access level changes, data changes, and platform changes. This written authorization must provide all the details necessary to implement the change. Make the authorization specific to one request only and provide it to Pega Cloud through email, document, or letter. Pega Cloud attaches the authorization to the Change Requested as an audited record of the request. Additionally, Pega might require a signed liability release form for requests to directly access a production database.

  • Access changes: Access level changes include requests to modify the authentication or authorization facilities of the environment, and other changes to access security files, such as certificates, ciphers, and network configuration files.
  • Data changes: Data changes include requests to modify (update, delete, drop, truncate) production data, and requests to copy, extract, or transmit production data in any way that could compromise data security. Note: You cannot request to move your customer data or other client-confidential information in a non-Production environment.
  • Platform changes: Platform changes include requests to modify files or folders in the Pega Cloud environment, change platform configurations (for example, kernel parameters, or services, and any requests to install or change software that is not part of Pega Cloud.

Non-production changes

The Pega Cloud Change Advisory Board does not review change requests for non-production environments, such as development, test, staging, user acceptance testing, because they do not require compliance or security impact analysis. However, they require a full change plan and a description of the proposed change.

Scheduling change requests

When you create a change request, you specify a Start date and time, which determines the urgency of your request. Based on the duration between the time of submission and the schedule start date and time, your request is classified with an urgency of either Normal or Emergency. The following table defines the criteria under which a change request is considered an emergency.

Change request urgency definitions

Standard change request for any environmentIf the planned schedule is > 48 hours from the time of submission, the urgency is classified as Normal; if not, it is classified as Emergency.
Significant change request for a non-production environmentIf the Planned schedule is >72 hours from the time of submission, the urgency is classified as Normal; if not, it is classified as Emergency.
Significant change request for a production environmentIf the planned schedule is > 12 hours in the future or two hours after the CAB starts, whichever is greater; and the change request is submitted at least 4 hours before the next CAB meeting, the urgency is classified as Normal; if not, it is classified as Emergency.

Emergency changes

For a service outage or other critical change to a production environment that includes one or more Significant-category change tasks and requires a response that cannot wait for the CAB, lower environment (non-production environment) testing is not required.

Emergency changes contain associated risks due to the reduced time and scope of the compliance and security review that can be performed.

The CAB must authorize requests for an emergency change upon confirmation of a justifiable emergency. For authorization, an emergency change must include the following information:

  • Required change plan details
  • Declaration that the request is an emergency
  • Justification for the emergency change
  • Name and title of the client contact requesting the emergency change
  • Requested start date and time to implement the emergency change
Did you find this content helpful? YesNo

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us