We deploy governance strategies designed to ensure customer privacy, meet auditing standards including SAS-70 Type II, and help support regulation initiatives.

Privacy

Privacy on the Service-now.com website is of great importance to us. Because we gather important information from our visitors and customers, we have established this privacy statement as a means to communicate our information gathering and dissemination practices. We reserve the right to change this privacy statement, and we will provide notification of any change at least thirty (30) business days prior to the change taking effect.

The basic tenets of our privacy policy are very straightforward:

• Through the course of doing business with you or your organization, from time to time we may ask for personal information in an effort to better serve your needs.
• We will only collect information that you voluntarily submit to us, such as names, phone numbers and email addresses.
• We will only use your volunteered personal information to more proactively respond to your requests for information regarding our services.
• Service-now.com pledges to guard and protect your personal information as you would, with the respect and security we hope you would have for us. We will never, under any circumstances, sell or share your personal information to a third party, and any data we collect will only be used to facilitate a more responsive relationship between our two organizations

As a California-based corporation, Service-now.com is required to be compliant with California Law 1386 which stipulates that we are required to report any breach or potential breach of customer information.   Additionally, this is standard corporate policy.

SAS 70

Statement on Auditing Standards No. 70 (commonly referred to as SAS 70) is an auditing standard and publication used to evaluate the design and effective operation of provider internal controls.  Service-now.com recognizes SAS 70 as an industry standard.  We offer customers the ability to operate their Service-now.com instance in our SAS 70 Type II certified data centers.
  
Regulations & Governance

There are many regulations that affect our customers in many different verticals including the Sarbanes-Oxley Act (SOX), Gramm-Leach Bliley Act (GLBA), Payment Card Industry (PCI) Data Security Standard (DSS), Health Insurance Portability and Accountability Act (HIPAA).  IT service and asset management applications, like Service-now.com, are not subject to regulatory audits.  These systems do not store or manage financial, health care or credit card data; however they do play a role in maintaining system availability and provide a valuable source for auditing system changes. 

These applications may support the audit process itself in one of three manners: 

• Configuration Management - a Configuration Management Database (CMDB) can identify the financial Business Services and their components that either control or manage financial data
• Change Management - document and verify approvals for, and, any changes made, to a financial Business Service verifying access and data integrity
• Release Management - document and verify approvals for, and, any changes made, to commercial or proprietary software managing financial data