Cloud Security White Papers, Articles, Guides, and Other Resources - Security

Cloud Security White Papers, Articles, Guides, and Other Resources <div style="font-family: Arial, Helvetica, sans-serif; display: flex; align-items: stretch; flex-wrap: nowrap; width: 89%; background-position-x: initial; background-position-y: initial; background-size: initial; background-repeat-x: initial; background-repeat-y: initial; background-origin: initial; background-clip: initial; background-color: #032d42; height: auto; min-height: 90px; padding: 10px 0px 10px 0px;"> Cloud Security white papers, guides, and knowledge articles A selection of white papers related to the security and privacy of customer data and the Now Platform. ® Please note that some of the links below go to the ServiceNow CORE Compliance Portal , which is a documentation library supporting customers with a need to assess ServiceNow compliance to specific regulatory requirements, and other standards.

ServiceNow Core Compliance Portal The CORE Compliance Portal enables customers to quickly find documentation needed to address their internal audit, and vendor assessment requirements related features of the Now Platform.

CORE Directory — The CORE directory contains all the CORE content and assets. Identifying your Customer Administrator — This article tells customers how to identify their customer administrator. CORE Compliance Portal Video — This video walks through the CORE Compliance Portal and how to use it. Find out how to access the ServiceNow CORE Compliance Portal here .

Cloud Security Customer Resources Find more information including how-to-guides, data privacy and GDPR information, the ServiceNow Trust site, customer penetration testing, ServiceNow Security Advisories, the Security Knowledge Base, and more on our main page Cloud Security Customer Resources .

ServiceNow White Papers White Paper Name Description Shared Responsibility Model This document outlines the areas of responsibility between the customer and ServiceNow for the main aspects of Now Platform security. Securing the Now Platform This document describes the ServiceNow Security Program across a number of key physical, administrative, and logical security domains. Advanced High Availability Architecture This document provides an overview of a key element in delivering an enterprise-grade cloud service. The unique, multi-instance architecture not only meets but exceeds stringent requirements surrounding data sovereignty, availability, and performance. ServiceNow Security Best Practices Guide The Security Best Practices Guide takes into account the ServiceNow Share Responsibility Model and covers the main areas that should be considered when securing a ServiceNow instance. This document offers starting recommendations for security, and additional settings and options to make a Now Platform instance more secure.

Industry and Market Specific White Papers White Paper Name Description ServiceNow GCC (Government Community Cloud) and FedRAMP This document outlines the U.S. government’s FedRAMP program and then presents information on the ServiceNow offerings in this area in the form of frequently asked questions. ServiceNow HIPAA Security Controls This white paper is intended to help ServiceNow customers understand the security and privacy controls available within the Now Platform® to address the security and privacy requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and related laws and regulations. ServiceNow Protected Platform (SPP) Australia Australian government, public sector, finance, and healthcare organizations are subject to stringent data security regulations, which often require strict controls over data residency, support provision, and other criteria. This document examines how we address the data residency needs of customers in Australia from regulated sectors and lays out any variations from our standard Commercial Cloud offering. ServiceNow Protected Platform (SPP) for the EU This document describes how the ServiceNow Protected Platform for the European Union (“SPP EU”) gives customers and partners even greater control over how their data is processed by ServiceNow and helps them to manage their own data residency requirements or preferences. ServiceNow Security for Financial Services The Financial Services industry operates in a unique business environment with very particular requirements. Providing critical services that handle large volumes of sensitive and valuable data while meeting strict regulations for security and privacy can present significant challenges. ServiceNow Security for the UK Public Sector This document provides an overview of the challenges typically faced by UK public sector and how ServiceNow can be successfully adopted to support the Government’s Cloud First Policy and a detailed point-by-point response to the UK Government National Cyber Security Centre (NCSC)’s ‘Using Software as a Service (SaaS) Securely’ and ‘Cloud Security Principles’.

Security Certification & Attestations, Contract Addendums, Instance Hardening, and Video Stories Resource Name Description Legal Obligations: Contractual Addendums This page covers the different contractual addendums such as DSA, DPA, and CSA. ServiceNow Trust Site The ServiceNow Trust Site includes overviews of certifications, attestations, and security and privacy whitepapers. Security Now on Now Video Stories These videos cover a variety of stories from practitioners and experiences using ServiceNow. ServiceNow Security Videos Learn more about Now Platform Security in this series of videos that include security use cases, ServiceNow Security Center (SSC), security products, compliance, and security best practices. ServiceNow Instance Hardening: Customer Security Document Detailed descriptions and compliance values for the security-related system properties and plugins in the Now Platform are explained in the ServiceNow Instance Hardening: Customer Security Document.

Knowledge Base (KB) Articles, Guides, and Information KB Name Description Email Spam Scoring and Filtering KB Review this link to get an overview of SPAM filtering settings and configuration. Secure Coding Guide Read this article for assistance and information on how to create and modify code on a Now Platform instance. ServiceNow Security Advisories Landing Page Use this landing page to self-serve relevant content about the ServiceNow security posture. Customer Penetration Testing Process Overview Customers can refer to this KB article to learn how to perform their own penetration test. It includes topics such as the purpose, authorization, testing window, and the Service Level Agreement (SLA). How to Report Security Incidents and Security Findings to ServiceNow If a security issue, concern, or weakness is discovered, this page will guide that individual through the process of submitting a security finding. Frequently Asked Security Questions This page addresses frequently asked security questions such as penetration testing and checking the status of a security finding.