We deliver acute application security functions focused on user authentication, access control and auditing.   Service-now.com is a user-based system governed by encrypted password protection, role-based security and contextual security.  Each interaction with the system is logged for auditing purposes. 

Authentication

Service-now.com is a fully password protected, encrypted system.   Our belief is that our authentication policies should be configurable and able to meet your corporate security guidelines.  We leave it up to our customers to define password length, character types, and change frequency.  Users access Service-now.com only with a valid username and password combination which is SSL-encrypted while in transmission.  An encrypted session ID cookie is used to uniquely identify each user.  Passwords are encrypted using the Secure Hash Standard (SHS) described in FIPS PUB 180-1.  SHS is a one-way encryption algorithm, which means that once encrypted, the clear text password is no longer available.  Click here for more information on FIPS. 

Access Control

Service-now.com is widely adopted within our customer base for all facets of IT service Management.  Many of our customers have extended Service-now.com to support HR, Facilities, and Finance business processes.  This wide adoption of our solution set within our customer environments means that many different people with many different roles are using the system.  Service-now.com provides extensive role-based security and contextual security to ensure users are presented the tools and information they need to do their job while setting limits to what they can and cannot do within the system.

Role-based Security
Service-now.com is a user-based system governed by role-based security.  User authentication is coupled with granular role-based security to control functionality and views available to users. 

Although we have defined a number of pre-configured roles within Service-now.com, our customers have many personnel types and roles that are unique to their operations.  We provide extensive facilities to allow our customers to create an unlimited number of unique, secured roles. 

Contextual Security
In addition to password authentication and role-based security, Service-now.com delivers a deeper level of system access control - contextual security.  Our contextual security manager uses a number of parameters to secure records based on contents and apply security rules to any level in our object hierarchy. 

Audit

Each customer instance of Service-now.com automatically maintains an auditable log of all interactions with the system, including login attempts.  Service-now.com operations team reviews log files for invalid login attempts and file permission changes on a daily basis.  Our customers also have access to these same log files for auditing purposes.