Docs here https://www.servicenow.com/docs/bundle/yokohama-mobile/page/administer/tablet-mobile-ui/concept/mobi... says , "Penetration testing

ServiceNow engages a third party to perform penetration testing of the mobile app. This typically happens annually but sometimes occurs more frequently. The results of these tests are available to customers. For more detail on security testing, see KB0538598: Customer Instance Security Testing | Policy and Procedure."

Question:

1. Is my understanding right that pen testing for mobile app is done by ServiceNow and share the results with customers? If yes, where can we see the results?

2. Can customer also do pen test for mobile app? If yes, what is the procedure?