UP3 Services Ltd

ServiceNow Licences

ServiceNow offers a portfolio of robust cloud-based applications that automate and manage enterprise services. Our applications have the advantage of being built on a single service automation platform with one user interface, one code base, and one data model, delivering easy, automated upgrades.

Features

• Digital workflows for IT, employees and customers
• Ability to build your own applications on the platform
• Native platform intelligence - predict, prioritize and proactively manage work
• Access from anywhere - mobile applications
• Collaboration - agent workspace/chat/visual taskboards
• Easy to use GUI with drag-and-drop graphical workflow
• Granular access control and certified multi-layered security
• Integration hub - multiple out-of-the-box integrations
• Real-time reporting, dashboards and analytics
• Automation of business process across the enterprise

Benefits

• One security model
• One API
• One web service interface
• One data-store, one data-model and therefore one system of record
• One job scheduler
• One development approach
• One technology
• One architecture

£81.00 a licence a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at matthew.shears@up3.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

875453009712936

Contact

Matthew Shears
0203 432 1432
matthew.shears@up3.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Constraints might include planned maintenance arrangements or support being limited to specific hardware configurations.
• System requirements: Modern browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Turnaround time is customer-specific and based on the priority of the incident. Please see the Customer Support Addendum for information on response times.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Our web chat interface is designed with accessibility in mind, incorporating features such as keyboard navigation, screen reader compatibility, and high contrast options. Additionally, we strive to maintain compatibility with a wide range of assistive technologies to ensure that users with disabilities can effectively engage with our support representatives.
• Onsite support: Yes, at extra cost
• Support levels: This varies based on the impact package. See the pricing and packaging presentation on the link below.; Product details - https://partnersuccess.servicenow.com/products/impact.html
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: UP3 is able to provide access to ServiceNow accredited training courses.; ; Our implementation services also include training to ensure that customers have the understanding and knowledge to use their specific instance of ServiceNow.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: The process for the return of data follows: 1) ServiceNow exports the entire database in a MySQL format. 2) ServiceNow provides the customer a set of instructions on how to import the data on the customer's side. 3) The customer can FTP the files from ServiceNow to their site. Customers are permitted to store data hosted within ServiceNow for the duration of their service subscription with ServiceNow. Under this model, the customer can purge or retain data according to their own retention policy. ServiceNow retains customer data for up to 45 days from the end of a contract. Within the 45 days, the customer can request their data to be sent to them in a standard database export format. After 45 days, all data from the customer instances is removed from ServiceNow servers
• End-of-contract process: On termination of an Order Form or expiration of a Subscription Term, Customer will stop accessing and using the Subscription Service and all related rights granted to Customer in this Agreement terminate. At any time during the applicable Subscription Term, Customer may export Customer Data using the functionality of the Subscription Service. After termination of an Order Form or expiration of a Subscription Term, ServiceNow may delete all Customer Data unless legally prohibited. ServiceNow will, within 30 days after the effective date of Customer’s termination for ServiceNow’s uncured breach, refund to Customer any prepaid fees received by ServiceNow covering the remainder of the Subscription Term for the affected Subscription Service. Within 30 days after the effective date of ServiceNow’s termination for Customer’s breach, Customer will pay all remaining amounts, if any, payable under this Agreement for the Subscription Term applicable to the terminated Order Form, regardless of the due dates in the Order Form.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The ServiceNow mobile experience is similar to the desktop experience which allows users to perform the same functions as they would from the desktop. The mobile experience does not however provide a mechanism to perform administration of the ServiceNow platform.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Customers' access is provided via the web portal, this includes the management interface for the instance. The ServiceNow platform is based on service-oriented architecture (SOA), in which all data objects can use web services to access bi-directional data-level integration. The interface is also direct and dynamic because all modifications to existing objects and all new objects are automatically published as a Direct Web Service. A more indirect web service creation and usage can be achieved through Mapped Web Service where a transform map is used to gather incoming web service data into the final targeted tables.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: ServiceNow has a User Experience (UX) team that has based much of their analysis on customer feedback and best practices. To help ensure usability, ServiceNow has asked customers to perform external audits, and ServiceNow staff have personally gone onsite to view some customers' operations. The ServiceNow UX team conducted eight separate site visits in the past year to watch how customers use the ServiceNow system and incorporated this information into work requests and SCRUM stories. One recent trip included a visit to an accessibility lab at a public educational institution. Our development team worked specifically with a blind user to help accessibility design
• API: Yes
• What users can and can't do using the API: Inbound web services, such as the REST API, allow you to interact with ServiceNow instance data using web service requests. ServiceNow outbound REST functionality allows you to retrieve, create, update, or delete data on a web services server that supports the REST architecture. ServiceNow integrates with many third-party applications and data sources. A variety of techniques can be used, most notably Web Services, JDBC, LDAP, Excel, CSV, and Email, as well as any industry-standard technologies that use REST, SOAP or WSDL. With the correct permissions users can use these API's to bring data in and out of ServiceNow. Users who create these tend to be power users or Admin users.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users with the appropriate roles can configure various aspects of lists or forms. Configuration changes apply to all users.; With list configuration, you can add, remove, and reorder list columns. You can configure calculations to appear under columns. You can also hide controls and define access conditions by role for existing list controls. Users can also personalise lists which will not effect what other see.; Users can create their own reports and dashboards also with the correct permissions.; Forms can be configured as well, this includes the ability to configure a form to show or hide fields from a view. You can even create new fields on the table that is associated with the form, and put business rules, UI policies around them as well as define the data dictionary for the fields. With a runtime license you also have the ability to create new business applications in ServiceNow

Scaling

• Independence of resources: ServiceNow’s data centers and cloud-based infrastructure have been designed to be highly available. All servers and network devices have redundant components and multiple network paths to avoid single points; of failure.; Each customer application instance is supported by a multi-homed network configuration with multiple connections to the Internet. Production application servers are load balanced within each data center. Production database servers are replicated in near-real time to a peer data center within the same geographic region.; ; Through ServiceNow’s unique, multi-instance architecture, Advanced High Availability meets and exceeds stringent requirements surrounding data sovereignty, availability and performance.

Analytics

• Service usage metrics: Yes
• Metrics types: Users can configure SLA reports to consolidate data by any field or combination on the platform. ServiceNow offers a range of predefined reports that pertain to applications and features like incident management and service catalog requests. Reports can be scheduled for email delivery at specific times of the day, internally and externally. Any report can be made into a gauge that can be added to a ServiceNow homepage. There are nearly 200 customizable reports providing the most robust native reporting tool available in any service management application. Administrators and business users can create new reports at any time.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: ServiceNow

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: ServiceNow can provide two types of encryption for data at rest upon customer request.; -Column encryption of customer added fields and attachments: Provides data encryption using AES128/256 or 3DES symmetric key encryption. Customer provides the keys for this encryption. Data stored in these fields cannot be searched or reported on.; ; -Full disk encryption: Provided via self-encrypting hard drives with AES256 bit encryption. This encryption capability is only available by purchasing dedicated ServiceNow hardware at additional cost. This delivers “at-rest” protection only and is focused solely on preventing data exposure through the loss or theft of hard disks holding customer data.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: -Export individual records via PDF or XML directly from a form.; -Export multiple records via CSV, Excel, PDF or XML directly from a list.; -Automatically export multiple records from a table on a set schedule. -Create a scheduled job to regularly export data as a report.; -Export multiple records from a table using CSV, Excel, PDF or XML. specifying the table form or list you want to export in the URL.; -Web services/SOAP: Export multiple records from a table when an external client makes a web services request.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • .xlxs
  • XML
  • JSON
  • PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • .xlxs
  • XML
  • Via REST / SOAP

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: Other
• Other protection within supplier network: ServiceNow’s private cloud is a highly standardized environment from the identically configured cages in the data centers through to the consistent logical infrastructure. This private cloud is home to just ServiceNow, limiting the private cloud’s footprint to only those technologies required to support this service. This allows for highly restricted networking rule sets regarding ingress and egress requirements and facilitates the ability for hardened systems, only allowing for the small number of necessary services, protocols and ports to be enabled.

Availability and resilience

• Guaranteed availability: ServiceNow provides 99.8% availability (calculated monthly) for production instances. This design includes redundancy and fault tolerance of the entire ServiceNow application and platform stack, including electrical, cooling, network, security, and server infrastructure. Over the last 3 years (2014-2016), we have averaged 99.995% availability and have not fallen below 99.8% (contract SLA) in any quarter. In 2016 we averaged 99.996% and did not fall below 99.8% in any quarter.
• Approach to resilience: ServiceNow’s data centers are arranged in pairs. All customer production data is stored in both data centers and kept in sync using asynchronous database replication. Both data centers are active at all times, each with the ability to support the combined production load of the pair. A production instance from one customer may be operating out of one data center in the pair and a production instance of another customer from the other.; More details available on request; ServiceNow maintains continuous, asynchronous replication from the database in the current primary data center (read-write) to the secondary data center (read-only). To transfer a customer instance from a primary data center to a secondary, ServiceNow designates the secondary to be the primary and the primary to be the secondary if it still exists.; ServiceNow’s data centers and cloud-based infrastructure have been designed to be highly available. All servers and network devices have redundant components and multiple diverse network paths to avoid single points of failure.
• Outage reporting: ServiceNow have a customer portal where all requests, changes and incidents can be logged. Customers also now have complete transparency into the real availability of their production and non-production instances. Users can view the impact severity of issues and even drill into incident records to view details for problems. It is this level of transparency that further sets ServiceNow apart.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: By User Access control lists and Groups and user roles; All ServiceNow staff are placed into Groups and have a user role, these groups and roles have access rights attached to them. Any personal that try to access an interface will have their group membership and user role checked and if they do not belong to the user role and group that is required to access that particular interface then access will be denied
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Schellman & Company, LLC
• ISO/IEC 27001 accreditation date: 26/01/2015
• What the ISO/IEC 27001 doesn’t cover: -
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO 27001
  • ISO 27018
  • ISO 27017
  • SSAE 18 SOC 1 Type 2
  • SSAE 18 SOC 2 Type 2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO27001; • SSAE 18 SOC 1 Type 1; • SSAE 18 SOC 1 Type 2; • SSAE 18 SOC 2 Type 1; • SSAE 18 SOC 2 Type 2; • BSI Cloud Computing Compliance Controls Catalogue (C5) Standard; • APEC Privacy Recognition for Processors (PRP); • FedRAMP JAB High P-ATO (for US government entities); • DoD Impact Level 4 Authorisation (for US DoD/IC entities); • Multi-Tier Cloud Security Standard for Singapore (MTCS) Level 3; • ASD IRAP assessed for OFFICIAL and PROTECTED cloud services; • Government of Canada GC Cloud Provider; • SOC 2 + HITRUST Report; • Cyber Essentials Plus Certification; • More details available on request

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: ServiceNow has a formally documented change management process that uses an internal ServiceNow instance to track change requests and approvals. All changes to production environments must go through the change management process. Change requests must include the change procedure, risk, and back out plans. Change requests are reviewed and approved by the Change Advisory Board (CAB). All assets are tagged and tracked though the ServiceNow CMDB.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: ServiceNow's Infrastructure stack is customized at each layer to specifically support the only application residing in the ServiceNow cloud. With the small footprint and limited ports/services enabled, many system and patches published do not apply to the private cloud's systems. ServiceNow follows an approach to determine if the patch is to be deployed. When confirmed that a patch needs be deployed, this then follows the Change process the testing process as well as the timeline for deployment. ServiceNow leverages the Advanced-High-Availability architecture to transfer customers' production instances to the other datacenter. Remediation timeframes are subject to ServiceNow's Vulnerability Management SOP.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: ServiceNow has an implementation of Sourefire for IDS and Splunk for SIEM. The IDS system monitors inbound traffic in the DMZ. Splunk does log collection on network devices, IDS and servers used to support customer information. These systems are monitored with both proactive alerting and regular log files reviews. Events are responded to within 24 hours.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: ServiceNow's documented Security Incident Response policy, process and workflow aligns with NIST 800-61. ServiceNow Incident Response process includes event discovery, triage, escalation, notification (including customer notification) remediation, and post-mortem review.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  ServiceNow is committed to reducing its impact on the environment. We have implemented many sustainable practices at our offices, in our data centers, and in our supply chain.; Our data center colocation providers have pursued sustainability certifications on behalf of their customers, including ServiceNow. For example, the data center in Sydney is LEED certified, and the ones in the Netherlands and the UK are certified to ISO 50001 (energy efficiency) and ISO 14001 (environmental management) standards.

  Covid-19 recovery

  Covid-19 recovery; ; "As an organization ServiceNow addresses the risks and concerns of a pandemic outbreak, such as Covid-19, in a number of ways. These include:; 1. Remote working - Allowing staff to work remotely without having to go into an office whilst providing capabilities for personnel to effectively perform their roles.; 2. Data centers - Redundant and geographic diversity of data centers means potential disruption or loss of a single data center in a region due to pandemic scenarios is mitigated. Data centers are also 'light-out' facilities with no permanent need for onsite presence by ServiceNow employees, even those directly involved in the maintenance of data center fabric.; 3. Follow-the-sun support - Support resources can be provided from any of ServiceNow global support locations.; 4. Replacement hardware and supplies - ServiceNow is well prepared for pandemics or similar crises. As a matter of general practice, ServiceNow pre-purchases relevant replacement hardware, consumables, and supplies to support is data center locations.; 5. Over capacity - ServiceNow operates all its data center locations with a significant capacity margin to ensure that small changes in the availability of components will not have any impact on the ability to serve customers.

  Tackling economic inequality

  We’re continuing our commitment to support our employees, partners,; and communities. We empower employees through a strong company; culture, an even stronger focus on an inclusive employee experience, and; new opportunities to make a difference in their communities. We work; to increase supplier diversity by generating more opportunities for small,; minority-owned and women-owned businesses. And we support our; communities through employee donations and volunteering, cash and; in-kind donations, and programs such as our NextGen Professionals digital; skills initiative and our US Racial Equity Fund.

  Equal opportunity

  ServiceNow has implemented the Equal Opportunity Employment Policy. It is the policy of ServiceNow to base all employment decisions on the principles of equal employment opportunity and to take affirmative action in the employment of women, minorities, individuals with disabilities, and veterans. In particular, it is company policy:; • To recruit, hire, promote, reassign, and train qualified persons without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, gender identity, or veteran status; • To undertake, through affirmative efforts, to improve employment opportunities for minorities, women, people with disabilities and veterans; • To administer personnel actions such as compensation, benefits, transfers, layoff, return from layoffs, company-sponsored training, education, social and recreational programs without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin; • To provide reasonable accommodation where feasible, and otherwise treat equally, qualified individuals with disabilities

  Wellbeing

  ServiceNow has implemented a confidential Employee Assistance Program by which employees can access support services relating to a wide range of personal well-being issues.; The ServiceNow Work Place Services department ensures all employees have a safe working palace and adheres to relevant safety standards. This includes ergonomic, environmental, safety, security and others polices such as whistle blower and compliant policy.

Pricing

• Price: £81.00 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at matthew.shears@up3.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.