2. Apply patches to your instance. ServiceNow gives its customers the flexibility to apply patches at their discretion to allow for any impact to functionality, but patches should be applied as quickly after their release as possible. The Patching Program schedules patches in intervals throughout the year to make sure that your instance is up-to-date with the latest security, performance, and availability requirements. ServiceNow supports the current release (N) and the most recent previous release (N-1). If you are on a version earlier than N-1 you are putting your instance at risk, as older versions are unsupported. Instances on versions earlier than (N-1) must upgrade, or ServiceNow will initiate a forced upgrade.

3. As discussed above, ServiceNow allows customers to perform an annual penetration test. Plan your penetration test by following the procedure outlined here. Because we allow all of our customers to perform a penetration test, this is equivalent to a crowd penetration test that helps improve the Now Platform at rapid scale! Of course, ServiceNow also has an internal functional penetration testing program, as well as a third party penetration testing program. Because we encourage our customers to continually innovate with ServiceNow, functional testing is always available. This enables customers to test their integrations with ServiceNow without performing a full penetration test. This can be done continuously, not just once per year: See "simulated testing methods"

4. Communication between ServiceNow's security team and our customers' security teams is important to make sure any major security-related information can be disseminated quickly and efficiently. To that end, please make sure there is a designated security contact for your company listed in NOW Support here.

5. Monitor your instance regularly using Instance Security Center— review system logs and restrict admin accounts. Admin related events and and other security events can be tracked automatically in your Instance Security Dashboard Enjoy ServiceNow securely and please do not hesitate to pass along your feedback on any topics, concerns, or questions regarding ServiceNow Platform Security.

Did these resources help to answer some of your ServiceNow platform security questions? Comment below!

Labels:

• Multiple Versions
• Platform and Cloud Security