Cloud Security Customer Resources - Security

Cloud Security Customer Resources Cloud Security Customer Resources This KB article provides links to important cloud security resources for ServiceNow customers. We recommend that you bookmark this page for future reference as it is regularly updated. Resource Name Description Named Security Contact The ServiceNow Security Office (SSO)'s primary contact with a company is the named security contact(s) specified by the customer.

Named security contacts must be authorized to deal with potentially sensitive security matters and must be contactable at all times. ServiceNow strongly advises that customers include both an email distribution list and an individual to fulfill this requirement.

Therefore, the named security contact(s) must always be kept up-to-date.

Instructions for updating the named security contact .

Shared Responsibility Model Security is a partnership between ServiceNow and the customer, both with specific responsibilities. This document outlines those responsibilities and provides links to guidance on implementing security features and controls.

Security Best Practices Guide Security Best Practices Video The ServiceNow Security Best Practices Guide provides guidance on key considerations customers should address when securing their Now Platform instance under the Shared Responsibility Model.

The Security Best Practices Video (Security is a Journey, Not a Destination) provides an introduction to how to secure a Now Platform instance to help build the right security framework.

Cloud Security White Papers, Guides, and Knowledge Articles This page provides white papers, knowledge articles, guides, and other resources related to the security and privacy of customer data and the Now Platform.

ServiceNow Security Videos The ServiceNow Security Videos page provides a collection of informational videos spanning a broad range of topics including: Security Overview, Security Use Cases, ServiceNow Security Center, Security Products, Compliance, and Security Best Practices.

ServiceNow Trust Site Visit the ServiceNow Trust site to learn more about our commitment to compliance , security , and privacy . The Trust site also provides information on industry solutions for regulated markets including GDPR and with other resources.

Security Knowledge Base The ServiceNow Security Knowledge Base includes articles on customer penetration testing, security advisories, Global Security Support Center (GSSC), Common Vulnerabilities and Exposures (CVE), security compliance, and other security-related resources.

*Please ensure that you are signed in to see all available articles.

ServiceNow CORE Compliance Portal The CORE Compliance Portal enables ServiceNow customers to quickly find documentation they need to help address their internal audit and vendor assessment requirements related to features of the Now Platform.

CORE Compliance Overview video

Find out how to access the CORE Compliance Portal here .

ServiceNow Security Advisories The ServiceNow Security Advisories page allows customers to learn more about the ServiceNow security posture related to specific security events and CVEs (Common Vulnerabilities and Exposures).

These advisories are limited to the scope of the Now Platform and supporting ServiceNow cloud environments.

How to Request a Penetration Test Customers are permitted to perform one penetration test per calendar year on their own Now Platform instances.

Testing scheduling must be pre-approved and conducted at a date and time agreed upon by ServiceNow and the customer. Pre-approval is necessary for ServiceNow to continue monitoring activities and to differentiate potential attacks from authorized customer testing.

As a condition of testing, customers are required to share the validated steps to reproduce any finding with ServiceNow in accordance with the documented process .

Reporting Security Incidents, Concerns, and Findings Customer security incidents, concerns, and findings are reported via Now Support. Please follow the instructions found in the article here .