Security at PagerDuty

Security is a top priority for PagerDuty. We understand that your PagerDuty account may contain sensitive data regarding your IT operations and we’re very protective of it. This page describes the various security measures we take to protect your data.

Reporting a Security Concern

If you have a security-related concern or wish to disclose a vulnerability, please visit our responsible disclosure page for details on how to submit a report.


PagerDuty has successfully completed a SOC 2 Type 2 examination for our On-Call Management Platform and Event Intelligence Services. The SOC 2 report provides assurance to our customers that we have designed effective security controls as defined by the SOC 2 standards set forth by the American Institute of Certified Public Accountants (AICPA). A copy of the report is available under NDA. Please reach out to to request a copy.

Physical Security

PagerDuty uses ISO 27001 and FedRAMP certified data centers. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state-of-the-art intrusion detection systems, biometric locks, and other electronic means. Only authorized personnel have access to the data centers.


System and Software Security

The PagerDuty system infrastructure is updated regularly with the latest security patches. All of our servers run hardened, patched operating systems.

We employ an internal team of engineers to keep our software and its dependencies up-to-date, eliminating potential security vulnerabilities. This team carefully audits and tests all software components that affect the overall security of the system.


All communications with PagerDuty via our web application or APIs are transmitted over TLS connections.

Data encryption

Perimeter Security

As well as utilizing the firewall controls available via our cloud providers, we also employ custom firewalls on every server to block unauthorized system access. Additionally, we utilize continuous port scanning to immediately detect any potential misconfigurations within our infrastructure.

custom firewalls

Data Security and Backups

All customer data is written to multiple disks instantly in multiple geographically distinct data centers. We use a minimum of three different data centers to store all customer data.

We back up customer data on a daily basis to an offsite location.

Employee Access

All employees have signed non-disclosure agreements with PagerDuty. Employees will not change configurations on your account without you first being notified. We strive to pre-announce any changes to the system that will affect your use in any way.

Employee access to our infrastructure is strictly limited to engineers who require such access in order to maintain the stability and efficiency of our systems. Access is based upon the principle of least privilege, and requires the use of two-factor authentication. All access attempts are logged, and multiple failed attempts will cause the relevant users to be locked out.

Payment Processing

Our payment processor, Braintree, is a validated Level 1 PCI DSS Compliant Service Provider. Additionally, they are on Visa’s Global Compliant Provider List and MasterCard’s SDP List. They conduct regular automated vulnerability scans and have extended external penetration testing conducted by outside sources.

Additional Information

For more information on security at PagerDuty, read our latest security white paper.

If you have any additional concerns, please feel free to reach out to with any questions.