SSAE 16 SOC 1 Type 2 and SOC 2 Type 2

The American Institute of Certified Public Accountants (AICPA) developed the Service Organization Control (SOC) framework. It outlines controls that organizations can implement and be assessed by to protect the confidentiality and privacy of information in the cloud. The SOC 1 controls focus on the effectiveness of internal controls that affect the financial reports of customers. The SOC 2 evaluates controls that are relevant to security, availability, processing integrity, confidentiality, or privacy.

ServiceNow is audited annually by a third party and has maintained its SSAE 16 SOC 1 Type 2 certification since 2011 and SOC 2 Type 2 certification since 2013.