Cloud Security Customer Resources Cloud Security Customer Resources This KB article provides links to important cloud security resources for ServiceNow customers. We recommend that you bookmark this page for future reference, as it is regularly updated. Resource NameDescriptionNamed Security Contact The ServiceNow Security Organization (SSO) primary point of contact for a company is the named security contact(s) specified by the customer. Named security contacts must be authorized to handle potentially sensitive security matters and must be contactable at all times. ServiceNow strongly advises customers to include both an email distribution list and an individual to meet this requirement. It is critical that the named security contact(s) are always kept up to date. Instructions for updating the named security contact. Shared Responsibility Model Security is a partnership between ServiceNow and the customer, with each party having specific responsibilities. This brief document outlines those responsibilities. Security Best Practices GuideSecurity Best Practices Videos The ServiceNow Security Best Practices Guide provides guidance on key considerations customers should address when securing their ServiceNow instance under the Shared Responsibility Model (Shared Security Model). The Security Best Practices Videos provide an introduction to how to secure a ServiceNow instance to help build the right security framework. Cloud Security White Papers, Guides,and Knowledge Articles This page provides white papers, knowledge articles, guides, and other resources related to the security and privacy of customer data and the ServiceNow AI Platform. ServiceNow Security Videos The ServiceNow Security Videos page provides a collection of informational videos spanning a broad range of topics including: Security Overview, Security Use Cases, ServiceNow Security Center, Security Products, Compliance, and Security Best Practices. ServiceNow Trust Site Visit the ServiceNow Trust site to learn more about our commitment to compliance, security, and privacy. The Trust site also provides information on industry solutions for regulated markets including GDPR and with other resources. Security Knowledge Base The ServiceNow Security Knowledge Base includes articles on customer penetration testing, security advisories, Global Security Support Center (GSSC), Common Vulnerabilities and Exposures (CVE), security compliance, and other security-related resources.*Please ensure that you are signed in to see all available articles. ServiceNow CORE Compliance Portal The CORE Compliance Portal enables ServiceNow customers to quickly find documentation they need to help address their internal audit and vendor assessment requirements related to features of the ServiceNow AI Platform. CORE Compliance Overview video Find out how to access the CORE Compliance Portal here. ServiceNow Security Advisories The ServiceNow Security Advisories page allows customers to learn more about the ServiceNow security posture related to specific security events and CVEs (Common Vulnerabilities and Exposures). These advisories are limited to the scope of the Now Platform and supporting ServiceNow cloud environments. Customer Penetration Testing Policy Customers are permitted to perform one penetration test per calendar year on their own Now Platform instances. Testing scheduling must be pre-approved and conducted at a date and time agreed upon by ServiceNow and the customer. Pre-approval is necessary for ServiceNow to continue monitoring activities and to differentiate potential attacks from authorized customer testing. As a condition of testing, customers are required to share the validated steps to reproduce any finding with ServiceNow in accordance with the customer penetration testing policy. Reporting Security Incidents, Concerns, and Findings Customer security incidents, concerns, and findings are reported via ServiceNow Support. Please follow the instructions found in the article here.