Skip to main content

Table of Contents

Compliance with regulatory standards


Only available versions of this content are shown in the dropdown

Regulatory compliance ensures that organizations are aware of and comply with relevant laws, policies, and regulations. Regulatory compliance is when a business follows international and local laws and regulations that are relevant to its operations.

The specific requirements can vary, depending on the industry and type of business. Regulatory compliance also pertains to specific industries. No matter the industry or company size, all businesses must adhere to certain laws and regulations as part of operations.

The specific requirements can also vary depending on the country in which the business operates in. For example, if your company is based in the United States but serves customers in Europe, you must follow the local standards (such as the General Data Protection Regulation) that ensure the rights of your European customers.

Regulatory compliance should not be confused with compliance with company policies and procedures, and compliance with internal requirements set forth by the business. While all three types of compliance are important to ensure integrity, safety, and ethical behavior in businesses, it helps to understand the difference.

Pega clients need to comply with local regulations when developing and managing their applications. For example:

  • A healthcare provider in the United States must keep the Health Insurance Portability and Accountability Act (HIPAA) standards in mind when developing an application, because personal identifiable information must be encrypted to be kept secure and in compliance.
  • A United States-based financial services company that does business in Europe would have to abide by the regulations set forth in the General Data Protection Regulation (GDPR) for their European customers. GDPR regulations need to be considered during development, but also when the application is live, because GDPR gives European customers the right to have their data deleted.

California Consumer Privacy Act - United States regulation

The California Consumer Privacy Act (CCPA) is a state-wide data privacy law that regulates how businesses all over the world are allowed to handle the personal information (PI) of California residents.

For more information, see the official California Consumer Privacy Act website.

Health Insurance Portability and Accountability Act - United States regulation

HIPAA was created primarily to modernize the flow of healthcare information in the United States, stipulate how personally identifiable information is maintained by the healthcare and insurance industries, and address limitations on healthcare insurance coverage. Dominantly, HIPAA provides security provisions and data privacy to keep patients’ medical information safe.

For more information, see the official Health Insurance Portability and Accountability Act website.

Federal Risk and Authorization Management Program - United States regulation

The Federal Risk and Authorization Management Program (FedRAMP) is a United States government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

FedRAMP simplifies security for the digital age by providing a standardized approach to security for the cloud.

For more information, see the official FedRAMP website.
Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us