Cloud Security White Papers, Articles, Guides, and More - Security

Cloud Security White Papers, Articles, Guides, and More Cloud Security white papers, guides, and more A selection of resources related to the security and privacy of customer data and the ServiceNow AI Platform.

Key resources ServiceNow Security videos Video collection with a security overview, use cases, ServiceNow Security Center (SSC), security products, compliance, and security best practices .

Security videos g Cloud Security Customer Resources Find more resources including data privacy and GDPR information, the ServiceNow Trust site, customer penetration testing, ServiceNow Security Advisories, the Security Knowledge Base, and more.

Cloud Security Customer Resources g CORE Compliance Portal CORE Compliance Portal Directory Some of the links below require access to the ServiceNow CORE Compliance Portal.

The CORE Compliance Portal enables customers to quickly find documentation needed to address their internal audit, and vendor assessment requirements.

How to access CORE g Video: CORE Compliance Portal This video explains how to navigate the CORE Compliance Portal and what resources are available to help you self-serve information.

Video: CORE Compliance Portal g Identifying your ServiceNow admin Your ServiceNow customer administrator can provision access to the CORE Compliance Portal on behalf of your company.

How to identify your ServiceNow admin g Security White Papers Securing the ServiceNow AI Platform A comprehensive overview of the physical, administrative, and technical controls in place to secure the ServiceNow AI Platform, and how they combine to protect our customers' data. There are also non-English translations available.

Shared Responsibility Model Security is a partnership between ServiceNow and the customer, both with specific responsibilities. Use this model to see which party is responsible for implementing security features and controls.

ServiceNow Security Best Practices Guide This document provides guidance on key considerations customers should address when securing their ServiceNow instance under the ServiceNow Shared Responsibility Model.

Advanced High Availability (AHA) Architecture This white paper describes the Advanced High Availability (AHA) capabilities of the ServiceNow AI Platform, including data center pairs, multi-instance architecture, and backup and recovery.

Responsible AI: How ServiceNow is committed to developing and delivering responsible AI solutions Developing responsible AI is essential to ensure that the significant benefits promised by AI are realized, while mitigating the associated risks by offering AI capabilities that are unbiased, truthful, secure, and—critically—do no harm.

AI Security and Data Handling Controls in the ServiceNow AI Platform As AI adoption accelerates, security and governance can't be an afterthought. This white paper details how the ServiceNow AI Platform treats AI security, privacy, and governance as foundational—not bolted-on—capabilities. It covers data handling controls, data residency and processing infrastructure, AI Control Tower for enterprise-wide governance, and product-specific protections across Now Assist, Moveworks, and Veza from ServiceNow.

Data Encryption on the ServiceNow AI Platform Data Encryption on the ServiceNow AI Platform Because each customer has unique security and compliance requirements, ServiceNow offers a comprehensive range of encryption solutions, ensuring customers can configure data protection to meet their needs.

Securing Your ServiceNow Mobile Workflows This document outlines the mobile security capabilities of the ServiceNow AI Platform and provides guidance for securely managing mobile workflows. It also highlights key app security features—such as encryption, OAuth, MDM/MAM support, Zero Trust Access, and data protection—along with a readiness checklist and deployment guidance.

ServiceNow AI Platform on Hyperscaler The ServiceNow AI Platform on Hyperscaler architecture allows customers to integrate an instance with third-party cloud provider products including Azure, AWS, and GCP.

Industry and market specific white papers ServiceNow GCC (Government Community Cloud) and FedRAMP This document outlines the security and privacy controls available for government agencies and other organizations using the ServiceNow Government Community Cloud (GCC) that need to meet the U.S. government’s Federal Risk and Authorization Management Program (FedRAMP) requirements.

ServiceNow HIPAA Security Controls This document is intended to help ServiceNow customers understand the security controls available within the ServiceNow AI Platform to address the security and privacy requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and related laws and regulations.

ServiceNow: A Secure Platform for Financial Services This paper explores common concerns and challenges faced by financial services institutions and how ServiceNow mitigates these risks to safeguard sensitive customer data stored on ServiceNow instances.

Critical Information Protection for US Utilities This document outlines the numerous regulations governing technology, cybersecurity, safety, and privacy required for utilities, nuclear facilities, and organizations with pipeline infrastructure in the United States and how ServiceNow addresses these regulations.

ServiceNow Protected Platform Australia (SPP AU) This information security overview details the ServiceNow specialized cloud offering for Australian government agencies and highly regulated industries. It covers the platform's in-country data residency architecture hosted in Microsoft Azure data centers, compliance with Australia's PSPF and ISM standards, encryption and access controls, technical support provisions, and key differences from the standard ServiceNow cloud.

ServiceNow Protected Platform for the European Union (SPP EU) This information security overview explains how SPP EU gives organizations enhanced control over EU data residency by restricting personal data transfers outside the EU through contractual commitments, technical access controls, and geofencing. It covers the opt-in process, data scope, defined exceptions, EU-restricted staff access (including Break Glass procedures), backup and encryption practices, relevant certifications, and alignment with GDPR, DORA, and NIS2 — all built on the existing standard ServiceNow cloud security foundation.

ServiceNow Protected Platform for Singapore (SPP SG) The ServiceNow Protected Platform Singapore (SPP SG) Information security overview details how ServiceNow delivers a sovereign, in-country cloud environment for Singapore's public sector and highly regulated industries. Hosted exclusively on Microsoft Azure data centers within Singapore and certified to MTCS Level 3, SPP SG meets strict local data residency requirements while maintaining the scalability and resilience of the standard ServiceNow platform. The white paper covers the shared responsibility model, data residency architecture, Advanced High Availability (AHA), access controls, encryption, and a comparison between SPP SG and the standard ServiceNow cloud.

ServiceNow Security for the UK Public Sector This white paper explains how the ServiceNow AI Platform supports UK public sector organisations in meeting the UK Government's 'Cloud First' policy by aligning with NCSC guidance on 'Using SaaS Securely' and the 14 Cloud Security Principles. It addresses key security topics, including data protection, access control, identity and authentication, incident response, and operational security, while demonstrating how the ServiceNow architecture and certifications make it a trusted platform for handling OFFICIAL and OFFICIAL-SENSITIVE government data.

Other Resources ServiceNow Trust Site Learn about the ServiceNow commitment to compliance, security, and privacy. Includes industry solutions and GDPR information.

ServiceNow Customer Security Portal This portal provides transparency into the ServiceNow security program by providing access to compliance certifications and attestations, security advisories, notifications, ServiceNow CVEs, instance security best practices, and SOC reports.

How to Secure your instance Learn how to ensure that your instance meets security hardening requirements using instructions from theServiceNow Documentation site.

Legal Obligations: Contractual Addendums This page covers the different contractual addendums including the Data Security Addendum (DSA), Data Processing Addendum (DPA), and other legal customer agreements.

> Knowledge Base (KB) Articles, Guides, and Information Web Application Firewall in the ServiceNow AI Platform This article explains why ServiceNow does not offer direct Web Application Firewall (WAF) capabilities within the ServiceNow AI Platform and provides an overview of the compensating security controls available to customers within the platform and a customer instance.

Email Spam Scoring and Filtering KB An overview of SPAM filtering settings and configuration.

Secure Coding Guide This article provides assistance and information on how to create and modify code on a ServiceNow instance.

ServiceNow Security Advisories Landing Page Learn more about the ServiceNow security posture for specific events and common vulnerabilities and exposures. Individuals without a ServiceNow Support account, visit the public Customer Security Portal Advisories .

Customer Penetration Testing Process Overview Customers may perform one pen test per year on their instance. Pre-approval required; findings must be shared with ServiceNow.

How to Report Security Incidents and Security Findings to ServiceNow Report security incidents, concerns, and findings via ServiceNow Support. Learn the difference between findings, vulnerabilities, etc.