Information Privacy and Security

Security Practices

Privacy and security of information is a priority for PagerDuty. We implement well-defined practices to identify and address vulnerabilities. We demonstrate our commitment to security, data protection and compliance through internal and external security scans and testing, policy updates and new hire and annual employee security awareness training and additional role-based security training. We also conduct a third-party led audit and have obtained certification, including SOC2 Type II and National Institute of Standards and Technology (NIST) 800-53 revision 4 controls Low Impact baseline controls as part of our FedRAMP Low Impact authorization activities for services in scope. 

Governance

PagerDuty’s Chief Technology Officer is responsible for, and oversees, information security at the company, including data privacy and protection. The Audit Committee of the Board oversees risks associated with cybersecurity, information security and data privacy. Through regular updates from management, the Audit Committee reviews PagerDuty’s information security programs and the company’s assessment, management and mitigation of related risks.

Read more about our approach to security, including our security certifications, at www.pagerduty.com/security.

Cybersecurity Incident Monitoring and Reporting

We maintain a variety of monitoring systems to detect and alert us to suspicious or abnormal events as well as incident response processes to properly investigate and remediate incidents. Security incidents are managed following the detect, respond and recover phases in our Security Incident Response processes and Operational Incident Response processes.

Read more about our Operational Incident Response processes at response.pagerduty.com.

FedRAMP®

The Federal Risk and Authorization Management Program (FedRAMP) is a standardized U.S. government-wide security and compliance program that certifies information security programs for the secure use of cloud services by the federal government. We have completed audits led by our third-party auditor and our FedRAMP sponsor and have moved to FedRAMP “In Process” status. Read more about our FedRAMP “In Process” milestone.