Overview
This page holds specific information about the security of our ServiceNow instances.
Background Security Information and Key Points
ServiceNow's detailed security policy and practice information can be found within multiple documents on this site: https://www.servicenow.com/company/trust.html.
Location and Data Transit
- All nodes housing our data are located in the United States, between San Jose, CA and Culpeper, VA.
- All data is transferred exclusively over HTTPS, meaning that the data-in-transit is encrypted. This is also true of any data transferred from the on-premises MID server to the Now Platform. VPN tunnels are used between any instances, data centers, or company access.
External Access to Data
- Occasionally, ServiceNow employees may be required to access a customer’s instance in order to provide support. This is done on an incidental, per event basis, and not every customer support event will require access to customer data. Access to a customer’s instance where absolutely necessary takes place via a strictly controlled process.
- Only members of ServiceNow’s support organization that have been specifically assigned to an active incident can be granted access, and that access is granted on a just-in-time basis. Additionally, customers may specify that their explicit authorization is also required when that access is requested.
- Access can only be gained via a VPN that requires two-factor authentication, initiated from a physical ServiceNow owned device, which has a ServiceNow digital certificate installed.
Auditing and Logging
- Most activities within an instance can be recorded in an audit log. The logs are able to capture each time a particular record is created, edited, or viewed by someone in the system.
Record Privacy in the System