Customer Penetration Testing

Existing customers may perform an annual application penetration test using a documented process. ServiceNow works with customers to pre‑approve the testing schedule. This allows us to continue to monitor and differentiate potential real attacks from authorized customer activity.

We require that our customers share their results with us. Confirmed customer findings help contribute to the collective security of the ServiceNow environment and enable us to continuously improve our security posture.

Customer penetration testing represents a significant number of tests annually. If these tests produce genuine, confirmed vulnerabilities, we remediate those in accordance with our vulnerability response criteria. We document what has been remediated in each major version, patch, and hot fix within the release notes.

Existing customers can access additional information around the penetration testing process through the customer support portal.