PagerDuty In Scope Services
PagerDuty incorporates generally available services into our compliance efforts based on anticipated use cases, feedback, and demand. Some services are available that are not currently listed in the scope of our most recent assessment, customers must evaluate before choosing to use those services, considering the associated risks with their data.
Determining the data you transmit to the PagerDuty Operations Cloud is a shared responsibility. Depending on the services you utilize and the data transmitted, you should assess if the service offers adequate controls to safeguard your data processing and storage, and how this may affect your compliance with customer data environment requirements.
PagerDuty and FedRAMP Authority to Operate:
In Process Status
The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. Federal government program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP leverages a standardized set of requirements based on NIST controls, including NIST 800–53. Established in accordance with the Federal Information Security Management Act (FISMA), compliance with these published controls provides transparency and confidence in the security of cloud solutions.
The PagerDuty Operations Cloud is In Process for a FedRAMP Low Impact Authorization. PagerDuty has been assessed as providing appropriate controls to protect Low Impact data, where the Confidentiality, Integrity and Availability of the data would result in limited adverse effects on the agency’s (or customers') operations, assets, or individuals. Services not yet authorized by FedRAMP but offered by PagerDuty require customers to assess the risk to their data and environment before use.
PageDuty Shared Responsibility Model
Security and compliance are shared responsibilities between PagerDuty and the customer. PagerDuty operates and manages the Operations Cloud services, while the customer selects, configures, and uses these services. In addition, customers are responsible for access management, user management, and managing data elements processed by the Operations Cloud. This shared responsibility allows customization of the Operations Cloud to meet a customer’s unique risk tolerance and regulatory compliance needs.
The security of data transmitted to the PagerDuty Operations Cloud is a shared responsibility. It's important to assess whether the services you use provide sufficient controls to protect your data during transmission, processing, and storage. Consider how this may impact your compliance with internal policy, local regulations, and customer commitments.
PagerDuty responsibility “Security of the Operations Cloud” — PagerDuty is accountable for safeguarding the Operations Cloud and the data it handles, ensuring confidentiality, integrity, and availability. This includes protecting customer–provided information through encryption, access control, secure backup, ongoing monitoring, and robust logging. PagerDuty ensures that third–party service providers meet its security requirements.
PagerDuty’s Cloud Hosting Provider — PagerDuty's Cloud Hosting Provider (AWS) is responsible for safeguarding the infrastructure that runs Operations Cloud services, including hardware, software, networking, and facilities.
Customer responsibility “Security in the Cloud” — Customer responsibility involves configuring and managing their Operations Cloud account, including user identification, authentication, authorization, and using PagerDuty Operations Cloud services. Customers are also responsible for determining and managing data elements entered or transmitted to PagerDuty.
| ✔ | In scope |
| ✔* |
Involves the use/integration with third-party technologies that are not in PagerDuty's control; PagerDuty ensures data is protected utilizing SOC 2 and FedRAMP compliant security / controls until provided to the third-party service provider |
| X | Not in scope |