What is the ServiceNow business resiliency (business continuity and/or disaster recovery
plan)?
ServiceNow has a formally documented Information System Contingency Plan (ISCP)
which describes the recovery resources, procedures, and priorities necessary to provide
seamless customer access in the event a disaster takes place that impacts customer
data at the data center(s). The ISCP is dependent on ServiceNow's Advanced High
Availability (AHA) data center architecture which provides replication and
redundancy. ServiceNow's data centers are arranged in pairs. All customer production
data is stored in both data centers in a pair and kept in sync using asynchronous
database replication. Subproduction instances are only located in a single data center
and are not replicated between data centers. Both data centers in a pair are active at
all times and have identical processing capabilities; each data center has the ability to
support the combined production load of the pair. Each data center has multiple ISPs
coming into every data center cage, redundant network paths throughout the
network, redundant disks in RAID arrays, redundant power suppliers, and many other
hardware and configurations designed to remove single points of failure from the
architecture. In the event of a disaster, ServiceNow activates a failover process that
transfers customer operations to the alternate data center in the pair. From this
perspective, ServiceNow is providing customers with business continuity as opposed to
disaster recovery.
The ISCP is tested annually to validate and improve the ISCP. Additionally, the failover
process is informally tested on a daily basis as ServiceNow uses failover to reduce the
impact of maintenance on its service. ServiceNow's ISCP controls are validated on an
annual basis during its ISO 27001 assessment.
ServiceNow's ISCP is reviewed at least annually by senior management and is available
electronically to all employees. The ISCP is replicated between both data centers in the
pair. Key ServiceNow personnel have been trained in their emergency response and
recovery roles. The executive sponsor of the ISCP is the Chief Product Officer.
The ISCP is based on National Institute of Standards and Technology (NIST) Special
Publication 800-34 ""Contingency Planning Guide for Information Technology (IT)
Systems"" which provides instructions, recommendations, and considerations for
government IT contingency planning.
At this time, we do not have a remedy for dual data center loss, but have geographic
diversity between data center pairs to reduce that risk.
Please refer to the ISCP here:
https://community.servicenow.com/community?id=community_article&sys_id=aa4c22
a1dbd0dbc01dcaf3231f9619a2