Understanding PaCE

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Understanding PaCE

    PaCE is a centralized platform designed to manage, administer, and audit policies effectively. It enables organizations to define policies as sets of rules and logic that determine the desired behavior of applications or services. When executed, PaCE evaluates the input against these rules to decide if a policy is compliant or non-compliant and communicates this decision back to the calling application or service to enforce appropriate actions.

    Show full answer Show less

    Key Features

    • Full Policy Life Cycle Management: Supports creation, versioning, testing, validation, and deployment of policies.
    • Policy Reuse: Standardizes and shares policies within and across services to improve consistency and efficiency.
    • Audit and Compliance: Automates evidence collection and proof of compliance for governance and risk audits.
    • Centralized Compliance Automation: Facilitates automated execution of policies to prevent manual dependencies and reduce posture drifts.
    • Integration with Risk Management: Connects policies with control objectives to provide business context within Integrated Risk Management and Policy and Compliance Management workspaces.
    • Policy Analysis and Debugging: Helps policy developers understand existing policies, assess changes, and use policies as baselines for new development.

    What This Enables for ServiceNow Customers

    ServiceNow customers can leverage PaCE to automate policy enforcement, ensuring applications and services remain compliant with desired standards. By centralizing policy management, customers can accelerate change velocity while maintaining guardrails through automated workflows. PaCE also streamlines audit readiness by collecting compliance evidence automatically, reducing manual effort during audits.

    Additionally, PaCE’s capabilities allow policy developers to thoroughly document, track, and validate policies before deployment, minimizing errors and improving governance. The ability to reuse policies enhances operational consistency and efficiency across the organization.

    Policy Management Details

    Policies in PaCE act as containers that include metadata, versions (with scripts and inputs), mapping information, and execution history. Customers can define unlimited policies to meet various organizational needs, with full traceability and control over policy changes.

    PaCE enables you to manage, administer, and audit policies from a centralized location.

    A PaCE policy is a set of pre-defined rules and logic that determines the desired behavior of an application or a service. When invoked, the rules in the policy are applied on the provided input, and a decision is reached. This decision-making is the main function of PaCE and helps determine if a policy is compliant or non-compliant. The decision is then relayed to the software calling service or application, so that it can act on it to enforce a desired behavior.

    PaCE provides the following capabilities:
    • Full life cycle management of policies
    • Policy reuse
    • Audit and compliance
    • Testing and validation of policies
    • Central automation of compliance and regulatory processes
    PaCE can be used to:
    • Identify posture drifts from a desired state in the current application.
    • Make decisions (compliant or non-compliant) based on a change in the application or service and enforce the decision to prevent a drift.
    • Automate execution of policies and eliminate dependency on humans.
    • Standardize policies so that they can be shared and reused within a service and across services.
    • Increase change velocity while including guardrails with automated workflows to provide preventive controls.
    • Collect evidence and proof of compliance for audit purposes. This feature can be used by internal auditors to automate the process of collecting evidence for governance and risk requirements.
    • Provide business context to PaCE policies by using control objectives to connect PaCE with the Integrated Risk Management and Policy and Compliance Management workspace.

    PaCE enables policy developers to view and understand an existing policy, make and assess changes, and decide if a policy can be used as a baseline for another policy. They can also use PaCE before debugging to understand how the policy should work and why it is not working as expected.

    PaCE provides a centralized platform for storing, managing, and using policies. By using PaCE, policies can be:
    • Well documented and all the requirements clearly defined.
    • Reused across the organization.
    • Tracked and new versions can be created when a policy is changed.
    • Tested and validated before deployment.

    Policies are also containers for all the elements that make up a policy. These elements include meta-data related to the policy, the policy versions (including policy scripts and inputs), mapping information, and policy execution history.

    You can define any number of policies within PaCE.