We rely on redundant systems and procedures to ensure customer data is protected and available.  Customer data is backed up to geographically separated servers, system access uses encrypted passwords, and health and security are proactively monitored.  Our formal Disaster Recovery and Business Continuity plans are defined and tested. 

Backup & Restore

All customer data is automatically backed up on a nightly basis to a second server and retained for seven days.  The backup is copied to a second data center for disaster recovery purposes.  Data backup and disaster recovery may be arranged at a customer data center upon request.

For large deployments, we offer data replication technology that creates and maintains a second database in near real-time (less than a second latency).  The replication technology also establishes a hot standby server that can switch to primary in a matter of minutes in the event of a physical disaster.

Disaster Recovery

We make every effort to meet our availability SLA of 99.97%.  In the unlikely event that our production center should become unavailable or our development staff determines it is not recoverable, we enact our Disaster Recovery process.

While our Vice President of Operations is responsible for the Disaster Recovery program, Service-now.com senior customer support technicians or development staff contain authority to declare a disaster.  The manager of customer support is responsible for executing the Disaster Recovery plan. Enactment of our Disaster Recovery plan involves notification to development staff for problem resolution purposes as well as our CEO and all members of executive staff.  We practice our Disaster Recovery process once a quarter on non-production systems.  All participators in our Disaster Recovery plan are Service-now.com staff.  We do not use 3rd party vendors or off-shore suppliers in the disaster recovery process.

Once a disaster is declared, customer URLs are redirected to our disaster recovery facility where we launch the DR server using customer data captured during the previous backup.  Affected customers are immediately notified and kept informed of the exact status of the DR process via email and phone support.  Upon restoration of the production server, the customer is moved back to their production server while we make every attempt to recover lost data.

Business Continuity

Service-now.com has a formal Business Continuity Plan which enables us to conduct business operations from any remote location in the event that our corporate headquarters are unusable for some reason. All customer systems and data are run and stored at one of several data centers located globally.  In the event of an operational problem at one of our datacenters, we would enact our Disaster Recovery Plan.

In the event a disaster affects our headquarters, we would enact our Business Continuity Plan.  Communication would be sent to all personnel instructing them to source a remote work location (typically their home).  All telephonic communications would be redirected to secondary numbers typically home offices or mobile phones.  We don’t run any critical business systems or services at our headquarters allowing us to access all business systems remotely. 

During the Southern California wildfires of October 2007 many employees were evacuated from their homes and our headquarters was completely inaccessible to all but a few employees due to traffic and travel restrictions. For a three day period, the company successfully operated from hotel rooms, home offices and other remote locations.

System Integrity

Our Vice President of Operations serves as our Chief Security Officer and bears full responsibility for the policies and procedures governing our customer systems as well as our stewardship of all customer data. This role reports directly to the CEO.

Service-now.com development and support work is conducted in Solana Beach, California. The vast majority of the development work is done by Service-now.com employees although we do employ contractors for very specific work from time to time. Customer support is conducted by Service-now.com employees with no contractors or third parties utilized. 

A limited number of Service-now.com employees maintain highly controlled access to customer instances for the purpose of trouble-shooting, customization and general customer support.  Our employees access customer systems via a single Logon ID and Password.  Additionally, customer systems automatically maintain an auditable log of developer or support access which tracks all changes made to the system.  Service-now.com employees are background checked and drug screened.  3rd party or subcontractors do not have access to any customer systems.

Monitoring

Service-now.com utilizes our own, internally developed monitoring technology to monitor all of our customer systems. This monitoring technology monitors CPU utilization, response time, and memory utilization.  Additionally, we utilize the datacenter-provided system to monitor for spoofing, hijacking, and replay.

Performance and security monitoring alerts are sent to Service-now.com for analysis and potential remediation.   As alerts and events are generated, they are reviewed by our support and development staff.  Formal monitoring takes place on a daily basis.