Security is a top priority for PagerDuty. We understand that your PagerDuty account may contain sensitive data regarding your IT operations and we’re very protective of it.
Reporting Security Problems
If you have a security related concern or need to report an incident, please visit our security response page for details on how to submit a report.
PagerDuty uses ISO 27001 and FISMA certified data centers. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, biometric locks and other electronic means. Only authorized personnel have access to the data center.
System and Software Security
The PagerDuty system infrastructure is updated regularly with the latest security patches. All of our servers run hardened, patched operating systems. We employ dedicated firewalls and VPN services to block unauthorized system access.
We also employ an internal team of software engineers and dev-ops engineers to keep our software and its dependencies up to date eliminating potential security vulnerabilities. This team carefully audits and tests all software components that affect the overall security of the system.
All account-specific data exchanged with PagerDuty is transmitted over SSL. The PagerDuty APIs support both SSL and non-SSL (for legacy systems). Of course, we strongly encourage all API calls be made over SSL.
Data Security and Backups
All customer data is written to multiple disks instantly in multiple disparate data centers. We use a minimum of three different data centers to store all customer data.
We back up customer data on a daily basis to an offsite location.
No PagerDuty employees ever access accounts unless required to for support reasons. Support representatives have all signed Non-Disclosure Agreements with PagerDuty. No changes will happen to your account without you being notified. We strive to pre-announce any changes to the system that will affect your use in any way.
Our payment processor, Braintree, is a validated Level 1 PCI DSS Compliant Service Provider. Additionally, they are on Visa’s Global Compliant Provider List and MasterCard’s SDP List. They conduct regular automated vulnerability scans and have extended external penetration testing conducted by outside sources.
PagerDuty’s infrastructure provider is PCI Level 1 compliant.