Pegasystems Limited

Pegasystems Cloud Software - Proof of Value

This ‘proof of value’ offering allows customers to trial Pega products. Pega is #1 for customer engagement and digital process automation (DPA) software including Case Management and BPM, real-time customer decisioning, artificial and workforce intelligence, and RDA/RPA. The no-code solutions support digital automation agendas and transform constituent engagement.


  • Ability to trial the Pegasystems market leading software.
  • Digital transformation using dynamic case management, BPM and Rules Engine.
  • Industry leading CRM for 1-1 citizen engagement through multiple channels.
  • #1 unified agile platform with journey centric, model-driven, zero-code configuration.
  • Software that writes your software. Patented ‘Build for Change’ technology.
  • Designed for maximizing re-use and multiple systems integration.
  • Wrap, renew, configure - delivering journey centric, citizen focused, solutions.
  • Best-in-class process automation, work management and workforce intelligence.decisioning
  • End to end robotic automation reducing cost and improving service.
  • Real time, omni-channel Artificial Intelligence using context sensitive decisioning.


  • Fixed price and rapid time to proof of value (PoV).
  • Accelerate the rapid low-risk transformation to digital government.
  • Maximised automation across silos and effective guidance of users.
  • Optimised end-to-end customer journeys / experience through AI and robotics.
  • Deliver applications 12X faster than coding, faster time to value.
  • Dashboards and reports to monitor KPIs, manage work and SLAs.
  • Scalable, reliable, resilient and conforms to GDS Design Principles.
  • Easily integrates into legacy estates, orchestrating and exploiting existing investments.
  • Ability to deliver higher quality, lower cost, more reliable solutions.
  • Differentiated no-code solutions with lower total cost of ownership.


£7500.00 to £11250.00 per licence per month

Service documents

G-Cloud 11


Pegasystems Limited

Simon Haydn-Lee

+44 (0) 7929 364629

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Pega Live Data provides a data virtualization layer so you can quickly and easily define the data models required to build your applications and how they’re connected to any back-end systems. You can then access that data on-demand in your live application without re-configuring where the data is stored.
Cloud deployment model Private cloud
Service constraints Pega Cloud G-Cloud Customers can be deployed in the Amazon EU-Ireland / UK Region. Within this geographic zone Pega Cloud environments are deployed into multiple availability zones. Environments also then have the following further resiliency services applied:
• Backups of all environments on an ongoing basis
• Synchronous multi-availability zone database replication and load balancing delivering an RPO of approximately 1 minute and RTO of approximately 4 minutes
Production environments are provided with a 99.95% availability SLA. For each customer Pega provides purpose-built infrastructure dedicated to that customer within a dedicated virtual private cloud.
System requirements
  • Responsible for any Platform and or Application configuration and data.
  • The following are provided as part of the standard service:
  • Pega software licenses, Pega cloud systems and full Operations/Engineering.
  • A dedicated (single-tenant) virtual private cloud for each customer.
  • Networking and security services supporting integration with back office systems.
  • Optimized application servers and database environment for Pega.
  • All infrastructure patching and system maintenance.
  • Database management services.
  • Full active environment monitoring.
  • Network and systems access monitoring.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Pega Cloud does not provide direct support to end users. The customer would be expected to provide this capability. Pega Cloud allows for 10 named users to contact the Pega Cloud Service Desk.

For details of the Pega Cloud Service Support please refer to
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 A
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support No
Support levels Pega Cloud Subscriptions include Pega Premium Support. Please refer to for more details.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Pega is able to provide its customers with a comprehensive package of support made up of two principle components.

1) Enablement
2) Professional Services.

Enablement is provide through a combination of computer based and class room training, which can be delivered on site. Client staff are able to take part in a variety of learning paths focused on different roles and confirm their progress through industry recognised certifications. Pega also provides professional services in support of a clients delivery efforts so that, particularly in the early stages of a project, they have the technical skills needed to deliver the project.

Pega is of course also fully documented, the software is delivered with full online help but in addition clients have access to the PDN (Pega Discovery Network), a web based community of Pega professionals. This is an invaluable resource to most projects containing a huge catalogue of documentation and providing opportunities for cross industry and country collaboration.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Clients have two options the first of which is to extract the data from Pega’s working database. Pega’s cloud offering utilises a standard relational database making this a relatively simply task.

The second approach is to never hold such data in Pega in the first place. Where a client requires this approach Pega will support the use of data separation techniques to allow the client to maintain their data in a data store of their choice.
End-of-contract process Pega Cloud will support the customer in removing their applications and data. This process will be completed within 14 days of contract termination.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Our solutions automatically render to fit to the size of screen of the device that they are being used on. They are built requiring no additional modifications. Our apps are 8 x quicker to deploy on mobile than Java Enterprise built applications.
Service interface Yes
Description of service interface Details of the Pega Platform interface can be found at: Pega has been shown to comply with UK public sector and wider international accessibility standards in a number of UK public sector organisations and many international ones, both in the US (Watson Institute), Australia and on continental Europe. Pega offers flexible application configuration so that the accessibility standards that a client chooses are really simply design and configuration decisions within the product. In this way Pega is successfully able to work within the accessibility requirements of most organisations, whatever they may be.
Accessibility standards WCAG 2.1 A
Accessibility testing Extensive work has been performed with the Watson Institute in the USA to ensure the user interface can comply with the needs of the disabled.
What users can and can't do using the API The Pega API allows users to trigger the execution of Pega rules from 3rd party applications and systems. Every capability of the Pega application platform is contained within rules and so clients have access to any capability that they have configured within their rule sets. In addition to an API, Pega rules can also be exposed as web services if a client finds that more convenient. In either case business login and functions contained within rules of all different types can be called from external 3rd party applications.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Pega solutions, based on the Pega Platform and CRM, can be customised via our 'Directly Capture Objectives' (DCO) software feature. This allows business users and I.T. staff to customise the solution through a shared visual model that also automatically generates the documentation to accompany the changes.

DCO dramatically increases both the speed and accuracy with which applications are delivered and it also helps better engage with business in their enterprise projects.

DCO has two functions, one is to increase the speed of configuration and the second is empower users to collaborate with IT staff in the configuration of Pega based solutions. Technically nothing is out of bounds, with organisations able to make their own decisions about what users can and cannot customise.


Independence of resources In order to guarantee users aren't affected by demands of other users Pega Cloud is a single tenant environment.


Service usage metrics Yes
Metrics types Pega includes a wealth of service metric reporting functions. The software includes a series of 'out of the box' reports and through Pega Report Creator customised reports can be built and deployed for individual or scheduled, repeated use. Reports can be viewed 'real time' via a browser or can be scheduled to be sent to individual or group e-mail addresses as PDF or excel attachments.
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Pega takes a completely open approach to data export allowing clients to utilise a variety of data export techniques ranging from file generation to formats such as Excel, delimited and pdf to REST and SOAP web service integration. Database integrations are also fully supported enabling clients to share data via JDBC connections and Pega’s BIX (Business Intelligence Exchange) data transfer capability. The fundamental point is that Pega will support a client in their data export needs using whatever technique the client would prefer.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • PDF
  • Excel
  • Word
  • Tab
  • XML
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • XML
  • Excel
  • Tab

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Pega Cloud Production Subscriptions include a 99.95% availability SLA with 10% Service Credits available for failure to meet the SLA in a given month. Please refer to for further information.
Approach to resilience Available on request
Outage reporting The Pega Cloud Service Desk will communicate directly with any customers experiencing an outage via phone and E-Mail .

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication Authentication and authorisation of users is the responsibility of the customer. Pega supports multiple external identity providers as well as SSO.
Access restrictions in management interfaces and support channels Pega operates on a 'best practice' basis operating in line with industry standard. Detail of this can be provided on request.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other
Description of management access authentication Authentication and authorisation of users is the responsibility of the customer. Pega supports multiple external identity providers as well as SSO.

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Schellman & Company, an ANAB and UKAS accredited Certification Body.
ISO/IEC 27001 accreditation date 25/01/2018
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification RSM LLP
PCI DSS accreditation date 11/01/2019
What the PCI DSS doesn’t cover N/A
Other security certifications Yes
Any other security certifications
  • SOC 2 Type 2 report from an independent audit firm.
  • Pega Cloud meets the requirements of the HIPAA/HITECH regulations.
  • EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.
  • Pega Cloud for Government has achieved FedRAMP compliance.
  • Meets accessibility requirements outlined by VPAT, Section 508 standards.

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Pega Cloud has a Written Information Security Program (WISP) that is reviewed on at least an annual basis. The Pega Cloud WISP is designed to meet the requirements of NIST Special Publication 800-53, Revision 4. Pega is ISO/IEC 27001:2013 (“ISO 27001”) certified for information security management supporting infrastructure and services.
Information security policies and processes Pega Cloud has a Written Information Security Program (WISP) that is reviewed on at least an annual basis. The Pega Cloud WISP is designed to meet the requirements of NIST Special Publication 800-53, Revision 4. Pega is ISO/IEC 27001:2013 (“ISO 27001”) certified for information security management supporting infrastructure and services.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Please refer to for details.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Please refer to for details.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Please refer to for details.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Please refer to for details.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £7500.00 to £11250.00 per licence per month
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑