We've updated the ServiceNow Community Code of Conduct, adding guidelines around AI usage, professionalism, and content violations. Read more

Disable NowAssist / Virtual Agent AI Training on Specific Data

SerekCS
Tera Contributor

3 weeks ago

Hello Community,

We have a requirement related to AI data governance for NowAssist and Virtual Agent.

We need to ensure that privileged data is not used to train:

  • NowAssist

  • Virtual Agent

  • Any other AI/GenAI capabilities within ServiceNow

This is required to remain compliant with internal data governance and regulatory policies.

 

Questions for the Community

  1. Is it currently possible to exclude specific data domains (tables, scopes, applications, or data sources) from being used for NowAssist / VA AI training?

  2. Are there system properties, AI governance settings, or role-based controls that allow this?

  3. Is data exclusion handled at:

    • Table level?

    • Application scope?

    • Data classification level?

    • Or only globally?

  4. How are others documenting and validating this for audits?

  5. If full exclusion is not possible today, what is the recommended workaround or best practice?

 

I appreciate any suggestion and I'm thankful for your time!

 

0 Helpfuls
  • 872 Views
2 REPLIES 2

SD_Chandan
Kilo Sage

3 weeks ago

@SerekCS 

ServiceNow AI governance is privacy‑first, not exclusion‑first.
You cannot block tables from AI training, because training does not occur on your data by default.
Compliance is achieved through masking, anonymization, access control, and governance visibility.

Thank you
Chandan
0 Helpfuls

SerekCS
Tera Contributor
In response to SD_Chandan

3 weeks ago

Thank you for the clarification, Chandan.

From a governance and audit perspective, could you please advise where we can review or verify what data is visible or accessible to ServiceNow AI features, and what tooling or configuration points are available to establish and document proper AI governance controls?

Specifically, we are looking to understand:

  • How AI data access and privacy boundaries can be reviewed or validated

  • What configuration areas support governance oversight (masking, anonymization, access controls, logging)

  • How organizations typically document this for compliance and audit purposes

Any guidance on recommended starting points or official documentation would be greatly appreciated.

0 Helpfuls