SSAE 16 SOC 1 Type 2 and SOC 2 Type 2

The American Institute of Certified Public Accountants (AICPA) developed the Service Organization Control (SOC) framework that outlines controls organizations can implement, and be assessed by a third party, to protect the confidentiality and privacy of information in the cloud. The SOC 1 controls focus on the effectiveness of internal controls that affect the financial reports of customers. The SOC 2 evaluates controls that are relevant to security, availability, processing integrity, confidentiality, or privacy.

ServiceNow is audited annually by a third party and has maintained its SSAE 16 SOC 1 Type 2 certification since 2011 and SOC 2 Type 2 certification since 2013.