Cloud Security White Papers, Articles, Guides, and Other Resources - Security

Cloud Security White Papers, Articles, Guides, and Other Resources <div style="font-family: Arial, Helvetica, sans-serif; display: flex; align-items: stretch; flex-wrap: nowrap; width: 89%; background-position-x: initial; background-position-y: initial; background-size: initial; background-repeat-x: initial; background-repeat-y: initial; background-origin: initial; background-clip: initial; background-color: #032d42; height: auto; min-height: 90px; padding: 10px 0px 10px 0px;"> Cloud Security white papers, guides, and knowledge articles A selection of resources related to the security and privacy of customer data and the ServiceNow ® AI Platform. ServiceNow Security Videos Check out the series of ServiceNow Security Videos which includes these topics: Security Overview, Security Use Cases, ServiceNow Security Center, Security Products, Compliance, and Security Best Practices.

ServiceNow CORE Compliance Portal Please note that some of the links below go to the ServiceNow CORE Compliance Portal , which is a documentation library supporting customers with a need to assess ServiceNow compliance to specific regulatory requirements, and other standards.

The CORE Compliance Portal enables customers to quickly find documentation needed to address their internal audit, and vendor assessment requirements related features of the ServiceNow AI Platform.

CORE Compliance Portal Video — This video walks through the CORE Compliance Portal and how to use it. CORE Directory — The CORE directory groups certifications, SOPs, and ServiceNow documentation by category. Identifying your Customer Administrator — The customer administrator can provision access to CORE on behalf of their company.

Find out how to access the ServiceNow CORE Compliance Portal here .

Cloud Security Customer Resources Find more information including data privacy and GDPR information, the ServiceNow Trust site, customer penetration testing, ServiceNow Security Advisories, the Security Knowledge Base, and more on our main page Cloud Security Customer Resources .

Security White Papers White Paper Name Description Securing the ServiceNow AI Platform

A comprehensive overview of the physical, administrative, and technical controls in place to secure the ServiceNow AI Platform, and how they combine to protect our customers' data. There are also non-English translations available.

Shared Responsibility Model Security is a partnership between ServiceNow and the customer, both with specific responsibilities. This document helps each party understand their role in this partnership. Advanced High Availability Architecture This white paper describes the Advanced High Availability (AHA) capabilities of the ServiceNow AI Platform, including data center pairs, multi-instance architecture, and backup and recovery. ServiceNow Security Best Practices Guide This document provides guidance on key considerations customers should address when securing their ServiceNow instance under the ServiceNow Shared Responsibility Model.

ServiceNow AI Platform on Hyperscaler The ServiceNow AI Platform on Hyperscaler architecture allows customers to integrate an instance with third-party cloud provider products including Azure, AWS, and GCP. Responsible AI Developing responsible AI is essential to ensure that the significant benefits promised by AI are realized, while mitigating the associated risks by offering AI capabilities that are unbiased, truthful, secure, and — critically — do no harm.

Industry and Market Specific White Papers White Paper Name Description ServiceNow GCC (Government Community Cloud) and FedRAMP This document outlines the security and privacy controls available for government agencies and other organizations using the ServiceNow Government Community Cloud (GCC) that need to meet the U.S. government’s Federal Risk and Authorization Management Program (FedRAMP) requirements. ServiceNow HIPAA Security Controls This document is intended to help ServiceNow customers understand the security controls available within the ServiceNow AI Platform to address the security and privacy requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and related laws and regulations. Critical Information Protection for US Utilities This document outlines the numerous regulations governing technology, cybersecurity, safety, and privacy required for utilities, nuclear facilities, and organizations with pipeline infrastructure in the United States and how ServiceNow addresses these regulations. ServiceNow Protected Platform (SPP) Australia Australian government, public sector, finance, and healthcare organizations are subject to stringent data security regulations, which often require strict controls over data residency, support provision, and other criteria. This document examines how ServiceNow addresses the data residency needs of customers in Australia from regulated sectors and lays out any variations from the standard Commercial Cloud offering. ServiceNow Protected Platform (SPP) for the EU EU government, public sector, finance, and healthcare organizations are subject to stringent data security regulations, which often require strict controls over data residency, support provision, and other criteria. This document examines how ServiceNow addresses the data residency needs of customers in the EU from regulated sectors and lays out any variations from the standard Commercial Cloud offering. ServiceNow Protected Platform for Singapore (SPP SG) Singapore government, public sector, finance, and healthcare organizations are subject to stringent data security regulations, which often require strict controls over data residency, support provision, and other criteria. This document examines how ServiceNow addresses the data residency needs of customers in Singapore from regulated sectors and lays out any variations from the standard Commercial Cloud offering. ServiceNow Security for Financial Services This paper explores common concerns and challenges faced by financial services institutions and how ServiceNow mitigates these risks to safeguard sensitive customer data stored on ServiceNow instances. ServiceNow Security for the UK Public Sector This document is intended for use by UK public sector prospects considering adoption of the ServiceNow AI Platform and how ServiceNow supports the UK Government ‘Cloud First Policy’.

Other Resources Resource Name Description ServiceNow Customer Security Portal This portal provides transparency into the ServiceNow security program by providing access to compliance certifications and attestations, security advisories, notifications, ServiceNow CVEs, instance security best practices, and SOC reports. ServiceNow Trust Site The ServiceNow Trust Site contains security, privacy, and compliance information. ServiceNow Security Videos Learn more about ServiceNow Security in this series of videos that include security use cases, ServiceNow Security Center (SSC), security products, compliance, and security best practices.

ServiceNow Instance Hardening: Customer Security Document Learn about how to ensure that your instance meets security hardening requirements. Legal Obligations: Contractual Addendums This page covers the different contractual addendums including the Data Security Addendum (DSA), Data Processing Addendum (DPA), and other legal customer agreements.

Knowledge Base (KB) Articles, Guides, and Information KB Name Description Email Spam Scoring and Filtering KB An overview of SPAM filtering settings and configuration. Secure Coding Guide This article provides assistance and information on how to create and modify code on a ServiceNow instance. ServiceNow Security Advisories Landing Page Learn more about ServiceNow security advisories.

Customer Penetration Testing Process Overview Customers can learn how to perform their own penetration test. How to Report Security Incidents and Security Findings to ServiceNow If a security issue, concern, or weakness is discovered, this page will guide you through the process of submitting a security finding.