Security at PagerDuty

Reporting a Security Concern

If you have a security-related concern or wish to disclose a vulnerability, please visit our responsible disclosure page for details on how to submit a report.

Security Whitepaper

Check out the PagerDuty Security Whitepaper to get detailed information on our security program and processes and technologies around cloud & network infrastructure, monitoring & incident response, risk management, physical security, disaster recovery, data protection, and third-party security.

Request access to the whitepaper →

FedRAMP® "In Process" Designation

PagerDuty has been approved for "In Process" status within the Federal Risk and Authorization Management Program (FedRAMP®) Marketplace. This milestone puts PagerDuty closer to receiving FedRAMP® Authority to Operate for PagerDuty Operations Cloud.

Read more details about our FedRAMP® "In Process" Designation →

FedRAMP logo

CSA Star

PagerDuty annually self-certifies to the Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR) Program, found here.

SOC 2 Certification

PagerDuty has successfully completed a SOC 2 Type II examination for our On-Call Management Platform and Event Intelligence Services. The SOC 2 report provides assurance that we have designed effective security controls as defined by the SOC 2 standards set forth by the American Institute of Certified Public Accountants (AICPA).

Request a copy of the PagerDuty SOC 2 Type 2 Report →

SOC Logo

Third-Party Hosting Providers

PagerDuty uses state-of-the-art certified data centers. All data centers comply within leading security practices and frameworks, including SOC 2, ISO 27001, and PCI DSS. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, biometric locks, and other electronic means. Only authorized personnel have access to the data centers.

Payment Processing

Our payment processor, Braintree, is a validated Level 1 PCI DSS Compliant Service Provider. Additionally, they are on Visa’s Global Compliant Provider List and MasterCard’s SDP List. They conduct regular automated vulnerability scans and have extended external penetration testing conducted by outside sources.

Security Training

All PagerDuty employees and contractors attend mandatory Information Security Training during the on-boarding process, as well as annual training thereafter. Training is tracked and monitored and compliance is represented within PagerDuty’s SOC 2 report. The PagerDuty Security Team offers an open-sourced version of the Security Training deck, which can be found here: https://sudo.pagerduty.com/

Incident Management

PagerDuty maintains multiple monitoring systems to detect and alert on incidents. Incident severity is classified based on customer impact and duration of incident. Documentation on PagerDuty's Incident Response and Security Incident Response processes can be found at https://response.pagerduty.com/. PagerDuty will notify affected customers of any security incident which involves customer data without undue delay, and per legal and contractual requirements.

PagerDuty Copilot Security FAQ

Manage mission-critical tasks smarter and faster with generative AI for critical operations work. The FAQ answers common security questions for PagerDuty Copilot.

Additional Information

If you have any additional concerns, please feel free to reach out to support@pagerduty.com with any questions.