In a hypothetical ServiceNow implementation, external customer-facing processes (within the CSM scope) were implemented as Service Catalog items (sc_request / sc_req_item) instead of being handled through the standard CSM Case data model.
These catalog items are used to manage interactions with external customers but do not
From a platform governance and compliance perspective:
Would this be considered a deviation from architectural best practices (
Or could it represent a potential compliance or audit risk (e.g., data segregation, reporting integrity, control traceability, or licensing considerations)?
The objective is to understand whether this type of implementation should be viewed primarily as a design/governance matter or if it may carry broader
