- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-19-2020 10:23 AM
Is there a proper way of storing sensitive information such as SSN on the platform?
I saw a couple of documentations from ServiceNow about storing SSN but those are mainly for the HR module.
I am trying to create a custom scoped app, that will contain SSN.
I saw there are two variables "Password (1 Way Encrypted)" & "Password (2 Way Encrypted)" for the table. However, I don't know if those two are suited for storing SSN.
If someone could please point me in the right direction that would be great! This is the first time I have to deal with storing sensitive info on the platform.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-19-2020 12:49 PM
Hello besides Edge Encryption like Sachin pointed out you can also use field level context encryption:
https://docs.servicenow.com/bundle/orlando-platform-administration/page/administer/encryption/concept/c_EncryptionSupport.html
For this you encrypt individual fields within a table using either single or multiple encryption contexts that you create. Once the field is encrypted you can assign the encryption context to particular roles so that appropriate users can access the data. This also restricts the data from Admins as well (if they do not have the encryption context). One thing to note the system is unable to read these field values so any automations using the field data would need to be interactive and triggered by a user who has the proper context.
Hope this helps.
--David
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-19-2020 10:29 AM
You can use edge encryption to store sensitive data in service now.
Regards,
Sachin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-19-2020 12:49 PM
Hello besides Edge Encryption like Sachin pointed out you can also use field level context encryption:
https://docs.servicenow.com/bundle/orlando-platform-administration/page/administer/encryption/concept/c_EncryptionSupport.html
For this you encrypt individual fields within a table using either single or multiple encryption contexts that you create. Once the field is encrypted you can assign the encryption context to particular roles so that appropriate users can access the data. This also restricts the data from Admins as well (if they do not have the encryption context). One thing to note the system is unable to read these field values so any automations using the field data would need to be interactive and triggered by a user who has the proper context.
Hope this helps.
--David
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-19-2020 01:22 PM
Got it!
Just the information I was looking for.
Thank you.
