Finance departments are part of an organization that manages its money.  They are responsible for providing accurate and timely financial information, protecting company assets, and being compliant with tax laws.

However random work requests received through email, spreadsheets, and calendars; inefficient accrual processes; and the lack of tools to consolidate knowledge and policy can inhibit the finance department from successfully fulfilling its fiduciary responsibilities.

ServiceNow Finance Service Management helps your finance department manage work requests and improve service delivery. Here are just some of the areas that Finance Service Management can improve:

• Procurement
• Financial Reporting
• Questions, Disputes, and Requests
• Audit Reporting and Compliance
• Forecast and Budget Templates
• Contract Renewals, Terms Review, and Agreement Reviews
• Employee Expense Management
• Travel Support

BENEFITS

• provide visibility into work requests through dashboards. 
• manage work load with process, inproving resource utilization and performance
• save time by automating work assignments instead of manually assigning staff responsbilities
• improve communications with employees, partners, and vendors
• address cost control and utilization projections
• report on finance services by tracking and reporting on KPIs
• lower expenses by implementing automated and streamlined processes

PART OF SERVICE MANAGEMENT

ServiceNow Finance Service Management is part of the ServiceNow "Service Management" suite of applications.

Some of the products in this suite have similar functionality.  If you are an expert at Finance Service Management, you can usually learn the other similar apps very easily.  They all use configuration pages, state flows, and can incorporate service catalog items.  

Here are the applications in service management with similar underlying design:

• Field Service Management
• Facilities Service Management
• Legal Service Management
• Marketing Service Management
• Finance Service Management

FEATURES

ServiceNow Finance Service Management has different features available depending on activated plugins:

FINANCE CATALOG

The finance catalog is a collection of 33 different catalog items in 8 different categories you can add to your existing service catalog or self service site.  This a great way to get started building your own configured catalog.

Deliver an online, self‑service finance portal that provides 24x7 access to finance information and services, minimizes dependence on institutional knowledge, and decreases the number of redundant or repetitive requests

FINANCE SERVICE MANAGEMENT APPLICATION

After a finance request is submitted via the Finance Catalog, the Finance application in ServiceNow is used to fulfill those requests.

Finance Service Management uses state flows and workflow to automate the delivery process.  This speeds service fulfillment, creates repeatable processes, and ensures the correct agent is assigned to complete the request.

The Finance Service Management process (from the ServiceNow wiki)

1. Users submit finance requests through the service catalog.
2. Based on settings in the Finance Service Management Configuration, the request transitions through states based on actions performed through the request.
3. When the request has been fulfilled by the finance team, the request is closed.

Configuration Page

Visual Task Board

Dashboard

REPORTING

Evaluate finance resource utilization and the volume and types of service requests with easily customized reports and dashboards

ServiceNow includes 1 dashboard and 5 reports to get you started.  Dashboards and reports are easily created in ServiceNow to further tailor your finance efforts.

MORE INFORMATION

Here is an additional video on Service Management

HR Service Management helps your HR departments manage work requests and improve service delivery. ServiceNow has taken the manual email, phone, and in person HR processes of the past and converted them to a workflow and task-driven process.

BENEFITS

• provide visibility into work requests through dashboards
• manage work load with process, improving resource utilization and performance
• save time by automating work assignments instead of manually assigning staff responsibilities
• improve communications with employees, partners, and vendors
• address cost control and utilization projections
• report on HR services by tracking and reporting on KPIs
• lower expenses by implementing automated and streamlined processes

INSTALL

Plugin Activation

There are six (6) plugins available for install with HR Service Management:

• Human Resources Application: Core - Provides case and change management for HR. Activation of this plugin on production instances may require a separate license. There are seven applications installed after you install this plugin
  • HR Case Management - All HR Cases and HR Tasks
  • HR Administration - Configure the HR Catalog, Surveys, KB Articles, HR Data
  • HR Benefits - Benefits cases and benefit data captured
  • HR Employee Relations - Employee Relations Cases and Disciplinary Issues
  • HR Systems - HR Systems Cases, System Access, and Reports
  • HR Payroll - Payroll Cases, Payroll Data, and Bank Details
  • HR Employee Data Management - Employee Data Management Cases
• Human Resources Application: HR Connect - Imports the Connect plugin, and installs a default HR support queue, enabling HR specific Connect functionality.
• Human Resources Application: Performance Analytics - Provides Performance Analytics reports for HR. Activation of this plugin on production will require a PA Premium license. Contact ServiceNow for details.
• Human Resources Application: Reporting Overview - Human Resources Reporting Overview
• Human Resources Application: Service Portal - HR Service Portal
• Human Resources Application: Workday Integration - Provides automatic updates of HR application tables from a linked Workday instance. Activation of this plugin on production instances may require a separate license. 

To activate an HR Service Management Plugin.

1. Navigate to System Definition > Plugins.
2. Find and click the plugin "Human Resource Core"
3. If available, select the Load demo data check box.
4. Click Activate.

Please note if you are currently on an older version of HR Service Management, there is a separate upgrade process.

FEATURES AND APPLICATIONS

ServiceNow HR Service Management has different features available depending on activated plugins:

HR CATALOG

The HR catalog is a collection of 39 different catalog items in 13 different categories you can add to your existing service catalog or self service site.  This a great way to get started building your own configured HR catalog.

Deliver an online, self‑service HR portal that provides 24x7 access to hr information and services, minimizes dependence on institutional knowledge, and decreases the number of redundant or repetitive requests

You can add these catalog items to your existing Service Catalog, or use the separate HR Catalog.  Please note if you activate the Service Portal, the HR Catalog is hidden in Self Service.

ServiceNow also provides a nice HR catalog option for adjusting and adding new catalog items.  (Under Left Nav Bar > HR Administration > Manage HR Catalog)

HR Catalog

HR Catalog Item

HR Catalog Management

HR Service Portal

Use the Service Portal to create a delightful experience for your users. Service Portal provides an alternative user experience to the standard platform UI. It is easy to configure, customize, and extend, similar to what users are used to in other consumer products.

There is a separate HR Service Portal available if you install the plugin. Personally I don't like the idea of a separate Service Portal.  I would rather they use one combined portal, so that users don't need to know a separate url for HR and a different URL for IT.  

However all customers are different, and HR departments would like their own portal and ownership.  This especially true if they pay for the licenses for HR.

HR Service Portal - Home Page

HR Service Portal - Catalog

HR Service Portal - Knowledge Base

HR Service Portal - Open Case

HR CASE MANAGEMENT application

HR Case Management is where the work gets done!

HR Applications

After a HR request is submitted via the HR Catalog, an HR application in ServiceNow is used to fulfill those requests. HR Case Management in the general catch-all for all cases

HR cases hold the details of HR requests, such as requests for information, and HR processes, such as onboarding. Users can submit HR cases through the HR Service Portal, the HR Catalog, or manually with the new button.

Processes may vary depending on the employees they relate to, their teams, locations, positions, and other factors. For example, an onboarding process for a sales employee may differ from the onboarding process for an IT employee, and an employee who travels requires a laptop, but an employee based in the office is given a desktop. After a process is defined, the associated department can set up and maintain the rules and conditions for the process.

HR Service Management uses state flows and workflow to automate the delivery process.  This speeds service fulfillment, creates repeatable processes, and ensures the correct agent is assigned to complete the request.

The general HR Service Management process

1. Users submit HR cases through the service catalog.
2. Based on settings in the HR Service Management Configuration, the cases transitions through states based on actions performed through the request.
3. Some HR cases have approvals
4. When the case has been fulfilled by the HR team, the case is closed.

Example HR request

An employee named Alan wants to find out about the company's paternity leave policy. He also wants to discuss flexible working hours around the expected time of the birth of his child.

1. Alan submits an HR request asking about paternity leave policies and requesting a meeting to discuss flexible working hours.
2. An HR case is created and assigned to an HR agent, such as a specialist or generalist, based on assignment rules.
3. The HR agent processes the HR case, creating two HR tasks for this two-part request. Each task is assigned to the user who can process it.
4. When all the tasks are completed, the HR case is closed.

HR Case

HR Task (with sibiling tasks)

There are 19 reports and four (4) dashboards available as well.

Overview Dashboard

Manager Dashboard

HR Onboarding Dashboard

HR ADMINISTRATION APPLICATION

In the HR Administration application, you can configure the HR Applications.

Here are some of the items you can do in this app:

• Surveys - Configure the HR surveys like Satisfaction and exit surveys
• Knowledge - Add and publish KB Articles
• Organizations - Setup users, HR profiles, departments, locations, and positions
• Catalog and Templates - Manage templates and develop catalog items

HR Application view

HR Request Satisfaction Survey

Exit Survey Scorecard

Knowledge

HR BENEFITS APPLICATION

In the HR Benefits application, you can manage benefits cases and benefit information.

Here is the data you can manage in this app:

• Cases
• Beneficiaries
• Dental Benefits
• Medical Benefits
• Pharmacy Benefits
• Retirement Benefits
• Vision Benefits
• HR Benefit Providers
• Benefit Types
• Tuition Reimbursements

HR EMPLOYEE RELATIONS APPLICATION

Employee Relations Case

 In the HR Employee Relations application, you can manage employee relations cases and data.

Here is the data you can manage in this app:

• Cases
• Disciplinary Issues
• Disciplinary Issue Types
• Warning Types

HR SYSTEMS APPLICATION

HR System Access

 In the HR Systems application, you can manage HR Systems cases and data.

Here is the data you can manage in this app:

• Cases
• System Access
• Reports

HR PAYROLL APPLICATION

Payroll Record

The HR Payroll module contains a list of all open payroll cases. The module allows HR agents to add and modify payroll records, banking accounts, and direct data.

The following information is set up and maintained as part of the HR Payroll module. Employees can access HR payroll information, enroll in direct deposit, and submit HR payroll cases from the HR Service Portal. HR managers or administrators set up and modify the information.

• HR Payroll Case Management
• Employee Payroll Records
• Bank Details
• Bank Accounts
• Direct Deposits

HR EMPLOYEE DATA MANAGEMENT APPLICATION

The HR Employee Data Management application contains a list of all related cases.  Pretty straight forward there.

CONNECT SUPPORt

Connect Support is a real-time messaging tool that enables support agents to easily keep track of their support cases, quickly find solutions, and resolve problems quickly.

Connect Support builds on the messaging platform provided with Connect. For general information about the Connect interface, setup, and administration, see Connect. When Connect Support is enabled, users designated as support agents have access to the support tab of the Connect sidebar.

Features include:

• Administrators can create chat queues and enable users to access live support.
• Support agents can monitor the queues to provide instant support.
• Drag-and-drop sharing of links, files, and records.

REPORTING

Evaluate HR resource utilization and the volume and types of service requests with easily customized reports and dashboards

ServiceNow includes 4 dashboards and 19 reports to get you started.  Dashboards and reports are easily created in ServiceNow to further tailor your HR efforts.

MORE INFORMATION

Here is an additional video on HR Service Management

ServiceNow did have a "wild west" past, where things would go on that would never today. I could tell many stories, maybe not publish them in writing of course, but there were some interesting times.

What are some of the factors that effectively ended this "wild west" and brought on this possible "golden age" of ServiceNow.  In case you didn't realize, ServiceNow is getting very popular!

IPO

In preparation for the ServiceNow Initial Public Offering (IPO), Frank Slootman was brought on an CEO.  He replaced the founder Fred Luddy.  

The ServiceNow IPO was on June 29th, 2012.  Morgan Stanley priced the NOW stock at $18 per share.  It ended up debuting at $23.75, more than 30% above the IPO price.

ServiceNow is trading at $79 on January 5th, 2017.  It got up to $89 bucks on Dec 15, 2015.  

Going public will have a dramatic effect on a company.  Cash flow increases with new investors, and those new investors will expect a return on their investment!  The business can no longer get away with just any decision and are accountable to shareholders.

ServiceNow IPO

Service Management

I am on a personal initiative to master all the new service management applications that ServiceNow offers.  

I have covered many of the possible ServiceNow topics now, but it is actually difficult to keep up as there are new offerings and updates frequently.  

• Site Index

It is one of the results of the IPO, ServiceNow is looking for ways to expand in order to impress their shareholders. One way to do that is the introduction of new ServiceNow applications, such as Facilities, HR, Marketing, Field Service, Legal, etc.

Some of these new applications are quite powerful and complex.  They are not a simple cash grab, a lot of work went into their creation.  The upgrades to these applications were much more than expected as well.

From my experience in the consulting business, this is changing how we sell ServiceNow. I have noticed companies are buying Facilities, HR, CSM, etc without Incident Management.  Incident Management used to be the entry-point to buying ServiceNow for years. 

2017 is going to crazy with all the new features ServiceNow will offer I predict.

ITOM

IT Operations Management (ITOM) is a collection of products ServiceNow offers and is actively trying to expand as well.

When I first started using ServiceNow, none of these applications existed.  Discovery was introduced first, then Orchestration, Service Mapping, and Event Management.

Gotta be honest some of the first versions of those products had a few rough edges.  However ServiceNow has since polished them up and continues to make them better with each release.

Discovery is now much easier to implement for example.  Now it is commonly part of a ServiceNow platform implementation.

PLATFORM-AS-A-SERVICE (PAAS)

Applications in the cloud have increased in popularity over the years.  It is now commonplace for organizations to use cloud platforms, and ServiceNow is right in front of these vendors.

One Platform, Many Applications

All ServiceNow's applications are under one platform.  There is no need to write integrations between ServiceNow applications, they are already connected when they are installed.

ServiceNow comes with a core set of applications such as Incident, Change, Problem, and Knowledge Management.  However using Plugins, you can easily install additional applications to expand your ServiceNow instance.   

All these applications are integrated and part of the same platform once activated.  Not having to write integrations saves a significant amount of time and cost.

Tenancy

ServiceNow is single-tenant, meaning customer's platform instances don't affect each other.

A single instance of the software and all of the supporting infrastructure serves a single customer. With single tenancy, each customer has their own independent database and instance of the software. With this option, there’s essentially no sharing going on. Everyone has their own, separate from everyone else.

However in the PAAS model, when you build an application for customers, you have to take in account how this new application will affect the other applications in the platform and how they interface.

You are designing applications that better improve the platform.  Although ServiceNow is powerful and free, staying within the platform common design is recommended.

For more information about the cloud: Ten Reasons why Cloud Computing is Awesome

STORE

ServiceNow Store

One of the weaknesses of ServiceNow used to be the availability of third-party applications.  Some competing vendors like Salesforce have really capitalized on the "App Store".

ServiceNow first introduced ServiceNow Share, where anyone could share a customization.  That was a good first step, but you didn't always get a customization that worked correctly.

ServiceNow Share allows customers and partners to share apps and other content written by members of the ServiceNow Community. You will be able to quickly find and download apps, app extensions, dashboards, and other types of great content. The goal is that with ServiceNow Share, you'll never need to start creating an application from scratch.

ServiceNow Store was later and it features certified applications.  That could be a big part of the future of ServiceNow.

ServiceNow Store delivers trusted business apps across various business lines and industries.

Licensing

If you have been involved in ServiceNow licensing, you'll know that licensing has become increasingly more complicated.  That is in part to better sell ServiceNow to a variety of customers, but more importantly increase revenue.

ServiceNow has all kinds of license schemes, and is no longer tracking fulfillers. It can be based on application usage, site visit, etc.  That is part of becoming a larger company.  This also happened when I worked for HP. Licenses start as simple, but that changes with time.

CreateNow, was renamed to "Platform Runtime", and has made creating custom applications more prohibitive. That is maybe in part of ServiceNow selling their applications instead.  Or for the revenue.

Licenses were also slightly on the honor system, with only periodic audit checks.  However Subscription Management may change that, and eventually enforce license compliance.

EXPECT GREAT THINGS

This is going to be an unbelievable ride for ServiceNow in the next few years.  This is also for all the people that use ServiceNow as well.  There will be a lot of changes upcoming due to ServiceNow's popularity and the amount of resources put to upgrades.  

Very exciting!

Field normalization helps you resolve data quality issues in ServiceNow.  

Records for things like devices and companies are brought into the ServiceNow platform by manual entry, imports, and Discovery. Depending on how it is introduced into the database, a field value might appear in several different forms. For example, the CPU Type field on a computer CI form might display any of the following names for the same type of CPU, depending on the source of the entry:

The version of field normalization included from ServiceNow is free.  It includes two different types of normalization and a couple of examples of how to use it.  If you have specific or limited amount of data to normalize, this application can help you out greatly.

For large amounts of normalization or low-maintenance normalization is where vendors like BDNA and Eracent are selling normalization "technopedia" data.  This costs more than free of course.

Activate

To use Field Normalization, activate the "Field Normalization" plugin.  

Please note this doesn't activate all the example data normalization and transformation jobs, it just activates the plugin.  You can activate the normalization jobs as you see fit.

I would suggest always trying out normalization in a development instance first, as it is very powerful and can cause a mess if you don't test first.

TYPES

Field Normalization includes two types: normalization and transformation.

• Normalization forces the platform to convert different forms of the same field value to a single, accepted value automatically. By forcing a field to use a simple, recognizable description for multiple variations of the same thing, normalization can eliminate duplicate records and make searches easier. In addition to reconciling different forms of the same value in fields, normalization can be configured to adjust queries automatically to return normalized results.
• Transformation enables an administrator to transform raw field input into standardized values that are more meaningful to an organization. An example of a standardized value might be to round RAM size in configuration items to a whole number, such as 4000 MB instead of 4112 MB. Transformations are controlled by parameters and conditions and can be configured to return transformed values in queries.

NORMALIZATION EXAMPLES

EXAMPLE 1: MANUFACTURER

HP has various different ways they can be named in ServiceNow due to various imports and discovery scans.

• HP
• HP Inc.
• Hewlett-Packard
• Compaq

All these different versions can make reporting difficult.  Field Normalization takes all these companies and can normalizes them to one: "HP".  

EXAMPLE 2: OPERATING SYSTEM

When you import configuration items from Discovery, the operating system will be slightly different depending on what is stored in that computer's information.

• Microsoft Windows 7 Professional
• Microsoft Windows 7 Pro
• Microsoft Windows Professional 7 
• Windows 7 Pro
• Windows® 7 Pro
• Windows ® 7 Pro

Those slight differences make reporting and license reconciliation difficult.  Field normalization "normalizes that info into a common name like "Microsoft Windows 7 Professional".

TRANSFORMATION EXAMPLES

EXAMPLE 1: DISK SPACE

Disk space from discovery sources can be formatted in all kinds of odd increments

• Under 10GB, round half up
• Over 10GB, round half up
• Over 100GB, round half up
• Over a Terabyte, round half up

Using this method, you get nice rounded totals for disk space.  Instead of 9.8GB, you get 10GB.  Instead of 8.9GB, you get 10GB.  It makes reporting on disk space so much nicer.

HOW IT WORKS: PROCESS

Step 1: CREATE NORMALIZATION RECORD

1. Navigate to Field Normalization > Configurations > Normalizations.
2. Click New.
3. Create a normalization record.  I suggest using one of the example records as a reference.

Field | Input value
Name | Unique name for this normalization record. This value is for reference only and is not used in any processing.
Table | Select the ServiceNow table for the field being normalized.
Field | Select the field to normalize.
Mode | The three available modes are Off, Test, and Active. All normalization records are created in the test mode by default. If you are planning to select aliases for your normal values, change the Mode to Active. If you intend to normalize the field using rules, be sure to leave this record in the Test mode. To disable this normalization, switch the mode to Off.
Normalize query | Select this check box to apply the field value normalized by this record to all queries involving this field. Queries formed with the raw (original) field value return records displaying the normal value. Queries issued by a script using the conditions equals or not equals return normalized values. See Normalized Queries for details.
Coalesce each normal | Select this check box to reset all references in the database to records containing an alias field value to a single record using a normal value. See Coalesce Normal Values for details.
Raw field | Select the field to use to display the original (non-normalized) input values on a form in which a field value has been normalized. For the selection to appear in the drop-down list, add a custom field to the form for the table selected. For instructions on adding a field for raw data, see Creating a Raw Field.

4. Click Save
5. Click "Collect Pending Values" if the Pending Value Collection job is not added.  The "Pending Value Collection job" collects all the possible values of the field you can normalize.

STEP 2: Create Normal Values

A  normal value is a simplified, generic value for a field that replaces all the possible variants of that value that exist in the database.

A good example of this is the out-of-the-box CPU Type example.  By setting up some normal values, it normalizes all the different versions of the Xeon cpu to be just "Xeon".

STEP 3A: Create Alias

Aliases are the variants of a field value in the instance that will be replaced by the normal value.

For the Xeon Normal value, you would select all the Pending values that would match to that normal value.

This is intended for smaller-scale normalization.  If you need to normalize a large amount of data, this may be very maintenance intensive.

STEP 3B: SETUP RULES

Rules are a lot more maintenance-free than normal values.  I would suggest using these instead of alias.

Some example rules:

• Intel Xeon: CPU type matches pattern *Intel*Xeon*. This rule normalizes all variants in which Intel precedes Xeon, including Intel Xeon, Intel(R) Xeon(TM) CPU 2.80GHz, and Intel(R) Xeon(TM) CPU 3.00GHz.
• Xeon: CPU type contains Xeon
• L3350: CPU type contains L3350
• E3350: CPU type contains E3350

Rules are dynamic and less maintenance intensive than an alias as you may notice.

Be careful to not have a blank expression in your rules.  When you run your data job, it will set all the fields to that rule.

Step 4: Optional Raw Field 

A raw field is a custom field created by an administrator to show the original (raw) input in a field on a form after it has been normalized or transformed.

This is helpful for debugging and other reasons.

STEP 5: ACTIVATE

Transformations have an optional Test Transforms feature, Normalizations don't have that.  Either way, I always suggest running normalizations or transformations in a development instance first.

When you are ready to run your job, flip the Mode to "Active" and click save.  You'll notice new data jobs in the Data jobs tab.

Only flip to active when you are sure you are ready.

STEP 6: RUN Data Jobs

Field Normalization creates four data jobs during the normalization process to collect or change data.

All jobs except Pending value collection are executed manually. Data jobs have a roll back feature that allows you to undo normalization at different stages before committing changes that affect the entire database.

• Pending value collection: This data job is created when a field normalization record is submitted. This job runs automatically to collect all the values from the database for the field to be normalized. This data job does not modify the database.
• Normal value change: This data job is created when an existing normal value that is used to normalize a field is changed. When the job is run, the platform updates all the normalized fields in the database that use the new normal value.
• Alias application: This data job is created when an alias is created. When the job is run, all field values in the database containing the alias are normalized.
• Rule application: This data job is created when a rule is created. When the job is run, all field values in the database that match this rule are normalized.
• Coalesce to normal: This data job coalesces data from existing records containing a normalized field value into a single record that uses a normal value.

You may have to go into these data jobs and click Start if they don't run automatically.

STEP 7: NORMALIZATION IN ACTION

When all the data jobs finished, you'll have normalized data.

Normalized fields are marked with an icon that links to different targets, depending on the user's role.

Users with the normalizer role can click the icon to access the normalization configuration record for that field directly. When a user without the normalizer role clicks the link, a help page appears that provides help on the form. A preference, called Restrict to roles, enables an administrator to define the roles that are permitted to see the icon. If no roles are specified, then the icon is visible to all roles.

STEP 7: Rollback

You can rollback a job if you mess up, however I don't recommend this.  Be careful the first time around and don't rely on this.  Always test in a development instance first!

More Information

For more information on Field Normalization, check out the Product Documentation on Field Normalization.

Release Management encompasses the planning, design, build, configuration and testing of hardware and software releases to create a defined set of release components.

Plugins

Activate the Release Management plugin to use, which will also upgrade you to the newest version.

Table Structure

Table Name | Definition
Product [rm_product] | Represent whole products whose releases are being managed.
Release [rm_release] | Represent individual versions of the product.
Release Phase [rm_release_phase] | Represent the different stages of work required to complete a release.
Feature [rm_feature] | Represent each feature within the release.
Release Tasks [rm_task] | Represent tasks to create individual features.

Process

Define a product

A product might be an application, physical item, or service.  

1. Left Navigation Bar > Release > Products and click New.
2. Fill out the form and click submit

Product

Planning Board

The Planning Board is an interface for manipulating the tasks related to releases for a particular product.

Use the release Planning Board

1. Open the product record and select the Planning Board related link.
2. On the list of releases associated with the product, click the name of the release to highlight it in green

Move a task from one release to another

1. On the Planning Board, select the tasks to move
2. Click the arrow for the target release

Planning Board

Define a release

1. Navigate to the form of the appropriate parent Product.
2. Scroll to the Releases related list and click New.

Releases under Product

Release

Because releases can have child releases, you can group minor releases under major releases.

Define a release phase

1. From the Release form, use the Release Phases related list.
2. Click New
3. Fill out the form and click submit

Release Phase

Manage the release process

Once a product is defined, you can plan and execute a release.

1. Create the release: Define the release record and child tasks.
2. Scope the release: Define features for releases and child tasks.

While creating and scoping the release, use the Release Hierarchy related list on the Release Form to view the release as a hierarchy.

Release Hierarchy

Scope a release

You can scope a release from the Release form's Features related list.

1. From the Release form, use the Features related list to define features for the release.

From the feature form, the Release Tasks related list can be used to define release tasks for the feature. 

Feature

Release Task

Agile Development plugin

The Agile Development plugin further extends upon the Release Management v2 plugin by adding a lot more value to the application.

Task Table Relationship

Since releases are tied to the task table, you can easily tie them to changes, problems, etc. as well.

Here are the collected works of this site organized by ServiceNow product lines. 

Service management

IT Service Management

IT Operations Management

IT Business MANAGEMENT

INTEGRATIONS

UTILITIES

Development

UPGRADES

A contract is a binding agreement between two parties.

In the ServiceNow platform, contracts contain detailed information such as contract number, start and end dates, active status, terms and conditions statements, documents, renewal information, and financial terms.

Contract Management is enabled automatically in the base ServiceNow platform.

THE Contract Lifecycle

Contracts follow a lifecycle based on state and substate.  This determines when they can be edited and when they are in compliance (expiration).

Contract States

State | Description
Draft | User adds information about the contract and specifies an approver.
Active | Contract was approved and has reached the specified start date.
Expired | Contract reached the specified end date. Expired contracts with an active renewal workflow that are waiting for approval have a substate of Awaiting Review. Expired contracts with an active renewal workflow where the renewal was approved, but the renewal date has not yet passed, have a substate of Renewal Approved. Expired contracts with no active renewal or extension pending workflow have an empty substate.
Canceled | Contract was discontinued and is no longer active.

Contract substates

Substate | Description
Awaiting Review | Contract is being prepared for review.
Under Review | Contract is sent to the approver and the approver is reviewing the contract.
Approved | Contract is reviewed and accepted by the approver.
Rejected | Contract is reviewed and declined by the approver.
Renewal Approved | Contract renewal is approved by the approver.
Renewal Rejected | Contract renewal is rejected by the approver.
Extension Approved | Contract extension is approved by the approver.
Extension Rejected | Contract extension is rejected by the approver.
None | No substate is specified.

Process

Create a contract

You need the contract_manager or admin role to create a contract.

1. In the Left Navigator Bar, go to Contract, and then under Insurance, Leases, Non-Disclosure, Maintenance, etc, click the type of contract you want to create.

Please note that some contracts like Software Licenses may function differently.

2. Click the New Button

Contract New Button

3. Fill in the fields and click submit.  The full list of fields and what they do is listed here
4. If you filled in an approver, the contract now has a substate of "Under review"
5. The approver received an approval

Contract Management Approval

6. If the approver approves, the contract goes to state:active

There are also optional steps in the contract creation process:

• Add an asset to a contract
• Add a user to a contract
• Add a configuration item to a contract
• Add a document to a contract

Adjust a contract

You need the contract_manager or admin role to adjust a contract.

1. Open an existing contract
2. Click the Adjust button

Contract Adjust

3. Click Apply Changes to complete the adjustment

There are also optional steps in the contract adjust process:

• Renew Contract
• Extend Contract
• Cancel Contract

Verify contract administrator assignment for notification

You need the contract_manager or admin role to adjust notifications.

This can be one of the most helpful (or most annoying) part of ServiceNow.  It is important you adjust this.

When the contract.expiration event runs on the Contract [ast.contract] table each night, an email message is sent to the person identified as the contract administrator. This occurs at the following times.

• 90 days ahead of the contract expiration date
• 60 days ahead of the contract expiration date
• 30 days ahead of the contract expiration date
• On the contract expiration date

A user with the admin role can edit the contract.expiration condition check that processes contract notifications. Follow the procedure below to verify that the right contract administrator is assigned to the contract.

Procedure

1. Navigate to Contract Management > Contract > All.
2. Select a contract.
3. Check that the Contract administrator field contains the correct name. A single name can be specified.

Terms and conditions

You can add terms and conditions to a contract to keep all documentation that is relevant to a contract in one location.

Contract Terms and Conditions

The terms and conditions can be searched and used in reports. If multiple terms and conditions records are added to a single contract, set an order for the records so they appear in a specific sequence. The terms and conditions fields become read-only after a contract is sent for approval.

Users with the contract_manager role can read contract history and add terms and conditions.

There are three procedures involved in adding terms and conditions to a contract, as follows.

• Create a terms and conditions record.
• Add the record to a contract.
• Build a terms and conditions document for the contract.

Create a contract rate card

A contract rate card provides detailed price information for a contract and enables you to generate expense lines for recurring expenses automatically. There can be multiple rate cards for the same contract.

You must activate Cost Management to use rate cards. You need the role of financial_mgmt_user, asset, or contract_manager use them as well.

In my opinion, this is only applicable unless you are doing a full cost management implementation.  You can read about it here however.

Monitor a contract

You need the contract_manager or admin role to view contract history.

On any contract, you can view the Contract History Related list to see who edited the contract or view earlier versions.

You can also view 12 different contract reports in the base system as well.  Those reports are just a start, you'll probably want to create your own reports as well.

More information

Here is an video tutorial on Contract Management

Shared services is the consolidation of business operations that are used by multiple parts of the same organization.  

Shared services are cost-efficient because they centralize back-office operations that are used by multiple divisions of the same company and eliminate redundancy. Some companies use a chargeback system to bill divisions that use the service on a per-use, per-quarter or per-year basis.  Other companies absorb the cost of shared services as part of the continuing cost of running the business. Today, most companies employ a shared services model for finance, human resources management (HRM) and information technology (IT).

Benefits OF SHARED SERVICES

• Economic - Higher productivity by consumer-like service portal and automated request fulfillment processes give employees more time for core business functions. Significantly reduce service delivery costs by driving standardization, consistency, and consolidation.
• Strategic - Achieve process and system standardization and meet increased demand with fewer full time employees. 
• Quality - Improved information by using a common platform provides you with complete visibility into service usage, costs, errors, and bottlenecks. Develop service delivery best practices and establish centers of excellence. 
• Speed - Automate and orchestrate interactions across departments to rapidly fulfill service requests.

POWER OF THE PLATFORM

Why is ServiceNow an ideal foundation for a shared services implementation?  It is a single platform that can do so much and is designed with service management and consolidation in mind.

One Platform

Customer Service, IT, HR, and other departments can all use the same platform, sharing functionality and reusing customizations between departments.  No integrations needed, you can easily connect different ServiceNow applications together within the platform.

One Knowledge Base

All your knowledge in one central location filtered for visibility with user criteria.  No need to look in multiple sharepoint sites, sifting through word documents trying to find an answer.  Have one central location for all your company and customer facing information.

One Service Portal

Your employees, partners, and customers gain easy access to all the consumer‑like business services you can now deliver through one portal.  Provide your stakeholders with an easy way to submit, track, and be proactively alerted to the status of their requests for service. 

One Code Base

Only primarily JavaScript code base to support.  Most of that is declarative as well. You don't have be a coding wizard with a photographic memory to be good at ServiceNow. It is relatively easy compared to other systems.

Rapidly deliver cost‑effective and intuitive services to help your organization become a strategic business partner

Workflow and Ownership

Create services that streamline and automate interactions between departments.  Task Assignments show who owns tasks and are not lost in emails and conversations.

Reporting and SLAs

Create a performance driven culture through measurement and feedback between departments. Manage service delivery through clear service level agreements and responsibilities.

Shared Services need a Platform

If you are going to merge processes, responsibilities, or departments you need a platform to manage it all.  Using different applications deters people from that kind of initiative.   I am biased of course, but I do truly believe ServiceNow is the best platform to start on that journey.

Cost management tracks configuration item costs. The costs can be allocated to business units and used in reports.

Features

• Use rate cards to properly track configuration item, contract, task, and labor costs
• Defining configuration item (CI) costs
• Tracking one-time costs for CIs
• Processing recurring CI costs to generate expense lines
• Distributing bulk costs to multiple expense line sources
• Tracking costs related to tasks and projects
• Aggregating configuration item costs and charging the total cost to a business service or application
• Allocating expense lines to business units with flexible allocation rules
• Tracking planned and actual budget costs by cost center

Activate

Turn on the plugin "Cost Management" in your ServiceNow instance.  Not to be confused with Finance Service Management or Financial Management.  Those are completely different applications.  Kind of confusing I know!

Architecture

Before you start gathering requirements for Cost Management, it is important to read up on all the tables and code that runs it.  There will likely be properties to adjust and slight business rule changes to make throughout the project.

Here you can read about the Cost Management Tables, properties, UI policies, business rules, and client scripts:

• Installed with Cost Management

Rate Cards

There are four different types of rate cards in Cost Management.

CI Rate Card

A configuration item (CI) rate card is a group of recurring configuration item costs associated with multiple configuration items.

Setup of each of these rate cards involves:

1. Creating a CI rate cards against CIs.  You can pick the CIs with a filter or manually.
2. Establishing a rate card cost for those CIs

For example, you'll likely setup CI rate cards for certain types of servers or network equipment.  

You can tell how much an individual CI truly costs in terms of leases, purchases, and maintenance.  ServiceNow uses Expense Lines, to add up all those costs.  Also expense lines can be aggregated to apply all configuration item expenses to a parent business service or application with relationship paths.

CI Rate Card

Rate Card Cost

Contract Rate Card 

Capture operating costs by generating expense lines representing the cost of a contract.  Associate a contract to certain assets and costs of those assets are tied to the contract.

This is similar to a rate card cost, except the contract contains all the costs. Where as with a rate card cost the costs accumulate.

Contract Rate Card

Task Rate Cards

Task rate cards are templates used to define the type of task and the method of calculating the associated costs. They can help you determine the costs of a P1 incident or an emergency change for example.

There is two versions of Task Rate cards, a flat rate and "time worked" version of Task Rate Cards.

The Time Worked version uses the "Use Time Worked" checkbox.  That way users can add up all the time spent on an incident and ServiceNow will automatically multiply it by their labor rate card to find out how much that incident or change really cost.

Task Rate Card (Flat Rate)

Task Rate Card (Using Time Worked)

Labor Rate Cards

Labor rate cards are templates used to define worker's labor rates when calculating task cost based on time worked.  Uses a reference only rate code to align rates with an external system.

You will likely get labor rate cards from HR or Finance and will have to import them into the system.  They are somewhat secret, but are only approximations of labor costs.  Sometimes you match labor rate cards to a User's Title or Department, but usually Title.

Labor Rate Card

More information on how these rate cards work: Cost Sources

Using Distribution Costs and Rules

Distribution Costs are costs which can be divided among a group of records. For example, the cost of power at a datacenter which can be divided among the CIs in the datacenter. Distribution Rules determine how the Distribution Costs are divided among the CIs.

Distribution Cost Rule

Distribution Cost

Allocating Expenses

Expenses can also be allocated to a business entity that is responsible for the expense.

This is not considered charge-back or billing but could be used as a source for billing. The primary purpose of expense allocation is to represent the consumer of the process that has incurred some expense. This can be accomplished by defining expense allocation rules.

By using Expense Allocation Rules, you can distribute the costs to multiple departments, cost centers, or groups.

BUDGETS

Customers sometimes ask me "Can ServiceNow make Budgets?"

Yes, but not as typically expected.  Budgets take all that you learned from Expense Allocations and drive up to a cost center.  It is more an automatic process, the only numbers you can punch in are dates and your planned costs.

This is often an more accurate depiction of what the costs were.  Although more difficult to float numbers around. :)

ServiceNow Agile Development manages Scrum or waterfall development efforts and defines the tasks required for developing and maintaining software throughout the lifecycle, from inception, through testing, to deployment.

Many companies today have different applications for tracking this work.  Often it doesn't make sense to use those other tools when ServiceNow includes Agile Development in the base package. Plus ServiceNow Agile Development is readily connected to the Service Portal, Incident Management, and other ServiceNow applications.

Agile Development can bring all of these other tools, workflows, and more importantly licenses together in a single system of record.

ActiVATE

These plugins are related to Agile Development in ServiceNow:

• Agile Development - main application
• Context Ranking - required for usage of Agile Development
• NG shared components - required for usage of Agile Development
• Custom Charts - required for usage of Agile Development
• Model Management - required for usage of Agile Development
• SDLC - SCRUM - Likely preinstalled. Required for usage of Agile Development
• Software Development Lifecycle SDLC - Likely preinstalled. Required for usage of Agile Development
• Project Portfolio Suite (optional) - to use the project workbench
• Demand Management (optional) - to use demands

You will need to activate the Agile Development plugin at a minimum to use the application.

OPEN FOR YOUR PROCESS

You can use the Agile Development application in anyway you choose.  It is an open application in which you can conduct your releases in a waterfall or agile approach.  Or you can do what many companies do, and use a hybrid agile/waterfall approach. The "Agile Development" application does lead itself towards Agile, hence the name. No matter what you choose, it is a starting point for whatever software development method you want.

In this article however, I will talk about the application in terms of Agile.

THE SCRUM FRAMEWORK

Daily scrum

The scrum master meets briefly with team members each day to discuss progress, planned work, and any impediments (known as blockers).

Blocked Story

Scrum Release

Product Backlog

The product owner creates and maintains a product backlog, which is a collection of user stories captured within a scrum product. A product represents a development target of related functionality that is composed of themes, epics, and stories. A product owner typically ranks the stories in a product backlog by order of importance.

Product Backlog

Release Backlog

A release is a time frame in which a number of development iterations are completed. The product owner collaborates with the scrum master to determine which stories should be targeted for a release. Stories from one or more products can be targeted to a release. Typically, the decision process is based on the release timescale, the story rank within the product backlog, and the story complexity. Other criteria can be used depending on the nature of the project. The targeted stories form the release backlog. Stories in the release backlog are targeted to a release, but have not yet been associated with a sprint. Throughout the release, the release backlog shrinks as stories are moved into sprints. As this occurs, the product owner can see what remains to be completed.

Visual Task Board: Stories By Release

Sprint Backlog

The sprint backlog is a list of stories the sprint team members have agreed to complete for a sprint. During sprint planning, the scrum master collaborates with the scrum team to decide which stories they can commit to delivering in the sprint. Typically, they commit to the top ranked stories first. The team decides what scrum tasks are necessary for each story. The product owner should be present to answer any questions.

Sprint Planning Board

Sprints

Team members work to complete stories in the current sprint backlog. Team progress is tracked during daily stand-up meetings in which members discuss the work completed the previous day, the planned work for the next day, and any blocking issues. The scrum master keeps the team members focused on completing the stories in the current sprint and tries to remove any impediments they face. At the end of the sprint, all the stories should be complete. Any incomplete stories are moved into an appropriate backlog. A review meeting at the end of the sprint, known as a retrospective, allows team members to discuss what went well and what did not, with the goal of improving future sprints.

Burndown Chart

Sprint Review and Retrospectives

At the end of the sprint, the scrum master and team members discuss the work completed and demonstrate new features.

Also at the end of the sprint, the scrum master and team members discuss the work completed and demonstrate the completed work to the product owner. In addition, the team reviews the sprint and discusses ways to improve the execution of future sprints.

Sprint planning

The next sprint begins with the team importing stories from the release backlog into the sprint backlog. The scrum master and team members select the stories that they can commit to deliver during a sprint.

Enhancements and Defects

Users with a special, non-scrum role can create enhancement and defects within the Agile Development application.

A scrum product owner reviews these requests and decides whether or not to create one or more user stories. Scrum users with the proper roles can edit and manage the stories and their backlogs from the Stories related list in the Enhancements form. A user without scrum roles who submits an enhancement request cannot see other Agile Development modules or the stories attached to the enhancement request.

Enhancement

Defect

More Information

Read more about Agile Development:

• Agile Development

According to the Identity Theft Resource Center, in 2016 (Oct 27, 2016) there were at least 809 major data breaches in the United States, resulting in over 29 million records exposed.

Data security is critical for any company with valuable information to protect, which means most companies today. Companies want to continue to innovate with software, but that software data absolutely need to be protected to be successful. A data breach mean negative consumer perception of the company and possible legal consequences as well.

This is not an easy task as these hacker adversaries are very sophisticated.  Some have tremendous funding (state-funded), and many are determined, relentless attackers.

You need software to organize your effort to counter-threat these intruders.  ServiceNow Security Operations connects the workflow and systems management capabilities of the ServiceNow platform with security data from leading vendors.  It gives your security team a single‑response platform for complete visibility, allowing them to respond to incidents and vulnerabilities more efficiently.

Here are some of the current offerings in the ServiceNow Security Operations suite:

Security Incident Response

Security Incident Response tracks the progress of security incidents from discovery and initial analysis, through containment, eradication, and recovery, and into the final post incident review, knowledge base article creation, and closure.

Activate

There are four related plugins for Security Incident response:

• Security Incident Response - This the main application.  Please note that activation on production may require a separate license.
• Security Incident Analytics - This plugs into Performance Analytics to provide a executive view to Security Incident activity.  Requires Performance Analytics.
• Security Incident Response Event Management support - This allows ServiceNow to automatically create Security Alerts and Security Incidents from ServiceNow Event Management. Require Event Management and event management licenses.
• Security Incident Response GRC support.  Hooks up to GRC to create Security Incidents. Requires GRC Licenses.
• ServiceNow Security Operations add-on for Splunk. When Splunk is integrated with the ServiceNow Security Operations applications, you can seamlessly create security incidents or events from Splunk events, alerts, and logs. After you have downloaded the ServiceNow Security Operations add-on for Splunk from Splunkbase, you are ready to use the integration to create the desired security records. Please note that activation on production may require a separate license.

How it works

1. Dashboards

You can monitor the security incidents on your system using security dashboards that display gauges and reports for incident handling. 

CISO Reporting Dashboard

Security Analyst Dashboard

The dashboards show the impacts of security incidents with treemaps and other types of charts that automatically update in real-time, based on incident categories such as counts, severities, and priorities. You can view operational trends, incident analytics, incidents that affect your business services, and P1 and P2 incidents logged within the previous 24 hours. Data in the charts is driven by ServiceNow Performance Analytics.

 You can also monitor affected CIs by viewing the BSM map.

Security Incident - BSM Map

2. Security

Only user with appropriate access can access the Security Incident Response app.  Even non-security administrators can be restricted from access, unless you expressly allow them entry.

3. Security Incident Creation

Security incidents can be created in the following ways.

• Security Application. New Security Incident Response (SIR) records can be created using the Create New module on the navigation bar.
• Event Management or Integrations. From events spawned internally or from external monitoring or vulnerability tracking systems
• Event Management. Manually from alerts or automatically via alert rules
• Incident Management. On the Incident form, click Create Security Incident to create a new security incident.
• Service Catalog. Creation of SIRs by selecting from categories of security threats defined in the security incident catalog.

Security Incident Catalog

Security Incident Catalog Item

4. Security Request Creation

You can use the Requests module to create requests for low impact security demands, such as changing a password or requesting a new badge. However, you can open a security incident when a breach occurs.

If you must escalate the request to a security incident, click Convert to Security Incident when in the Request

Security Request - Convert to Security Incident

5. Analysis

On the Security Incident form, view incidents, changes, problems, and tasks on the affected CI. The system can identify malware, viruses, and other areas of vulnerability by cross-referencing the National Institute of Standards and Technology (NIST) database, or other third-party detection software. As security incidents are resolved, any incident can be used to create a security knowledge base article for future reference.

6. Containment, Eradication, and Recovery

While monitoring and analyzing vulnerabilities, you can create and assign tasks to other departments. Use the BSM map to create tasks, problems, or changes for all affected systems, documents, activities, SMS messages, bridge calls, and so forth.

Like other ServiceNow Service Management applications, it can use a state-based and task-driven workflow to take a Security incident from Draft to Closed.  Like a lot of the Service Management applications, it uses a Configuration Page with sliders to adjust a lot of settings in the app.

Security Incident Form

Security Incident - Configuration

7. Post Incident Review

Significant incidents may need an incident resolution review, also called a post-incident review. This can take on several forms. For example, the incident manager can:

• Conduct a meeting to discuss the incident and gather responses.
• Write and distribute questions designed for each incident category or priority to those who worked on the incident, to review incident resolution.
• Write the report and gather information on their own.

An automated survey system for reviewing security incident resolution is available. It gathers the names of all users assigned to the security incident, and sends a survey to gather data about the handling of this incident. This data can then be made available in a generated security incident review report, which can be edited into a final draft.

Security Incident - Post Incident Review Screen 1

Security Incident - Post Incident Review Screen 2

Vulnerability Response

The National Vulnerability Database (NVD) and many other sources collect information about known vulnerabilities, such as weaknesses in software, operating systems that can be exploited by malware, and other attacks.

The ServiceNow Vulnerability Response application helps you in tracking, prioritizing, and resolving these vulnerabilities. This works by comparing known vulnerabilities against your own Configuration Items (CIs) with software (as identified in the Asset Management module).

ACTIVATE

There are three related plugins for Vulnerability Response response:

• Vulnerability Response - This the main application.  Please note that activation on production may require a separate license.
• Vulnerability Analytics - This plugs into Performance Analytics to provide a executive view to Vulnerability activity.  Requires Performance Analytics.
• Qualys Vulnerability Integration - allows vulnerability data, detected by the third-party Qualys scanner, to be downloaded to the Vulnerability Response application for tracking, prioritization, and resolution. Please note that activation on production may require a separate license.

HOW IT WORKS

1. Dashboards

You can monitor the vulnerabilities captured in ServiceNow using security that display gauges and reports for ticket handling.  This dashboard contains 14 reports in the base offering.

Vulnerability Response Overview

2. Data Import

With Vulnerability Response, you can compare vulnerability data to CIs and software identified in the Asset Management module. The vulnerability data can be imported from internal and external sources, such as the National Vulnerability Database. You can also use Common Weakness Enumeration (CWE) records downloaded from the CWE database for reference when deciding whether to escalate a vulnerability.

This reminds me of the ServiceNow GRC application, where it pulls Authority documents from the UCF database.  I think is a good concept, and liked how that worked in the GRC application previously.

You can update your system from the vulnerability databases on demand or by running user-configured scheduled jobs.

More information: NVD and CWE updates

Vulnerability Response - NVD Data Feeds

Vulnerability Response - NVD On Demand

Vulnerability Response NVD Entry Form

3. Identify vulnerable items

1. After data is downloaded from NIST NVD, they are compared against the software in your company's network as identified by the Software Asset discovery model.
2. When it matches vulnerable software or CIs in your network, a vulnerable item is created.
3. You use the information in the record to decide whether to escalate the vulnerable item for remediation.

Vulnerability Response NVD

Vulnerable Software Highlighted

4. Remediate vulnerabilities

This is abridged version of this process.  For full documentation read this.

1. Left Navigator Bar > Vulnerability > Vulnerabilities > All Vulnerabilities.
2. Click a vulnerability record (VUL) that is in the New state. 
3. Flip the State field to Analysis
4. Perform whatever tests or analysis you want on the vulnerabilities.
5. To escalate, Click the Create Change, Create Problem, or Create Security Incident button (if installed)
6. Close if not important for now
7. Repeat

Vulnerability Response Form

Vulnerable Item - Note all the buttons!

5. Scan for more Vulnerabilities 

You can also scan more more!  Please note that the vulnerable item that you want to scan must contain an affected CI or IP address.

1. Go to the Left Nav Bar > Vulnerability > Vulnerabilites > All Vulnerable Items.
2. Open vulnerable item
3. Click the Scan for Vulnerabilities related link.
4. A message appears with a link to the scan and the work notes are updated.

More Information

This application is very powerful and I just glanced over some of the features.  

For the full documentation check out the wiki:

• Vulnerability Response

Threat Intelligence

Find indicators of compromise and hunt low‑lying attacks and threats using ServiceNow. 

Example Structured Threat Information Expression Process (STIX)

Threat Intelligence is used to access and provide a point of reference for your company's Structured Threat Information Expression (STIX) data. STIX is a structured language for describing cyber threat information so it can be shared, stored, and analyzed in a consistent manner.

Using STIX data and Trusted Automated Exchange of Indicator Information (TAXII) profiles, threat professionals can use shared cyber threat information to isolate threats that have been previously identified by your company and from other sources. TAXII makes widespread automated exchange of cyber threat information possible.

ACTIVATE

There are one plugin for Threat Intelligence:

• Threat Intelligence - This the main application.  Please note that activation on production may require a separate license.

There are API Keys and Properties to set initially as well.  Read about that here.

HOW IT WORKS

1. Dashboards

The Threat Intelligence overview provides a number of useful reports, as well as Really Simple Syndication (RSS) and Atom format feeds of security-related news.

Threat Overview

2. Setup Threat Feeds

Threat Feed (with ServiceNow Elite Articles!)

The threat feeds feature allows you to define any RSS news feed or bulletins to be displayed in a scrolling feed. The format is configurable and you can specify the number of days before articles are removed.

This is a cool feature!  I am going to blog about this separately.  Stay tuned.

3. Threat Sources

You can maintain a list of Threat Intelligence threat sources. Each source includes the abilty to define how often a source is queried. You can also execute a threat source on demand to import the needed Structured Threat Information eXpression (STIX) data.

Threat Intelligence employs two technologies for importing threat-related information: STIX and Trusted Automated Exchange of Indicator Information (TAXII).

STIX Source

TAXII Profile

4. Attack Modes and Methods

Attack modes and methods, sometimes referred to as Tactics, Techniques, and Procedures (TTPs), are representations of how cyber adversaries behave. They characterize what these adversaries do and how they do it, in increasing levels of detail.

Attack modes and methods are imported with STIX data, but you can add more attack modes/methods as needed.

5. Threat Scanning

One of most interesting things of the Security Operations app is the threat scan functionality.

If you suspect that websites, files, or links to IP addresses you have received might contain malware or other threats, you can create a request to scan them. 

It starts with a connection to the Virus Total API.  All you need to do is get an API key from VirusTotal to try it out.

Scanning safe sites is boring.  So I googled "malicious websites".  Check those results!  Like a bad night on the town! 

Threat Scanning - Bad Site

Virus Total - Bad Site

You can also submit scans via other methods as well:

• Submit a threat scan request from a security incident
• Submit a threat scan request from the Security Incident Catalog
• Forward Emails to Scan

I thought this feature of ServiceNow was pretty cool.  Did enjoy the process of scanning and how it worked.

CONCLUSION

The Security Operations applications provided by ServiceNow are very exciting.  The NVD data import and scanning functionality was surprising to me, I didn't expect that.  I'll keep you posted as new tricks are found as well.

I've been using ServiceNow pre-Aspen, and I love seeing the progress over the years!  Breaking new ground with ServiceNow once again!

Finance departments are part of an organization that manages its money.  They are responsible for providing accurate and timely financial information, protecting company assets, and being compliant with tax laws.

However random work requests received through email, spreadsheets, and calendars; inefficient accrual processes; and the lack of tools to consolidate knowledge and policy can inhibit the finance department from successfully fulfilling its fiduciary responsibilities.

ServiceNow Finance Service Management helps your finance department manage work requests and improve service delivery. Here are just some of the areas that Finance Service Management can improve:

• Procurement
• Financial Reporting
• Questions, Disputes, and Requests
• Audit Reporting and Compliance
• Forecast and Budget Templates
• Contract Renewals, Terms Review, and Agreement Reviews
• Employee Expense Management
• Travel Support

BENEFITS

• provide visibility into work requests through dashboards. 
• manage work load with process, inproving resource utilization and performance
• save time by automating work assignments instead of manually assigning staff responsbilities
• improve communications with employees, partners, and vendors
• address cost control and utilization projections
• report on finance services by tracking and reporting on KPIs
• lower expenses by implementing automated and streamlined processes

PART OF SERVICE MANAGEMENT

ServiceNow Finance Service Management is part of the ServiceNow "Service Management" suite of applications.

Some of the products in this suite have similar functionality.  If you are an expert at Finance Service Management, you can usually learn the other similar apps very easily.  They all use configuration pages, state flows, and can incorporate service catalog items.  

Here are the applications in service management with similar underlying design:

• Field Service Management
• Facilities Service Management
• Legal Service Management
• Marketing Service Management
• Finance Service Management

FEATURES

ServiceNow Finance Service Management has different features available depending on activated plugins:

FINANCE CATALOG

The finance catalog is a collection of 33 different catalog items in 8 different categories you can add to your existing service catalog or self service site.  This a great way to get started building your own configured catalog.

Deliver an online, self‑service finance portal that provides 24x7 access to finance information and services, minimizes dependence on institutional knowledge, and decreases the number of redundant or repetitive requests

FINANCE SERVICE MANAGEMENT APPLICATION

After a finance request is submitted via the Finance Catalog, the Finance application in ServiceNow is used to fulfill those requests.

Finance Service Management uses state flows and workflow to automate the delivery process.  This speeds service fulfillment, creates repeatable processes, and ensures the correct agent is assigned to complete the request.

The Finance Service Management process (from the ServiceNow wiki)

1. Users submit finance requests through the service catalog.
2. Based on settings in the Finance Service Management Configuration, the request transitions through states based on actions performed through the request.
3. When the request has been fulfilled by the finance team, the request is closed.

Configuration Page

Visual Task Board

Dashboard

REPORTING

Evaluate finance resource utilization and the volume and types of service requests with easily customized reports and dashboards

ServiceNow includes 1 dashboard and 5 reports to get you started.  Dashboards and reports are easily created in ServiceNow to further tailor your finance efforts.

MORE INFORMATION

Here is an additional video on Service Management

HR Service Management helps your HR departments manage work requests and improve service delivery. ServiceNow has taken the manual email, phone, and in person HR processes of the past and converted them to a workflow and task-driven process.

BENEFITS

• provide visibility into work requests through dashboards
• manage work load with process, improving resource utilization and performance
• save time by automating work assignments instead of manually assigning staff responsibilities
• improve communications with employees, partners, and vendors
• address cost control and utilization projections
• report on HR services by tracking and reporting on KPIs
• lower expenses by implementing automated and streamlined processes

INSTALL

Plugin Activation

There are six (6) plugins available for install with HR Service Management:

• Human Resources Application: Core - Provides case and change management for HR. Activation of this plugin on production instances may require a separate license. There are seven applications installed after you install this plugin
  • HR Case Management - All HR Cases and HR Tasks
  • HR Administration - Configure the HR Catalog, Surveys, KB Articles, HR Data
  • HR Benefits - Benefits cases and benefit data captured
  • HR Employee Relations - Employee Relations Cases and Disciplinary Issues
  • HR Systems - HR Systems Cases, System Access, and Reports
  • HR Payroll - Payroll Cases, Payroll Data, and Bank Details
  • HR Employee Data Management - Employee Data Management Cases
• Human Resources Application: HR Connect - Imports the Connect plugin, and installs a default HR support queue, enabling HR specific Connect functionality.
• Human Resources Application: Performance Analytics - Provides Performance Analytics reports for HR. Activation of this plugin on production will require a PA Premium license. Contact ServiceNow for details.
• Human Resources Application: Reporting Overview - Human Resources Reporting Overview
• Human Resources Application: Service Portal - HR Service Portal
• Human Resources Application: Workday Integration - Provides automatic updates of HR application tables from a linked Workday instance. Activation of this plugin on production instances may require a separate license. 

To activate an HR Service Management Plugin.

1. Navigate to System Definition > Plugins.
2. Find and click the plugin "Human Resource Core"
3. If available, select the Load demo data check box.
4. Click Activate.

Please note if you are currently on an older version of HR Service Management, there is a separate upgrade process.

FEATURES AND APPLICATIONS

ServiceNow HR Service Management has different features available depending on activated plugins:

HR CATALOG

The HR catalog is a collection of 39 different catalog items in 13 different categories you can add to your existing service catalog or self service site.  This a great way to get started building your own configured HR catalog.

Deliver an online, self‑service HR portal that provides 24x7 access to hr information and services, minimizes dependence on institutional knowledge, and decreases the number of redundant or repetitive requests

You can add these catalog items to your existing Service Catalog, or use the separate HR Catalog.  Please note if you activate the Service Portal, the HR Catalog is hidden in Self Service.

ServiceNow also provides a nice HR catalog option for adjusting and adding new catalog items.  (Under Left Nav Bar > HR Administration > Manage HR Catalog)

HR Catalog

HR Catalog Item

HR Catalog Management

HR Service Portal

Use the Service Portal to create a delightful experience for your users. Service Portal provides an alternative user experience to the standard platform UI. It is easy to configure, customize, and extend, similar to what users are used to in other consumer products.

There is a separate HR Service Portal available if you install the plugin. Personally I don't like the idea of a separate Service Portal.  I would rather they use one combined portal, so that users don't need to know a separate url for HR and a different URL for IT.  

However all customers are different, and HR departments would like their own portal and ownership.  This especially true if they pay for the licenses for HR.

HR Service Portal - Home Page

HR Service Portal - Catalog

HR Service Portal - Knowledge Base

HR Service Portal - Open Case

HR CASE MANAGEMENT application

HR Case Management is where the work gets done!

HR Applications

After a HR request is submitted via the HR Catalog, an HR application in ServiceNow is used to fulfill those requests. HR Case Management in the general catch-all for all cases

HR cases hold the details of HR requests, such as requests for information, and HR processes, such as onboarding. Users can submit HR cases through the HR Service Portal, the HR Catalog, or manually with the new button.

Processes may vary depending on the employees they relate to, their teams, locations, positions, and other factors. For example, an onboarding process for a sales employee may differ from the onboarding process for an IT employee, and an employee who travels requires a laptop, but an employee based in the office is given a desktop. After a process is defined, the associated department can set up and maintain the rules and conditions for the process.

HR Service Management uses state flows and workflow to automate the delivery process.  This speeds service fulfillment, creates repeatable processes, and ensures the correct agent is assigned to complete the request.

The general HR Service Management process

1. Users submit HR cases through the service catalog.
2. Based on settings in the HR Service Management Configuration, the cases transitions through states based on actions performed through the request.
3. Some HR cases have approvals
4. When the case has been fulfilled by the HR team, the case is closed.

Example HR request

An employee named Alan wants to find out about the company's paternity leave policy. He also wants to discuss flexible working hours around the expected time of the birth of his child.

1. Alan submits an HR request asking about paternity leave policies and requesting a meeting to discuss flexible working hours.
2. An HR case is created and assigned to an HR agent, such as a specialist or generalist, based on assignment rules.
3. The HR agent processes the HR case, creating two HR tasks for this two-part request. Each task is assigned to the user who can process it.
4. When all the tasks are completed, the HR case is closed.

HR Case

HR Task (with sibiling tasks)

There are 19 reports and four (4) dashboards available as well.

Overview Dashboard

Manager Dashboard

HR Onboarding Dashboard

HR ADMINISTRATION APPLICATION

In the HR Administration application, you can configure the HR Applications.

Here are some of the items you can do in this app:

• Surveys - Configure the HR surveys like Satisfaction and exit surveys
• Knowledge - Add and publish KB Articles
• Organizations - Setup users, HR profiles, departments, locations, and positions
• Catalog and Templates - Manage templates and develop catalog items

HR Application view

HR Request Satisfaction Survey

Exit Survey Scorecard

Knowledge

HR BENEFITS APPLICATION

In the HR Benefits application, you can manage benefits cases and benefit information.

Here is the data you can manage in this app:

• Cases
• Beneficiaries
• Dental Benefits
• Medical Benefits
• Pharmacy Benefits
• Retirement Benefits
• Vision Benefits
• HR Benefit Providers
• Benefit Types
• Tuition Reimbursements

HR EMPLOYEE RELATIONS APPLICATION

Employee Relations Case

 In the HR Employee Relations application, you can manage employee relations cases and data.

Here is the data you can manage in this app:

• Cases
• Disciplinary Issues
• Disciplinary Issue Types
• Warning Types

HR SYSTEMS APPLICATION

HR System Access

 In the HR Systems application, you can manage HR Systems cases and data.

Here is the data you can manage in this app:

• Cases
• System Access
• Reports

HR PAYROLL APPLICATION

Payroll Record

The HR Payroll module contains a list of all open payroll cases. The module allows HR agents to add and modify payroll records, banking accounts, and direct data.

The following information is set up and maintained as part of the HR Payroll module. Employees can access HR payroll information, enroll in direct deposit, and submit HR payroll cases from the HR Service Portal. HR managers or administrators set up and modify the information.

• HR Payroll Case Management
• Employee Payroll Records
• Bank Details
• Bank Accounts
• Direct Deposits

HR EMPLOYEE DATA MANAGEMENT APPLICATION

The HR Employee Data Management application contains a list of all related cases.  Pretty straight forward there.

CONNECT SUPPORt

Connect Support is a real-time messaging tool that enables support agents to easily keep track of their support cases, quickly find solutions, and resolve problems quickly.

Connect Support builds on the messaging platform provided with Connect. For general information about the Connect interface, setup, and administration, see Connect. When Connect Support is enabled, users designated as support agents have access to the support tab of the Connect sidebar.

Features include:

• Administrators can create chat queues and enable users to access live support.
• Support agents can monitor the queues to provide instant support.
• Drag-and-drop sharing of links, files, and records.

REPORTING

Evaluate HR resource utilization and the volume and types of service requests with easily customized reports and dashboards

ServiceNow includes 4 dashboards and 19 reports to get you started.  Dashboards and reports are easily created in ServiceNow to further tailor your HR efforts.

MORE INFORMATION

Here is an additional video on HR Service Management

The Management, Instrumentation, and Discovery (MID) Server is a Java application that runs as a Windows service or UNIX daemon. The MID Server facilitates communication and movement of data between the ServiceNow platform and external applications, data sources, and services.

The "MID Server" isn't really a server, but a service that runs on a server.  If applications on your company network are not exposed to the internet, and you want ServiceNow to interface with them, a mid server is needed.

Most companies that use ServiceNow have at least one mid server configured.

MID Server Setup

HOW TO SETUP MID SERVER WITH INSTALLER

Multiple MID Servers on the Same Host Computer

MID Server Troubleshooting

Here are some of the common issues that prevent a mid server from working properly.

Troubleshooting Flowchart

SERVICENOW USER ACCOUNT ISSUE

If you are unable to complete the steps below, you may not have the ServiceNow user account correctly to run a MID Server.

1. Create a ServiceNow MID user record for the MID Server to use. This user record must have the mid_server role.  Also check that the user is active and not locked out.
2. Verify that the user name and password combination that is being used by the MID Server is correct. This can be accomplished by logging into the target ServiceNow instance with the same set of credentials.
3. Verify that the MID Server user has sufficient rights to the required tables. Log into the ServiceNow instance as the MID Server user. Check to see if you are able to navigate to the following tables and successfully read and create records: ecc_queue, sys_data_source.

Please note that changes on the roles of the MID Server user does not take effect for an active MID Server service until it is restarted. 

SERVER ACCOUNT ISSUE

You need a service account to run the service on the Midserver.

To configure/check your credentials: 

1. Open the Windows Services console.
2. Double-click the ServiceNow <MID Server name> service for each MID Server.
3. Select the Log On tab.
4. Set Log on as privileges with Domain User or Local Admin credentials.
5. In the General tab, set Startup type to Automatic.
6. Click OK.

SERVICE NOT STARTED

Start the MID Server Service on Windows

1. Log into the host machine as a privileged user.
2. Start the Services console (Start > Run > services.msc).
3. Right click on the service name (by default it starts with ServiceNow MID Server) and select Start from the context menu.

On Windows, a service is installed when the MID Server is started. In order for this service to be installed, typically a (domain) administrator account is required. Once the service is installed, it can run as a local user or a domain user. If there is an issue with starting the service and or having the service remain in a running state, check that the "run as" user has proper write access to the agent folder and its subfolders.

If not, contact your Windows administrator. Alternatively, deploying a new MID Server as an administrator with a fresh download on the installation files will typically resolve service issues.

Start the MID Server Service on Unix/Linux

1. Log into the host machine as a privileged user.
2. Change the directory to the path of the parent agent folder (/service-now/<mid server name>/agent).
3. Execute the shell script start.sh.

MID Server Upgrade Issue

When the MID Server service has correct access to an auto-upgrade and it detects a discrepancy between its reported version and the instance version, it will upgrade. 

During this time, the service may be running, but the MID Server is not very responsive. Do not interrupt the upgrade process of cource. Review the agent and wrapper logs for details.

Please note that auto-upgrades fail if the domain user does not have the ability to create services.

To troubleshoot upgrade errors that may occur, see MID Server Upgrades in the product documentation.

Network Issue

The MID Server connects to a ServiceNow instance via the SOAP web service (TCP port 443). Typically, opening a web browser on the host machine and navigating to the URL https://<instance name>.service-now.com should be successful. Additionally, from a command prompt, verify that the following commands are successful:

• ping <instancename>.service-now.com
• telnet <instancename>.service-now.com 443

If not, contact your network administrator and have them adjust the port 443 availability.

Instance Configuration Issue

These issues can occur if you have altered your ServiceNow configuration:

1. The MID Server uses SOAP Web Service with basic authorization to communicate with the instance.  Verify that System Properties > Web Services > "Require basic authorization for incoming SOAP requests" is checked
2. The following Scripted Web Services must be active: GetMIDInfo, InstanceInfo, MIDAssignedPackages, MIDFieldForFileProvider, MIDFileSyncSnapshot, MIDServerCheck, MIDServerFileProvider.  To view the list of available scripted web services, navigate to System Web Services > Scripted Web Services
3. The Public Page InstanceInfo is required to allow the MID Server to validate its version.  Verify that this page is active by navigating to sys_public.list
4. Verify that the MID Server user has sufficient rights to the required tables. Log into the ServiceNow instance as the MID Server user. Check to see if you are able to navigate to the following tables and successfully read and create records: ecc_queue, sys_data_source.

Download new themes for your ServiceNow Geneva or Helsinki instance.  This includes 20 new themes created by me.

Blimey

Blues

Camo (Forest)

Camo (Desert)

Camo (Urban)

Captain

Clean

Cincinnati

Contrast UI

Dark NOW

Elite

Fab Five

Federal

Glamour

Flamingo Nights

Halloween

Hulk

Ironman

Ne

Rose

Seahorse

Seville

Spring

Terminal

Thor

Vikings

Vintage

WerkPress

Williamsberg

Download themes: sne_sys_ui_themes_v2.zip

ServiceNow is soon releasing a new version of ServiceNow, codename Istanbul.  More amazing work by ServiceNow once again!

This article showcases just some of the new features to be excited about in this new release.

Authentication

LDAP One Time Password

 If the LDAP server is down, users who are trying to log in can receive a one-time password to access the instance. This is controlled by the glide.ldap.onetime.password.enabled property, which is enabled by default.

Application Edit Icon

The biggest improvement since allowing the Update Set Picker to be back in the header post Eureka.

The Application edit button was removed in Geneva, likely due to a conflict with Angular.

Good news everyone, the Application Edit button is back!  

This allows you to edit application and module menus in the Left Navigation bar, by a simple click of a button. No more going to Application Menus, finding your app and editing.

And they all rejoiced!

Edit Module Button

Automated Test Framework

Automated Test Framework is a new application in the Istanbul release.

With the Automated Test Framework, you create and run automated tests on your ServiceNow instance. When you upgrade or modify an instance, run these tests to confirm that the instance still works as designed.

You can create simple tests that mimic user actions with no scripting. Examples of test steps that do not require scripting include the following:

• Open a form
• Set field values
• Validate field values and attributes (such as read-only)
• Submit the form

With the server-side scripting test, you can perform more complex operations. Examples include the following:

• Perform unit tests using javascript, including tests using the Jasmine test framework.
• Test business rules, script includes, and other ServiceNow scripts.
• Create tests that operate on data that you define.

ATF: Adding a Test Step

ATF: Running Test

ATF: Client Test Runner

Application Portfolio Management

ServiceNow Application Portfolio Management is a new application in the Istanbul release.

Application Portfolio Management provides key capabilities to build an application inventory to understand how many applications are in your business organization and develop an application rationalization roadmap aligned to the enterprise goals. It helps you to get a better insight into applications by using real-time data from the platform through reports and dashboards. These capabilities help you make better business judgments.

APM Guided Setup

APM: Portal

APM: Application Roadmap

APM: Category Analysis

Assessments and Surveys

Survey widget

A survey can be taken from Service Portal.

Support for new question types

Emojis, multiple selection, and ranking question types are supported for surveys.

Survey Designer

Survey

Assessment

Benchmarks

Compare your ServiceNow instance to companies comparable to your own.  See how you compare to other companies around the word.

These benchmarks will be available on HI.  I think this will be very interesting to many customers.  You can opt-out if you don't want to participate as well.

Benchmark Charts

CHANGE MANAGEMENT

CAB Workbench

The CAB workbench enables a CAB manager to schedule, plan, and manage CAB meetings.

• Create CAB definition: The CAB manager can define a CAB based on which CAB meetings and their agendas are created.
  • Set CAB meeting schedule: The CAB manager can specify the schedule that the CAB meetings must follow. For example, every Tuesday at 10 am.
  • Create series of CAB meetings: The CAB manager can specify the time-period and frequency in which a series of CAB meetings are created.
  • Set CAB meeting agenda: The CAB manager can define filter conditions that determine which change requests are automatically associated to a CAB meeting occurrence.
  • Specify discussion time for each agenda item: The CAB manager can specify the discussion time that must be allotted to each change request.
  • Set CAB meeting board: The CAB manager can select the members of the CAB board.
  • Set CAB meeting delegates: The CAB manager can select delegates who can assume the role of CAB manager during the CAB meeting.
  • Notify CAB attendees: The host of the CAB meeting can notify CAB attendees in advance of their change request being discussed.
• Create individual CAB meetings: The CAB manager can create individual CAB meetings outside of a CAB definition. These individual meetings can either exist on their own or can be tied to a CAB definition.
• Ensure change requests are CAB approved: Normal and emergency change requests can now be marked for CAB approval via the CAB required check box on the Change Request form.
• Set CAB meeting delegate: Change requesters can now specify a delegate to attend the CAB meeting on their behalf via the CAB delegate field on the Change Request form.
• View CAB calendar: The change manager and change requester can view the CAB calendar and drill down into the specifics of CAB meetings.
• Approve or reject change requests: CAB managers can approve or reject change requests during the CAB meeting, which are then processed through the appropriate workflow.
• Record and view CAB meeting notes: The CAB manager can record meeting notes, which can be viewed later by CAB members and change requesters.

CAB Workbench: Meeting not started yet

CAB Workbench: Meeting in Progress

DASHBOARDS AND HOMEPAGES

Share Dashboards with anyone

Provide dashboards to any user in the ServiceNow platform and allow users with a role to share dashboards

END OF HOMEPAGES

Homepages are going away at some point.  The dropzone based pages will be replaced with responsive canvas. Responsive canvas is what you see in Performance analytics and other places.

Istanbul introduces the next iteration of the dropzone-free drag and drop responsive canvas.

Details on Responsive Canvas:

• Eventually (maybe in Jakarta), homepages will be converted and removed.
• Automatic upgrade from homepages
• Visible to the customer
• Not customizable by the customer
• Doesn't not require Performance Analytics
• Not available in Express yet

Configuration Management

CMDB Query BUILDER

The CMDB Query Builder allows you to easily build complex infrastructure and service queries that span multiple CMDB classes, and that involve many CIs that are connected by different relationships.

The CMDB Query Builder provides a canvas into which you drag the CI classes and other artifacts that you want to include in a query. Then you add relationships, AND/OR operators between the CI classes, and define the relationship properties to query for. You can use saved queries to populate a CMDB group with CIs, and then use scriptable APIs to retrieve the CI list and apply actions collectively to all the CIs in the group.

CMDB Query Builder

Customer Service Management

Portals

Customer Service Management for business-to-consumer companies

Extends support for business-to-consumer companies, including the core CSM capabilities. Adds case management for consumers and consumer products, a web-based service portal, performance and scalability improvements for high transaction volumes, and contextual knowledge search.

Consumer Service Portal

Support business-to-consumer companies with a web-based portal that provides consumer self-registration, product registration, knowledge search, and case creation.

Customer Service Portal

Consumer Service Portal

Assignment Workbench

The assignment workbench enables customer service managers to assign tasks to agents efficiently and intelligently. The workbench uses configurable criteria, such as skills and availability, to evaluate the agents in a selected group and provide an overall ranking. Managers can view these results and click one button to assign a task.

Case Assignment Workbench

Email Layouts Unsubscribe

Administrators can use email layouts to:

• Ensure all email notifications have a consistent layout such as always displaying a header, body, and footer.
• Display static content on all email notifications such as a company logo or a background.
• Declare inline styles available for use in the message body of an email template such as setting a text font, size, and color.
• Provide users with links to common response actions such as unsubscribe from a notification or manage notification preferences.

Email Layouts

Example Email Unsubscribe Link

EXPRESS

EXPRESS NON-PRODUCTION INSTANCES

Customers can now purchase a non-production Express instance through their account representative. After purchase, a non-production instance would be allocated.

Cloning details:

• New plugin (com.glide.express.ha) activated on prod and non-prod to allow cloning data to non-prod
• Cannot select tables to exclude on clone
• Cannot elect to preserve data on target.
• Cannot modify cleanup scripts.
• Email is disabled on non-production instance
• Scheduled jobs are cleared on non-production instance
• Will not clone large tables such as audit, attachments, and logs

EXPRESS CERTIFIED INTEGRATIONS

You can now build integrations in Enterprise and port them over for usage in Express via the ServiceNow store.

HR Service Management

For the ServiceNow Human Resources Service Management (HRSM) application, the Human Resources Scoped App: Core plugin is available for new instances starting with the Istanbul release.

HRSM now has four plugins

• Human Resources Scoped App: Core
• Human Resources Scoped App: Security
• Human Resources Scoped App: Service Portal
• Human Resources Scoped App: Workday Integration

ITSM Guided Setup

ITSM guided setup provides a sequence of tasks that help you configure IT Service Management (ITSM) applications on your ServiceNow instance.

You are guided through completing configuration activities that are organized in categories for common platform settings and ITSM applications. 

Istanbul improves the Guided Setup process and adds a few new features:

• Accept Best Practices - When available, this new option lets you accept the default configurations for an entire category or individual task, and mark the items as complete with a single click.
• Assign - You can now assign tasks to other administrators. You can choose to assign all tasks in a category to a single admin or assign individual ones to different admins. When a task is assigned, the admin receives an email if their user record contains an email address.
• Add note - You can now record comments regarding a task's configuration process for historical purposes.

ITSM Guided Setup

ITOM Guided Setup

A guided setup was added for the Mid Server and Discovery as well.

Related List Query Conditions

Related list conditions allow you to include a relationship with another table in a list filter. Related list conditions are supported only in List v3. You can optionally include conditions on the related table. 

Related List Query Conditions

Service Portal

Variable Width

You can configure default widths for variables. When you use a variable, you can override the default width of the variable by selecting a new width size from the list of options.

Shopping Cart

The shopping cart is now available in the Service Portal.

Shopping Cart

Wishlist

You can save partially configured catalog items to your wish list. You can review your wish list later to complete the ordering process.

Wishlist in the Header

Upgrade to Multiple Service Catalogs

• Upgrade to multiple service catalogs

TIME CARDS

Time sheets were added in Istanbul finally.

A time sheet groups all time cards for a user for the given week

Time cards in a time sheet can be added in the following ways:

• Manually by users by creating time cards for their assignments.
• By copying from previous week time sheets.
• By auto generate action that finds all active project task assignments for the user and generates time cards for them.
• By scheduling a recurring job that finds all active project task assignments for the user and generates time cards for them.

Time card approval

• Time card approvers can approve all the time cards in a timesheet submitted by a user by approving the time sheet.
• Time cards are also grouped by project. Project managers can approve time cards related to their projects alone.

HOW TO Upgrade?

Read the Istanbul Release Notes and Upgrade Instructions

ServiceNow recently acquired DxContinuum, a machine learning company to further boost their automation efforts.  This purchase takes ServiceNow into the Internet of Things (IoT) era.

Here are just some of the possibilities with this purchase.

Orchestration

ServiceNow Orchestration has been leading companies to automate work.  ServiceNow Orchestration is becoming more and more popular as it doesn't make mistakes, frees up people to do more important tasks, and doesn't take vacations.

DxContinuum may further allow ServiceNow to increase their automation efforts.

Connect ServiceNow to the WORLD

In October last year, I wrote about ServiceNow and IoT.  I have a lot of examples in that article in what is possible.  Maybe next year at Knowledge 18 all you will hear about is the IoT interfaces people have built. Really this company was a logical acquisition in terms of the potential of IoT.

Benchmarks

Also in the Istanbul release will soon feature Benchmarks.  ServiceNow has access to an incredible amount of customer data.  What if they started analyzing that data?  I don't know if this relates to the DxContinuum purchase, but is a possibility.

Compare your ServiceNow instance to companies comparable to your own.  See how you compare to other companies around the word. These benchmarks will be available on HI.  I think this will be very interesting to many customers.  You can opt-out if you don't want to participate as well.

Performance Analytics

Not to mention the push for more Performance Analytics in every ServiceNow application. Being able to connect machine learning to Performance Analytics trending data could bring about great innovations...and revelations.

One of the major issues with Performance Analytics is that it can be difficult to know what to do with all that data.  Sure, you have a dashboard. you can drill down...try to analyze ways to improve.

What if ServiceNow did that for you?  What if ServiceNow told you what to do instead you staying up at night to trying to figure it out?  Something like that could be one of ServiceNow's greatest achievements.

DxContinuum was founded by veterans from Oracle, HP, and Fair Issac (FICO).  I have worked at both HP and FICO in my career, so I can see how their backgrounds have helped them get to this point.  FICO is all about predictive analytics and their software thrives on large amounts data to make decisions.  

With DxContinuum, you could get insights to make some real predictive decisions.  This is the foundation of analytics software.

Salesforce

DxContinuum is focused on sales and has its own sales suite.  It is even available in the Salesforce App Exchange.

When is ServiceNow going to directly go after Salesforce?  Customer Service Management was the first step, as it takes on Salesforce Service Cloud.  This takes them one step closer.  

The ServiceNow GRC product contains three main applications:

1. Policy and Compliance Management
2. Risk Management
3. Audit Management

Benefits

The GRC-related applications allow your organization to:

• Manage issues to track remediation or issue exception
• Document and publish policies
• Download and import UCF content
• Utilize controls and mitigate risk
• Assess risk exposure
• Continuously monitor risks and controls
• Plan and conduct internal audits

New version

The new Helsinki version replaces the legacy GRC application and has an improved interface and new features.

From the wiki on ServiceNow GRC:

The legacy GRC (com.snc.governance) plugin has been deprecated. Instances upgraded from a previous release can continue using legacy GRC, but the plugin is not available for activation. 

Policy and Compliance Management

Policy and Compliance Management provides a centralized process for creating and managing policies, standards, and internal control procedures that are cross-mapped to external regulations and best practices. Additionally, the application provides structured workflows for the identification, assessment, and continuous monitoring of control activities.

ACTIVATE

There are four related plugins for Policy and Compliance Management:

• GRC: Policy and Compliance Management - provides a centralized process for creating and managing policies, standards, and internal control procedures that are cross-mapped to external regulations and best practices.  Additionally, the application provides structured workflows for the identification, assessment, and continuous monitoring of control activities.
• GRC: Performance Analytics Premium Integration - add-on that provides GRC: Policy and Compliance Management with the capability to download regulatory content and common controls from the Unified Compliance Framework (UCF).
• GRC: Compliance UCF - add-on that provides GRC: Policy and Compliance Management with the capability to download regulatory content and common controls from the Unified Compliance Framework (UCF).
• GRC: Workbench - gives GRC administrators a graphical interface to create profile and risk dependencies. These relationships enable consistent risk mapping and modeling across the enterprise.

HOW IT WORKS

1. Dependency modeling and mapping

Dependency modeling is one of the activities required in order to ensure that an organization establishes a uniform definition of risk across the enterprise. The dependency model defines what relationships are allowed between different types of areas in the organization. This enables more effective risk normalization and aggregation by allowing stakeholders to more effectively compare and contrast risk appetite and exposure at various levels of the enterprise.

2. Compliance

Reports and Dashboards

Seven reports included.  They also include three dashboards.

Compliance Overview

Policy Overview

Example Report

Control

Authority Documents

Authority documents define policies, risks, controls, audits, and other processes to ensure adherence to the authoritative content.

Each authority document is defined in a record and the related lists on that record contain the individual conditions of the authority document.

The relationships of these authority document related list items are visible in the GRC Workbench in the Policy and Compliance Management application.

Authority Document

Citations

Citations contain the provisions of the authority document, which can be interrelated. Citations break down an authority document into manageable themes.

You can create citations or import them from UCF authority documents and then create any necessary relationships between the citations.

Citation

3. Policies and procedures

Provides an executive view into compliance requirements, overall compliance, and compliance breakdowns so areas of concern can be identified quickly. 

4. GRC profile scoping

The Scoping module contains profiles and profile types for use in all GRC-related applications. They can be created for any record on any table.

5. Controls

Controls are specific implementations of a policy statement. Retired controls do not appear in the list.

Controls inherit the Type, Category, and Classification from the policy statement. Controls are generated from the profile types that are assigned to a policy statement.

6. GRC issues management

Issues can be created manually to document audit observations, remediations, or to accept any problems. They are automatically generated from indicator results, attestation results, or control test effectiveness.

An issue is created automatically when:

Issue

• Issue - An indicator fails
• Control issue - A control attestation is completed indicating that the control is Not implemented
• Control test issue - A control test is closed complete with the control effectiveness set to Ineffective
• Other issue - is created by the user manually

Remediating an issue marks an intention to fix the underlying issue causing the control failure or risk exposure. Accepting an issue marks an intention to create an exception for a known control failure or risk. Controls that are Accepted remain in a non-compliant state until the control is reassessed. In this way, the issue can be used to document observations during audits.

7. GRC continuous monitoring

Continuous monitoring involves activities related to identifying and creating key risk and controls indicators. Supporting information can be collected for those indicators through automatic data collection or manual tasks. Indicator results are then used to create issues for controls, update risk scores, and provide supporting information for audit activities and control testing.

This uses PA.

8. GRC PA Indicators

GRC PA Indicators link GRC content and items to Performance Analytics indicators, breakdowns and thresholds. You can associate Performance Analytics indicators with risk statements, risks, policy statements, and controls to view scorecards and trends and analyze current conditions and trends.

The risks and controls associated with a PA indicator or PA indicator/breakdown/element automatically monitor any PA threshold with the same PA indicator or PA indicator, breakdown, or element relationship. Any PA threshold breach is reported at the risk or control and Performance Analytics indicators relationship level within a breach counter.

This uses PA.

9. Policy and Compliance Administration

The Policy and Compliance Management application provides properties associated with article templates, attestation types, and UCF integration.

MORE INFORMATION

For the full documentation on this application, check out the wiki:

• Policy and Compliance Management

Risk Management

Risk Management provides a centralized process for Internal Audit teams to automate the complete audit lifecycle. Project driven audits allow auditors to quickly scope engagements, conduct fieldwork, collect control evidence, and track audit observations.

ACTIVATE

There are two related plugins for Policy and Compliance Management:

• GRC: Risk Management - centralized process to identify, assess, respond to, and continuously monitor Enterprise and IT risks that may negatively impact business operations.  The application also provides structured workflows for the management of risk assessments, risk indicators, and risk issues.
• GRC: Workbench - gives GRC administrators a graphical interface to create profile and risk dependencies. These relationships enable consistent risk mapping and modeling across the enterprise.

HOW IT WORKS

1. Risk Management process

The Risk Management application provides a centralized process to identify, assess, respond to, and continuously monitor Enterprise and IT risks that may negatively impact business operations. The application also provides structured workflows for the management of risk assessments, risk indicators, and risk issues.

The Risk Managementapplication follows a standard process:

1. Ensure that the settings for risk criteria and properties are correct based on the needs of your organization. Modify if necessary.
2. Create profile types to group common profiles with similar risks together for easier assessment.
3. Create risk statements to define a set of potential risks that could occur across the organization.
4. Assign risk statements to profile types, to generate risks from statements, or generate risks manually.
5. Determine the appropriate risk response (for example, Accept, Avoid, Mitigate, or Transfer), and document the justification for the response.
6. Assign and complete Remediation Tasks to ensure that risk mitigation efforts are implemented.
7. Utilize the Governance, Risk, and Compliance (GRC) application to track risk mitigation efforts by relating a risk to controls or policies which mitigate the risk.

2. Risk Overview

The Risk Overview is contained in the Risk Management application and provides an executive view, allowing risk managers to quickly identify areas of concern by pinpointing profiles with known high risk.

Risk

Risk Statement

3. GRC Workbench

The GRC Workbench gives GRC administrators a graphical interface to create profile and risk dependencies. These relationships enable consistent risk mapping and modeling across the enterprise.

GRC Workbench

4. Risk Library

The risk library contains all risk frameworks and risk statements. Risk frameworks are used to group risk statements into manageable categories, while risk statements group the individual risks.

5. GRC profile scoping

The Scoping module contains profiles and profile types for use in all GRC-related applications. They can be created for any record on any table.

The GRC: Profile plugin contains the Scoping module and is not visible to customers and requires activation of the Policy and Compliance Management plugin, the Risk Management plugin, or the Audit Management plugin.

Only one profile can exist for a record. That profile, however, can belong to many profile types. Profile types and profiles are used differently depending on the application:

• Risk managers use profile types and profiles to monitor risk exposure and perform risk assessments.
• Policy and compliance managers use profile types and profiles to create a system of internal controls and monitor compliance.

6. Risk Register

The risk register is the central repository for all potential risks that could occur at anytime, anywhere in the organization.

Risks are generated from risk frameworks, risk statements, and profiles, or they are created manually.

7. GRC issues management

Issues can be created manually to document audit observations, remediations, or to accept any problems. They are automatically generated from indicator results, attestation results, or control test effectiveness.

An issue is created automatically when:

• Issue - An indicator fails
• Control issue - A control attestation is completed indicating that the control is Not implemented
• Control test issue - A control test is closed complete with the control effectiveness set to Ineffective
• Other issue - is created by the user manually

Issue

Remediating an issue marks an intention to fix the underlying issue causing the control failure or risk exposure. Accepting an issue marks an intention to create an exception for a known control failure or risk. Controls that are Accepted remain in a non-compliant state until the control is reassessed. In this way, the issue can be used to document observations during audits.

8. GRC continuous monitoring

Continuous monitoring involves activities related to identifying and creating key risk and controls indicators. Supporting information can be collected for those indicators through automatic data collection or manual tasks. Indicator results are then used to create issues for controls, update risk scores, and provide supporting information for audit activities and control testing.

This uses PA.

9. GRC PA Indicators

GRC PA Indicators link GRC content and items to Performance Analytics indicators, breakdowns and thresholds. You can associate Performance Analytics indicators with risk statements, risks, policy statements, and controls to view scorecards and trends and analyze current conditions and trends.

The risks and controls associated with a PA indicator or PA indicator/breakdown/element automatically monitor any PA threshold with the same PA indicator or PA indicator, breakdown, or element relationship. Any PA threshold breach is reported at the risk or control and Performance Analytics indicators relationship level within a breach counter.

This uses PA.

10. Risk Management Administration

The Risk Management application provides properties associated with significance, likelihood, and application.

MORE INFORMATION

For the full documentation on this application, check out the wiki:

• Risk Management

Audit Management

Audit Management provides a centralized process for Internal Audit teams to automate the complete audit lifecycle.  Project driven audits allow auditors to quickly scope engagements, conduct fieldwork, collect control evidence, and track audit observations.

ACTIVATE

There are two related plugins for Policy and Compliance Management:

• GRC: Audit Management - provides a centralized process for Internal Audit teams to automate the complete audit lifecycle.  Project driven audits allow auditors to quickly scope engagements, conduct fieldwork, collect control evidence, and track audit observations.
• GRC: Workbench - gives GRC administrators a graphical interface to create profile and risk dependencies. These relationships enable consistent risk mapping and modeling across the enterprise.

HOW IT WORKS

1. Engagement Overview

The Engagement Overview is contained in the Audit Management application and provides an executive view into audit results, engagement breakdowns by task, and allows areas of concern to be identified quickly.

The Engagement Overview module displays audit information that is tailored to the role of the user.

Engagement Overview

2. Engagement Workbench

The Engagement Workbench provides a timeline view from which you can select an audit engagement to view details or create a new engagement.

Engagement Workbench

3. Engagements

The audit engagement process involves creating, planning, scoping, and conducting engagements as well as reporting on engagement findings.

Engagement

4. GRC profile scoping

The Scoping module contains profiles and profile types for use in all GRC-related applications. They can be created for any record on any table.

The GRC: Profile plugin contains the Scoping module and is not visible to customers and requires activation of the Policy and Compliance Management plugin, the Risk Management plugin, or the Audit Management plugin.

Only one profile can exist for a record. That profile, however, can belong to many profile types. Profile types and profiles are used differently depending on the application:

• Risk managers use profile types and profiles to monitor risk exposure and perform risk assessments.
• Policy and compliance managers use profile types and profiles to create a system of internal controls and monitor compliance.

5. Audit tasks

Audit tasks are completed throughout an engagement and provide documented evidence that the organization is complying with external regulations and internal policies.

When audit tasks are created or reassigned, a notification is sent to the assigned user. A notification is also sent when the task reaches 75% of its planned duration.

6. Audit testing

An audit engagement may include control testing activities during which controls are evaluated for design and operational effectiveness.

7. GRC continuous monitoring

Continuous monitoring involves activities related to identifying and creating key risk and controls indicators. Supporting information can be collected for those indicators through automatic data collection or manual tasks. Indicator results are then used to create issues for controls, update risk scores, and provide supporting information for audit activities and control testing.

This uses PA.

8. GRC issues management

Issues can be created manually to document audit observations, remediations, or to accept any problems. They are automatically generated from indicator results, attestation results, or control test effectiveness.

An issue is created automatically when:

• Issue - An indicator fails
• Control issue - A control attestation is completed indicating that the control is Not implemented
• Control test issue - A control test is closed complete with the control effectiveness set to Ineffective
• Other issue - is created by the user manually

Issue

9. Audit Management Administration

The Audit Management application provides properties associated with significance, likelihood, and application.

MORE INFORMATION

For the full documentation on this application, check out the wiki:

• Audit Management