Security

At PagerDuty Workflow Automation, we combine a thorough security framework, internal and external audits, and appropriately trained employees to ensure that your data is protected. Please see below for an overview of the security controls, procedures and support we have in place.

Control environment

PagerDuty Workflow Automation maintains SOC 2 Type 2 and HIPAA attestation examinations, performed annually by an independent CPA firm
We undergo quarterly third party penetration testing to help ensure the security of our platform
We have a dedicated compliance team that implements and monitors security-related controls
The PagerDuty Workflow Automation security framework consists of policies, procedures and controls that align to SOC 2, HIPAA, and GDPR requirements
We utilize a third-party, cloud-based data center, which maintains network architecture and data layer controls that meet the requirements of the most security-sensitive organizations. The data center has several security-related certifications, including ISO 27001, SOC 2, FedRAMP, HIPAA, NIST, and several others
Our employees attend security awareness training, and are required to adhere to our code of conduct
Annual risk assessments are performed to ensure we are addressing current as well as emerging risks
We follow change management procedures for all changes to the organization and the PagerDuty Workflow Automation platform

Physical security

Our data centers also have controls in place to protect from man-made and natural security risks. Controls are in place at the perimeter, infrastructure, and environmental layers to ensure strong physical protection, and are audited per the security certifications listed above
Our offices are secured with keycards, automatic locks, alarms and security cameras

Application and network security

We have a dedicated QA department that tests all new features before release
Our testing and staging environments are separate from the production environment, and no actual customer data is ever used for testing
We have automated vulnerability scans that run at regular intervals
We engage a third party auditor to perform quarterly penetration testing
We have automated monitoring, logging, and system alerts
We control logical system access, and review regularly

Encryption

Customer data is encrypted in transit and at rest, and within the database

Availability

We perform regular backups of customer data
We have documented incident response and disaster recovery procedures and dedicated response teams

Other product security features

Our customers have the option to use single sign-on (SSO) for their teams
Access and privileges in PagerDuty Workflow Automation are governed by role, as we provide different levels of user permissions, including “admin,” based on the type of access required
Customers can mark sensitive data as “confidential” to ensure that only approved members of their teams can see certain information or processes

We have several policies and controls that address GDPR requirements. The controls include areas such as options for opt-in/opt out of communications, procedures surrounding data retention, data breach procedures, DPIA (Data Protection Impact Assessment) procedures, procedures related to subcontractors, as well as ensuring the proper treatment of individual’s rights and subject access requests. This new regulation will help enhance the security surrounding the personal data of all PagerDuty Workflow Automation customers.

See more on GDPR and contact us for any GDPR-related inquiries below.

What choices and rights do I have?

If you are a PagerDuty Workflow Automation user and provide us with your personal information, you have several rights with respect to that information. Upon request, PagerDuty Workflow Automation will provide customers and users with information about the type of data processed, including personal information. An individual who wishes to access, review, correct, amend, request, or delete data should contact PagerDuty Workflow Automation and we will ensure the request is fulfilled. As we are a data processor, we may need to communicate with the data controller to fulfill requests. Data controllers who wish to exercise their right of data portability may also do so here. We will respond to requests within 30 days.

How do I submit a Subject Access Request (SAR)?

You may submit requests here: Submit a Subject Access Request (SAR)

How do I opt out of communications?

You may unsubscribe from PagerDuty Workflow Automation communications by clicking on the “unsubscribe” link located on the bottom of our emails, or by clicking here: Opt-out of our communications

Note that opting out of communications may prevent you from learning about new PagerDuty Workflow Automation features, and that customer and users cannot opt out of receiving service or transactional emails related to their PagerDuty Workflow Automation account.

How do I opt in (or back in) to communications?

You may subscribe to PagerDuty Workflow Automation communications by clicking here: Sign up (opt-in) to receive our communications

How long do we keep customer information?

We will retain the personal data we process on behalf of our customers for as long as needed to provide services to our customer. PagerDuty Workflow Automation will retain the personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Does PagerDuty Workflow Automation use any third parties?

We use third parties to provide some functionality and integrations within the PagerDuty Workflow Automation platform. You have the choice to choose which of these features and integrations to use.

Contact PagerDuty Workflow Automation

If you have any security related questions, concerns, or comments, please contact us using one of the links below.

For any other questions, contact us at support@pagerduty.com.

Thanks for your feedback

We update the Help Center daily, so expect changes soon.

Link Copied

Paste this URL anywhere to link straight to the section.