• Version: 11.0.1: Operational Risk Management dashboard View the complete risk posture for the enterprise in a single consolidated report. The enhanced dashboard brings information from various modules including issues, indicators, and control testing. The dashboard has key metrics which help in analyzing and tracking the performance of these measures over a period.
• Version: 11.0.1: Enable or disable risk response workflow: Decide if you want to enable the risk response workflow in your risk assessment. By default, the risk response workflow is enabled.
• Version: 11.0.1: Copy factors and risk assessment methodologies: Modify your risk assessment methodology and factors by creating a copy of the record. The option to copy allows the system to create a true copy of the underlying record including all the related lists. This action saves the time of risk administrators as they do not have to create the records from the beginning each time.
• Version: 11.0.1: Retire a risk assessment methodology: Retire the legacy risk assessment methodologies that are no longer active. This enables easier management of risk assessment methodologies.
• Version: 11.0.1: Schedule risk assessments: Automatically initiate risk assessments by using the risk assessment scheduler. Select the entities, define the assessors, and define the frequency. This is useful and time efficient for the risk managers who do not have to manually initiate assessments.
• Version: 11.0.1: Cancel or recall a risk assessment: Recall a risk assessment if there's any change or the risks no longer must be assessed. After a risk assessment is recalled, the risk assessors are notified and the tasks no longer appear in the assessors queue.
• Version: 11.0.1: Create ad hoc risks and controls during assessment: Create risks and controls during risk assessment. This flexibility is useful for the risk administrators when they configure the risk assessment methodology. This is also useful for the customers as they have greater control on their assessments.
• Version: 11.0.1: Assess risk assessments with the business user role: Allow any user with the sn_grc.business_user role to assess and approve risk assessments. This simplifies the task of a risk administrator who does not have to assign roles to each user who wants to perform a risk assessment.
• Version: 11.0.1: Assess risks at any level of the risk statement hierarchy: ​ Associate entities and entity types, along with indicator templates, at any level of the risk statement hierarchy. This is useful for risk managers while assessing risks as they can perform risk assessments for the top-level risks.
• Version: 11.0.1: Manage risks linked to the same risk statement and entity​: Create and associate multiple risks to the same risk statement and entity combination. This feature benefits the risk managers and the entity owners. The risk managers can define the risk taxonomy according to their requirements. The entity owners can also identify risks for their entity and link them to the enterprise risk taxonomy thus ensuring orphan risks are not created.
• Version: 11.0.1: Use control guidance for individual assessment of controls: Use the control guidance when assessing controls to get assistance on how to respond to a factor.
• Version: 11.0.1: Integrate advanced risk assessments with risks, controls, and entities: Minimize complexity for the customers so that they do not have to keep track of the legacy risk assessment method and the advanced risk assessments. Enable the Migrate to Advanced Risk Assessments property to eliminate the legacy views on the risk form. This new property enables a new section called Assessment Summary where users can view the risk scores and the risk response for the primary risk assessment methodology.
• Version: 11.0.1: Track assessment due dates with notifications and reminders: As a risk administrator, specify how many days before a risk assessment is due an email must be sent to the assessors. The risk administrators can also specify how many days after the assessment is overdue must the assessors be notified. The date is also displayed on the risk assessment form with a red color code that draws immediate attention to the delay and is useful for tracking.

Version 10.0: After upgrades and deployments of new applications or integrations, run quick start tests to verify that Risk Management still works. If you customized Risk Management, copy the quick start tests and configure them for your customizations.

Version 9.0: Automate the process of adding approvers, issues, and owners to a risk event using the risk event response templates. The template reduces the need for human intervention in handling risk events each time a risk event is created. The template also automatically defines the life cycle of the risk event and how users respond to it.

Version 9.0: Use the Basel categorization specifically for banking and financial domains. Enabling Basel categorization helps you comply with the Basel regulations for mandatory sharing of Basel reports with external regulators. As a business user, you can choose to enable or disable the display of the Basel dashboard.

Version 9.0: View comprehensive data for risk events and risk hierarchy using the ServiceNow®Performance Analytics dashboard. By default, data for the previous six months is visible to users with the sn_risk.managers role. To view data for any time period other than the previous six months, you must purchase and install the Performance Analytics Premium plugin (com.snc.pa.premium).

Version 9.0: Integrate any ServiceNow® application with risk events to simplify reporting and recording of risk events across your organization.

Version 9.0: Enable the Operational Risk data Exchange (ORX) integration property for banking customers. ORX is an industry consortium primarily used in the financial sector for sharing loss events with other financial organizations. ​The loss event information that's shared between organizations serves as an external market alert for users to understand the risks in the market.

Version 9.0: Specify the expected ALE and maximum acceptable ALE values in the manage aggregated risk report. This information enables viewing of the risk tolerance status in the aggregated risk report. Compare the performance of an entity for a risk statement against the defined threshold.

• Viewing My Risk Events--Version 9.0: Report risk events and quickly view the events that you've reported in the ServiceNow® Service Portal under My Risk Events.
• Addition of cause and consequence library for risk events--Version 9.0: Add causes and consequences of risk events in the cause and consequence library. This centralized library contains the possible causes and consequences that can lead to a risk event. This information helps in the risk analysis, risk prediction, and prevention of risks.
• Ability to select currency while reporting risk events--Version 9.0: Select the currency when you report risk events.
• Relate risks events to risk and relate risk statements to risks--Version 9.0: Relate risk events to risks and relate a risk statement to a risk. Establishing this relationship is important for all organizations that use the ServiceNow® Risk Management application. Establishing this relationship provides data for future risk assessment and is also useful for accurate reporting and prevents the creation of orphan risks.
• Rapid recovery classification--Version 9.0: Recovery is defined as a recovery of loss incurred from a risk event. Rapid recovery refers to the recovery that's generally made in five days. You can modify the default number of days rapid recovery classification.
• Automatic classification of near miss events--Version 9.0: Automatically classify a near-miss event. Based on preconfigured business rules, the system automatically flags a risk event as a "Near Miss." You can also specify the reason for the near miss.
• Gain event classification--Version 9.0: Track risk events that don't lead to losses but to actual gains. A risk event result can also result in a financial gain for your organization. Track such events to understand which controls are effective, or which risk becomes an opportunity.

Use the AWA operations dashboard to get real-time visibility into key metrics so that your agents can effectively support customer needs. This dashboard shows real-time information about agent presence states, total agent capacity, and the number of work items that are in the agent queues. This dashboard allows queue managers, customer service team managers, and channel owners to monitor queues, assignment groups, and service channels.

Assign work items to the agent who is best suited to fulfill the request by configuring Agent Affinity. Agent Affinity assigns work items that are based on an agent's history with a customer, whether an agent has fulfilled past assignments for a similar task, and if the agent's account team has fulfilled past assignments.

Monitor agents during live chats between agents and requesters. Supervisors can also join the chat and enter messages that can be viewed by the agent and requester.

Configure queue routing rules that use context variables in a condition builder. If you're using Virtual Agent, you can also specify the context variable to be used for topic intent discovery.

Define work item sizing for a service channel. The assignment algorithm uses work item sizing to determine if an agent has the capacity to handle the assignment.

• Build a custom landing page

  Create your own landing page for Agent Workspace by using Now components. Now components include lists, containers, and Performance Analytics and Reporting data visualizations. Add the components that you want and put them in the location that you want on the page. With this feature, you have complete control over the look and feel of your landing page.

• Add custom components

  Add Now components to the ribbon, form pane, field decorators, list actions, related lists, modals, and related items to improve your agents’ efficiency.

• Develop components for Workspace

  Develop custom components to add to your Workspace using the Now® Experience UI Framework and the ui-component extension. Improve agent efficiency by allowing them to communicate in one interface and avoid switching between multiple tools.

• Customize the logo

  Instead of using the logo supplied with Agent Workspace, use your company's name or logo.

• Change the colors of Agent Workspace

  Select two colors to make Agent Workspace reflect your company's color branding.

• Secondary values in form headers can be conditional

  You can create conditions that make secondary values in form headers appear or not appear. For example, you can make the Assigned to secondary value appear only if the issue is assigned to the agent looking at the record.

• Improved Form section navigation

  Forms often display many fields. Now, you can use the menu icon () to jump to sections in the form pane rather than scrolling to them.

• New workspace view rules
  • Specify the order of items in the Related Items menu

    You can customize the default ordering of items in the Related Items menu. The default order is Details, which is the form data, then zero or more related items, and finally one or more related lists.

  • Specify the default focus for related items and lists

    You can specify which item in the Related Item menu is in focus when a record opens. The default is Details. Also, you can make the focus conditional.

  • Specify default Form pane section focus

    You can configure which section your agent sees first in the form pane. By default, the first section of an item appears in the form pane when it opens. If you want an agent to see a different section first, you can set that up. For example, if agents need information in section 11 of a related list whenever the condition State is On hold is true, you can display section 11 instead of section 1.

  • Hide Details and UI actions

    You can hide the Details and UI actions in forms for people who are not required to see record details.

• Form annotations supported

  You can annotate forms in the form pane. Form annotations work the same as they do in the Now Platform.

• More field types are supported in modals

  The field modal supports two additional field types: glide_list and HTML. These field types join the types that are already supported: string, textarea, choice, reference, and Boolean.

• Agent Workspace supports column filtering with choice type fields

  When an agent filters a column that is in the sys_choice table, Agent Workspace displays a pop-up window with the fields to filter by. If there are more than 10 fields, Agent Workspace displays a Filter field in the pop-up window so that the agent can easily find the fields to filter on.

  

• Agent Workspace supports database views in lists.

  Agent Workspace now supports database views in lists. In previous versions, some lists would load endlessly.

• Add records to a related list

  The multi-record associator enables agents to add records to a related list. When an agent selects the Add Workspace action in a related list, a modal appears that enables them to select one or more records to add them to the related list. Currently, the component only supports many-to-many table relationships.

• Highlight list fields

  You can highlight fields in lists of records to call agents' attention to them. For example, you might make the background red for Priority values that are Critical. This functionality replaces Field Styling. You can't automatcially convert Field Styling configurations into highlighted list fields. Highlighting definitions are per workspace, not per instance.

• URL support

  Previously, the only fields in lists that worked as links were type and reference fields. As of Orlando, URL field types now work as links in lists. Clicking the URL opens the link. Workspace validates that the URL value starts with http:// or https://.

• Record selections are not cleared when moving to a new page of records in the same list

  Previously, when agents selected a record on a page and then navigated to another page, their selections were cleared. Workspace no longer clears these selections.

• Large lists of records display faster

  You can reduce the load times of lists for very large tables by removing the calculation of the total number of records in those lists.

• Multiple Agent Assists

  You can create multiple Agent Assists in the form pane. Each Agent Assist would use a different information source such as a knowledge base or employee records.

• Dynamic filters

  Set up dynamic filters that are based on field values in a record. For example, change the search results automatically when an agent changes a field in a record that is open in a workspace.

• Change the title shown on Agent Assist

  Instead of having Agent Assist as the title, you can change it to something more relevant to your agents.

• Agent Assist searches with empty search criteria

  Agent Assist uses a field that you specify, usually, Short Description, to populate search results when you open a record. In the past, if that field was empty, Agent Assist wouldn't run the search at all. Now, you can use the Allow search with empty search text search field to search even when there is no Search Field specified or when Search Field is empty. For example, human resources can use this feature to list all employee documents in Agent Assist. Then, agents can use the search field to refine the list. For example, agents can filter on 401k.

• Agent Assist personalizes searches

  Agent Assist can now watch the value of a record field and return results based on that value. For example, human resources (HR) can use this feature to show employee documents that are based on the value of the Caller field in an open HR Case record.

• Agent Assist supports more Search Resources

  Previously, Agent Assist supported the search resources, Knowledge and Service Catalog. Now, you can use many more sources of information in Agent Assist searches. For example, you can search through Open incidents, Resolved incidents, Outages, Open problems, and more. You can list them by navigating to Contextual Search > Additional Resources.

• New field types
  Form controls now support the following field types:

  • Percent Complete—Enables agents to input percent values, including decimals and negatives. The value appears with a percent sign (%).
  • IP Address—Supports v4 and v6.
  • FX Currency—Allows positive or negative values in this field type.
• New tag operators
  Tag filtering has new operators:

  • Have—Includes records with specific tags.
  • Does not have—Excludes records with specific tags and records with no tags.
  • Excluding—Excludes records with specific tags, but includes records with no tags.

  

• New date range picker

  Enable agents to select a range of dates.

  

• Drag and drop events to reschedule them on calendars.

  Reschedule events by simply dragging and dropping them into a new timeslot on calendars.

• Reference picker enhanced
  As an agent enters text in a field, the text becomes highlighted as follows. If the input matches:

  • Both the secondary and primary values, Agent Workspace highlights only the primary value.
  • Only the secondary value, Agent Workspace only highlights the secondary value.

  

• Agents can share an Agent Workspace view with other agents by using links.

  Agents can send the URL in their browser to another agent so that the two agents can look at the same record in Agent Workspace.

• Configure Agent Workspace components from the Settings menu
  In the Settings menu under the profile image, two new menu items provide you with shortcuts to configure the workspace and forms:

  • Configure Workspace—Opens the workspace configuration page.
  • Configure Page—Appears when the page content is a form. This menu item takes you directly to the pages that you use to configure the displayed form.

  Using these menu items is easier than navigating to the configuration pages using the application navigator.

• Knowledge Management now included in Agent Workspace

  Knowledge Management functionality is now included in Agent Workspace. You can read about its Orlando features in its release notes.

• Specify the maximum number of characters for field values exported to Microsoft Excel

  The glide.us.export.choice_list_max_characters system property sets the maximum number of characters in Condition field values when you export them to Microsoft Excel. For example, if Condition field values were truncated during export, you can increase the maximum number of characters exported. This property does not affect the size of fields in records.

• New Agent Chat virus scan

  Uploaded files in Agent Chat are now scanned and flagged when infected. When an infected file is uploaded by an agent, a card appears indicating that the file is infected, and can't be forwarded to anyone.

• Agent names and avatars in Agent Chat

  Agent names and avatars can now be configured to represent agent identities when visible, or when set to anonymous, to display a generic agent identification.

• Set up an audible chat or inbox alert

  An audible alert can now be set to notify an agent when a new chat or item arrives in their inbox.

• Show phone, chat, or walk-up icon on phone interaction tab

  Agents can now see the active status of interaction tabs. Agents can now know the interactions that are currently in progress.

• Interaction auto-logging of context related to table records

  Agents can now have records associated to a chat through context added as related records to a chat.

• User Wait Time shown in Agent Chat window

  When a user initiates a chat with a live agent, they can now see an estimated wait time to talk with an agent. The wait time is set by an administrator in Chat Setup.

• Pre-chat and post-chat surveys

  Display a pre- and post-chat conversation topic in the chat client (Service Portal chat widget and Virtual Agent messaging integrations) that presents requesters with a conversational questionnaire. Pre-chat surveys gather information that can be used to route requesters to qualified agents. Post-chat surveys enable requesters to provide feedback on the chat experience. You design the questionnaires using the ServiceNow Survey Designer.

Work Progress Status for Agile Teams provides a green, yellow, red (GYR) progress status on Agile 2.0 epics to indicate whether the work is likely to be completed by the epic's planned end date. It also provides an estimated completion date based on the rates at which the scope of work is changing and the work is being completed.

Enable bidirectional synchronization of records between Atlassian Jira and ServiceNow® Agile Development 2.0 by integrating the two applications.

When you integrate projects and boards from Jira with Agile Development, you can:

• Synchronize work items between Jira and Agile Development.
• Plan, track, and update your work from a single application.

Enable bidirectional synchronization of records between Microsoft Azure DevOps and ServiceNow® Agile Development 2.0 by integrating the two applications.

Integration of Azure DevOps to Agile Development enables you to do the following:

• Synchronize work items between Azure DevOps and Agile Development.
• Plan, track, and update your work from a single application.

Plan and track the work of multiple teams that are working together, either towards a common outcome or on an ongoing basis. These teams can have synchronized or varied sprint cadences, and be involved with work outside of the common program.

Improve your Agile processes and practices using preconfigured dashboards for Agile sprints, releases, teams, and epics, with data visualizations.

Validate the continued functionality of Agile Development 2.0 after any configuration change such as an upgrade or after developing an application.

All test suites and tests must pass on default implementation. To validate a custom implementation, copy the automated tests and configure them according to your customizations.

From your mobile device, track all stories of an assignment group including the stories that are assigned to you from multiple assignment groups. Get notified when work notes are added to your stories.

With a swipe, you can choose to update the status of the story or add work notes to the story.

From your mobile device, track all scrum tasks of an assignment group including the scrum tasks assigned to you from multiple assignment groups. Get notified when work notes are added to your scrum tasks.

With a swipe, you can choose to update the status of the scrum task or add work notes to the scrum task.

Add scrum tasks to stories of the current sprint, from the mobile app.

Notifications are sent to the users of your ServiceNow instance regarding the application tasks to be performed or application updates. Users with permissions to access the All Available Applications module, can click the required notification to perform the necessary actions. Also, Connect messages are sent to administrators when certain application management actions should be performed. To receive the messages, set the value of the com.snc.unified_plugin.connect.notification.enabled property in the System Property [sys_properties] table to True.

Associate hardware models with application services using the suggestion engine. The risk engine then evaluates the risks of your hardware. You can view the risks that are rendered on the TPM timeline in the By Business Application view.

After upgrades and deployments of new applications or integrations, run quick start tests to verify that Application Portfolio Management still works. If you customized Application Portfolio Management, copy the quick start tests and configure them for your customizations.

Use the Chat Survey field to restrict the type of survey questions that can be added to a chat survey.

Design a Virtual Agent conversation using the Survey topic block.

• Dependent survey fields are supported.
• The following metric types are supported:
  • Attachment
  • Boolean
  • Check box
  • Choice
  • Date
  • Date/Time
  • Image scale
  • Number
  • Numeric scale
  • Percentage
  • Scale
  • String
• Introduction and end notes of a survey are supported.

Calculate the normalization score for a multiple selection metric by defining the weight of the question and the score for each response of the metric. This score provides data for risk assessment.

After upgrades and deployments of new applications or integrations, run quick start tests to verify that Assessments and Surveys still works. If you customized Assessments and Surveys, copy the quick start tests and configure them for your customizations.

Version 10.1: Use the Audit Management dashboard to provide audit managers with the latest view of the audit engagements and related audit activities. This dashboard is available from the Audit Management application and provides an overview of the audit tasks, control tests, the current state of issues, and remediation tasks.

Version 10.1: After upgrades and deployments of new applications or integrations, run quick start tests to verify that still works. If you customized , copy the quick start tests and configure them for your customizations.

Handle contiguous change requests that have overlapping schedules that could result in conflicts by using the new conflict detection property change.conflict.allow_contiguous_changes conflict detection property. For upgrade customers, this property is set to false.

After upgrades and deployments of new applications or integrations, run quick start tests to verify that Change Management still works. If you customized Change Management, copy the quick start tests and configure them for your customizations.

Set up domain separation for Cloud Management to segregate and manage cloud infrastructure and assets belonging to different tenant organizations with data separation requirements in the same instance. Create MID Servers for separate customers and set up a domain hierarchy, policies, groups, and catalogs with domain-specific permissions to achieve data separation.

After upgrades and deployments of new applications or integrations, run quick start tests to verify that Cloud Management still works. If you customized Cloud Management, copy the quick start tests and configure them for your customizations.

After upgrades and deployments of new applications or integrations, run quick start tests to verify that Coaching still works. If you customized Coaching, copy the quick start tests and configure them for your customizations.

• New attribute on the cmdb_ci table
• Value choices are: Prod, Test, or Dev
• Use case: Identify the environment that the configuration item (CI) supports. Previously, the “used for” attribute identified the environment but it was at the cmdb_ci_server tablel evel. This new attribute identifies other items such as hardware, software, and containers.
• Description: “Environment” is the deployment tier within a computer system. Common examples include Development, QA, and Production.

• New attribute on the cmdb_ci table
• Value: Reference to group table in ServiceNow
• Use case: Identify the group responsible for managing the CI data
• Reason for this new attribute: The base attribute is “Managed by,” which references the user table. However, some customers have requested a group-referenced attribute. Previously, you may have filled this need by modifying the CMDB “Managed by” attribute to reference the sys_user_group or may have created a custom attribute.

  Also, if you have modified other related attributes such as the Approval group, Assignment group, and Support group attributes, we can't modify these related attributes. This means that you may not get the full benefit of the "Managed by group" attribute.

• New attribute on the cmdb_ci_hardware table
• Value: Boolean (True or False)
• Use case: The Internet Facing attribute indicates whether the CI is inside or outside the DeMilitarized Zone (DMZ). Customers want to know if their tools (for example, Puppet) or ranges of IP addresses are inside or outside the DMZ. Currently, the FireWall attribute in the cmdb_ci_server table provides this identification but at a different level. This new attribute identifies not only hardware, but also CIs such as containers not associated with hardware.

Modifications to the events that are generated after an integration run is completed so they are compatible with any third-party scanner.

• View the number of active (open) test results and the percentage of test results currently in remediation or deferral to help you efficiently manage your remediation tasks (test result groups).
• View policies that show the percentage of your assets that are out of compliance with that policy.
• Data displayed on Remediation tabs for the test result, test, and policy records are updated daily by a scheduled job.
• Click the Update Status Related link to refresh remediation status metrics on-demand from the test result, test, and policy records.

• Create pre-populated change requests of varying types (emergency, standard, or normal) to expedite your remediation of non-compliant software in your environment.
• Use change requests to help you prioritize, track, and remediate test results that require additional resources or time to remediate.
• Associate test result groups to existing change requests.
• Split large test result groups into smaller groups to help you identify test results for deferral or regroup test results and configuration items that require additional resources.
• When enabled, state synchronization resolves test result groups automatically after change requests are implemented.

• On-demand CMDB reconciliation on discovered items
• The corresponding test result-CI association is updated for active test results.
• Assignment rules, group rules, risk scores, risk ratings, and remediation targets are re-evaluated.
• Discovered item status is updated accordingly, for example, discovered item status changes from Unmatched to Matched.

On assignment rules, remediation target rules, CI lookup rules, and calculators records and forms, the search text you enter in the condition builder is not case-sensitive. Case sensitivity is no longer supported for searches on these records.

The CMDB CI Class Models app dependency for this feature is installed automatically with v 12.1 of Vulnerability Response.

Convert a set of legacy business services to application services in a single operation. Using bulk conversion, you can leverage dynamic services that synchronize with CI changes.

Application services streamline the different types of services in your organization. Also, you can apply ITOM capabilities, such as viewing the service history and monitoring the service health, to application services.

Create a report in CMDB Query Builder that dynamically updates when the saved query that it is associated with runs. Therefore, this report is always synchronized with the latest results of the query.

You can manage a dynamic report like any other report in Reporting, and you can attach it to a Performance Analytics dashboard.

After upgrades and deployments of new applications or integrations, run quick start tests to verify that CMDB still works. If you customized CMDB, copy the quick start tests and configure them for your customizations.

In addition to the ability to use the value of a record and return knowledge results based only on that value, you can now also use the value of a record field and return table-based additional resource results based only on that value. For example, human resources (HR) could use this feature to show employee documents based only on the value of the Caller field in an open HR Case record.

The Predictive Intelligence Similarity capability for Contextual Search has been moved into a dedicated plugin named Predictive Intelligence for Contextual Search (com.snc.contextual_search.ml). If you have access to Predictive Intelligence, you can now decide whether you want to activate the ability to use machine-learning algorithms for searching with Contextual Search.

After upgrades and deployments of new applications or integrations, run quick start tests to verify that Continuous Authorization and Monitoring still works. If you customized Continuous Authorization and Monitoring, copy the quick start tests and configure them for your customizations.

Enable users with the admin and flow_designer roles to set up spoke integrations with third-party systems using a single, customizable form.

• Case types: Enable agents to create the right type of case corresponding to the customer issue. Administrators can use guided setup to create new case types that extend the Case [sn_customerservice_case] table and then manage the setup and information for the case types through a central view.
• Customer Project Management: Enable customers to manage complex projects with multiple tasks by using Customer Service Management with Project Portfolio Management. Customer project managers can create and manage projects while end customers can view projects and tasks for their accounts.
• External user approval for change and request records: Enable customers to approve change and request records from the Customer Service Portal.
• Case entitlement derivation: Provides a configurable way to derive the entitlement based on several fields related to the case record.

• Proactive case flows: Automate workflows for proactive case creation to improve your operational efficiency and respond to customer issues faster.
• Outage tracking for Customer Service Management: Provide your customers with visibility into any outages that exist for their install base, enabling them to assess the business impact caused by outages over time.
• Service health status: Provide your customer service agents with a view into the real-time service health of an account's install base. Correlate customer issues with the operational health of install bases and provide a faster response to the customer.
• Priority of cases: The priority of cases created from alerts is set based on the severity of the alert, so that customer service agents can act accordingly.
• Proactive cases: All major cases, major case candidates, and child cases created internally are automatically managed as proactive cases and can be tracked separately.
• Proactive Customer Service Operations dashboard: Enable your customer service managers to view outage-specific KPIs on the Proactive Customer Service Operations dashboard to assess the business impact of outages over time.

• Contracts and entitlements for install base: Associate sold products and install base items to contracts and entitlements to provide your customers with insight into the support they are entitled on the Customer Service Portal.
• Install base in Agent Workspace: Enable your customer service agents to view a customer’s complete install base in Agent Workspace, including information on the products and services purchased, how they are delivered, and additional components available with the product models. Customer service agents can then provide your customers with the support they need as well as identifying opportunities for upsell.

• Ribbon configuration: Configure ribbons in CSM Agent Workspace to help agents quickly scan relevant record details. You can configure ribbons for different workspaces and for tables that extend the Case [sn_customerservice_case] table.
• Response templates: Use response templates in CSM Agent Workspace and quickly add template content to cases and case tasks.
• Agent Assist: Use the Agent Assist contextual search option on the Interaction form and search for information using these sources: Knowledge articles, Service Catalog, and Communities.
• Interaction form related lists: Provide agents quick access to recent interactions and open cases for the contact or consumer they are assisting.
• Highlight list fields: Call an agent's attention to important fields with highlighted fields in lists of records. For example, you can set the background to red for Priority values that are critical. This functionality replaces Field Styling. There is no way to convert Field Styling configurations automatically to highlighted list fields. Highlighting definitions are per workspace, not per instance.

After upgrades and deployments of new applications or integrations, run quick start tests to verify that Customer Service Management still works. If you customized Customer Service Management, copy the quick start tests and configure them for your customizations.

• Configure ServiceNow add-in for Microsoft Outlook: As an admin you must configure user roles and download the office add-in manifest file for integrating Customer Service Management for Microsoft Outlook.
• Install ServiceNow add-in for Microsoft Outlook: As an account facing executive you can install the ServiceNow add-in for Microsoft Outlook to use ServiceNow features such as managing contacts and cases from within Microsoft Outlook.
• Create a new contact within CSM: As an account-facing executive you can create a contact within CSM using your Microsoft Outlook.
• View and edit an existing contact within CSM: As an account-facing executive you can view and edit an existing contact within CSM using your Microsoft Outlook.
• Create a new case: As an account-facing executive, you can create a new case from within your Microsoft Outlook.
• View and edit an existing case: As an account-facing executive, you can view and edit an existing case from within your Microsoft Outlook.

Configure SonarQube scans on Jenkins and Azure DevOps pipelines. Scan results are fetched from the pipeline in ServiceNow DevOps.

View summary results for code quality tools that can be viewed in a related list of a Change Request or a Task Execution flow. Use code quality results for change automation, this includes a way to make an automation policy against the results.

Connect to your existing DevOps toolchain to collect lifecycle events and data using tool integrations provided with the DevOps application. Integrations include Azure DevOps, Bitbucket, GitHub, GitHub Enterprise, GitLab, Jira, Jenkins, and ServiceNow Agile Development 2.0. JUnit-style test results from Jenkins are supported.

Automatically create change requests for pipeline stages under change control. A DevOps Change workflow and DevOps Change Approval policy can be used to enable automatic DevOps change approvals. Change requests are automatically updated with implementation details from the orchestration task.

Version 1.14: Use different templates for DevOps change requests. You can also customize the ServiceNow Change Management workflow for DevOps using the DevOps Model Change Request flow in ServiceNow Flow Designer.

Version 1.20: Configure change receipts (in pipeline step change control) so the pipeline doesn't pause. Change receipts do not require approval for the pipeline to proceed.

Version 1.11: Use change acceleration for releases to link all commits and work items in the change request since the last time the app was deployed to production, rather than for a specific pipeline execution.

Version 1.12: Integrate Azure DevOps Boards, Repos, and Pipelines using the ServiceNow DevOps extension for Azure DevOps on Visual Studio Marketplace.

Version 1.14: Import historical work items (tasks, issues, and epics) for Azure DevOps basic projects.

Version 1.17: Integrate Azure DevOps without the need to add start and end job notifications to the Azure pipeline. Azure pipeline modifications are needed only for pipeline artifact and change.

Version 1.16: Integrate GitLab Source Code Management as a coding tool and GitLab Continuous Integration as an orchestration tool to see commits along with pipeline data, for automated change requests, and additional insights.

Version 1.17: Automatically discover GitLab pipelines during orchestration tool setup.

Version 1.23: Automatically import and categorize GitLab JUnit tests during pipeline execution.

Version 1.24: Capture tags from GitLab coding tool commits. Bulk commits are supported.

Version 1.13: Automatically discover Jenkins pipelines during orchestration tool setup.

Version 1.19: Automatically create pipeline steps for enabled Jenkins pipelines.

Version 1.20: In the Pipeline UI, view Jenkins pipelines without showing stages that have been skipped due to branch conditions.

Version 1.24: Set change request fields and closure behavior when creating the change from a Jenkins pipeline.

Create subflows in Flow Designer to integrate planning, coding, and orchestration tools not included in the integrations provided with the DevOps application. Incoming webhook notifications processing is supported.

Version 1.9: Connect and discover integration capabilities are also supported.

Version 1.12: In addition to planning and coding tool integrations, create integrations for orchestration tools. The concept of tool capabilities is added for multi-tool support.

Version 1.15: Create subflows in Flow Designer to integrate functional and performance test tools that are not included in the integrations provided with the DevOps application. Incoming webhook notifications processing is supported.

Version 1.20: Use the Jenkins plugin for ServiceNow DevOps to report Selenium tests that are run and published by TestNG. Test type categorization is also supported.

Version 1.21: Use the DevOps API to access a change request number created in a pipeline for further interaction with the change request from the pipeline.

Version 1.22: Use the DevOps API to onboard tools and apps.

Version 1.24: User-created integrations for orchestration tools has been deprecated.

Use the DevOps Insights Standard dashboard to provide visibility into change results, pipeline value stream, and overall DevOps process. The Insights dashboard includes commits, in addition to development, deployments, change acceleration, and system health tabs. Drill into data collected over time and compare data sets to analyze operational and business insights.

Version 1.14: View stability metrics, including MTTR and service availability, based on incident and service availability records. Use the Performance Analytics Solution Library to easily install and update the DevOps Insights dashboard.

Version 1.15: View a summary of four DevOps accelerated stability metrics, change failure rate, incidents, outages, and average time for change requests. In addition, view two new change acceleration widgets, including total changes submitted and average time to approve.

Use the Pipeline UI to show the pipeline status for each app in a central graphical view. You can view pipeline execution information, including stage progression, work items, associated commits, and links to change requests for approval and test results. The Pipeline UI can also be accessed from within a DevOps change request.

Version 1.12: Create more than one pipeline per app.

Version 1.12: Use the DevOps Integrations application to integrate Azure DevOps, Jenkins, and GitLab orchestration tools with DevOps.

Version 1.16: Use the DevOps Integrations application to integrate GitLab orchestration tool with DevOps.

Version 1.10: After upgrades and deployments of new applications or integrations, run quick start tests to verify that DevOps still works. If you customized DevOps, copy the quick start tests and configure them for your customizations.

Control several aspects of the horizontal discovery process through Discovery properties.

• glide.discovery.certs.cert_admin_user_id: Holds the user ID of the user who will be referenced in the certificate task and incident, created via a Scheduled Job.
• glide.discovery.certs.days_before_expiration_to_create_renewal_task: Number of days before certificate expiration that a renewal task should be created.
• glide.discovery.certs.enable_incident_creation_for_expired_certificates: Enables the Scheduled Job to create the incidents for expired certificates.
• glide.discovery.certs.enable_renewal_task_creation_for_discovered_certificates: Enables renewal task creation for all discovered certificates.
• glide.discovery.allow_loopback_adapters: Allows network loopback adapters on SNMP devices to be discovered via probes and added to the CMDB.

• VM-Host Affinity Rules [Virtual Machines to Hosts]
• VM-VM Affinity Rules [Keep Virtual Machines Together]
• VM Anti-Affinity Rules [Separate Virtual Machines]

View the connecting CIs for alerts in a CMDB group through the Dependency Views map to help understand why alerts have been grouped.

Assign alerts through the Assigned to and Assignment group fields that have been added to the Workspace alert form.

Assign multiple alerts to yourself easily by selecting multiple alerts on the alerts list in Workspace and clicking the Assign to me button.

The Alert Assignment feature is enabled in both the desktop and mobile interfaces of Event Management.

• Secondary alerts remain open after a primary alert is closed.
• The history of a secondary alert is retained after a primary alert is closed.
• Avoiding creation of incidents for secondary alerts when an incident already exists for the primary alert and the alert management job runs before the alert grouping job is complete.

To enable binding events to CIs with a specified status, such as Retired, override the default behavior by setting the evt_mgmt.ignore_retired_cis_in_binding property to false.

To specify the CI statuses to be included in the evt_mgmt.ignore_retired_cis_in_binding property, add the relevant status numbers to the evt_mgmt.install_status_list_to_ignore_in_binding property.

The login_with_windows_authentication property enables the bi-directional exchange of event values to work with Windows authentication.

Use Field Service in CSM Agent Workspace to create work orders from cases. You can automatically create tasks and part requirements for the required work when you use work order templates. You can also mark these work order tasks as ready for dispatch and inform customers of the status of the work orders.

• Dispatchers can navigate to the desired date using the calendar picker to view central dispatch details.
• Administrators can enable Filter by Date Range toggle switch and view the tasks and available agents for the selected date range.

• Use the Matching Agents With Most Parts For Dynamic Scheduling Rank matching criterion to rank the agents who have the parts for the work order tasks in their stockroom.
• Use the Preferred technicians for a customer account matching criterion to rank which agents you prefer to work on customer accounts.

• Recurring events on mobile calendar: Agents can view and create repeating events using the Field Service mobile application.
• Inventory enhancements:
  • View your part drop-off and pick-up list: Agents can view the list of parts that they must drop off and the parts that they can pick up. When they pick up the parts, they can mark them as picked up.
  • Add defective parts to the drop-off list: Agents can create a drop-off list for the defective parts in their stockroom. They can generate transfer orders to move these items to the stockroom for drop off.

Create cases and also view customer service data when you have the Customer Service plugin (com.sn_customerservice) installed with the Field Service application.

After upgrades and deployments of new applications or integrations, run quick start tests to verify that Field Service Management still works. If you customized Field Service Management, copy the quick start tests and configure them for your customizations.

Manage your finance close work with an intuitive multi-tab interface.

Monitor multiple metrics as well as manage reporting and analytics to quickly track the health and progress of your finance close.

Access your Finance Close Automation data on your mobile device. You can also monitor the status of close tasks in real time, approve or reject close and follow-up tasks, and collaborate with stakeholders to address exceptions while on the go.

Configure FCA to integrate with your Oracle NetSuite ERP system to automate posting of journal entries in real time.

Assign a journal entry close task to user groups so that any member of the assigned groups can work, review, or approve this task and its journal entries.

These user groups, such as the Owner group, Reviewer group, and Approver group, are of type Finance Close and have finance close roles assigned to them.

Select multiple tasks or journal entries to approve or reject them in one go. During mass rejection, the same rejection reason applies to all the selected items.

Edit multiple tasks in an accounting period that require similar edits in one go. Any changes you make during the mass editing apply to all the selected close tasks.

As a finance close admin, configure permissions for editing tasks using the extension point.

Create journal entries for a journal entry task by importing from a CSV file.

Configure the default sheet name that is used when uploading the Microsoft Excel file to create journal entries.

Set the level of criticality of a close task to determine its urgency and importance in the close process for an accounting period.

Select the option to complete the task manually or automatically for close tasks using JE workflow.

Set up calendars you use in your organization and associate close tasks with these calendars. You can associate tasks with one or more calendars.

You can kick start and work on close workbooks for multiple open accounting periods simultaneously.

Use the Reversed by field on a journal entry form to view the user who performed the reversal. If there is a reversal failure, this user gets the notification.

Track the progress of a close task using its substates. Each state of a task has been further categorized into one or more substates that enable you to review the task progress at a detailed level.

Create an SLA definition for close tasks and follow-up tasks to make sure that the tasks are closed within the defined time frame. Review the task SLA information in the Finance Close Dashboard using SLA reports.

Set the Retain task owner upon duplicate property (fca_retain_task_owner) to true so that if a task has both the Owner and Owner Group fields filled in, then the owner field value is copied over to the new close workbook when you duplicate a close workbook for the next accounting period.

Improve performance by specifying the number of tasks in the sn_fcms.sync.rollup.business.rule.limit property. When the number of tasks is less than that specified in the property, the business rule to roll up the task state runs in synchronous mode.

After upgrades and deployments of new applications or integrations, run quick start tests to verify that Finance Close Automation still works. If you customized Finance Close Automation, copy the quick start tests and configure them for your customizations.

Version 9.0: Perform preliminary and General Data Protection Regulation (GDPR) data protection impact assessments (DPIA) to protect the personal data of individuals within and outside of the EU.

Version 9.0: Set up the GRC ServiceNow® Virtual Agent application to report risk events from the ServiceNow® Service Portal. A GRC Virtual Agent chatbot helps customers quickly report a risk event. The GRCVirtual Agent chatbot also assists customers by saving their time.

Version 9.0: Set up the GRC Virtual Agent application to request policy exceptions from the Service Portal. A GRC Virtual Agent chatbot helps customers quickly request an exception. The GRC Virtual Agent chatbot also assists customers by saving their time and enhancing the customer experience.

Version 9.0: Download the 2019 version of the SIG Questionnaire from the ServiceNow Store.

Version 10.0: Download the 2020 version of the SIG Questionnaire from the ServiceNow Store.

Select the Skippable check box to lets users skip the step in case the tour fails at that step. Users can continue the tour after skipping the step.

View the unique tour ID in the tour table and the form. The unique tour ID is auto-generated when users create a tour.

Integrate with Adobe Sign

Integrate with Adobe Sign so that users can sign electronic documents through the Adobe Sign service. This integration uses the Adobe Sign spoke in IntegrationHub, and supports the use of both HR document templates and Adobe Sign templates.

Auto-determine the HR service for a case

Auto-determine the HR service for a case and enable an HR agent to transfer the case to the appropriate HR service rather than having to spend significant time manually triaging cases to appropriate HR services.

Auto-train the predictive model for email case categorization

Enable auto-training of the email case categorization solution. Prior to this release, you had to manually train the solution definition, HR Case Categorization, to train the predictive model for email case categorization. Beginning with this release, the solution definition is auto-trained by default on installation of ServiceNow Predictive Intelligence and HR Service Delivery.

Use knowledge blocks in article templates

• Add or remove knowledge blocks in more than one HTML field of any article template including custom templates. Prior to the Orlando release, you could add a knowledge block only in the standard article template.
• Preview an article that uses an article template with multiple HTML fields based on the version date and user.
• Define how many search results are displayed when a knowledge author searches for a knowledge block while authoring an article.

Configure HR Service Delivery Center of Excellence (COE) security policies

Use COE ACL Configuration to allow specific groups read or write access to HR cases under a specific COE. For example, you might not want the Talent Management group to be able to view cases created by the Benefits group.

Add or modify notification content

Use the Short Message Service (SMS) content type for notifications in Content Delivery and Content Automation.

Analyze your campaign for effectiveness

Analyze a campaign once it becomes active to ensure that your messaging is relevant, fresh, engaging, and targets the correct audience. You can also set up a schedule to re-evaluate the audience for a campaign.

Create campaign success goals

Evaluate campaign progress by comparing it to a baseline using Campaign Success Goals.

Content Automation (campaigns) dashboard

View and understand the effectiveness of your campaign and trends, and whether the campaign success goals are on target. Use this information to help determine whether you need to refresh your content.

Add or modify mobile content for Content Delivery

Create announcement and link banners for content using Mobile Content on the Mobile Onboarding app and Now Mobile app on an employee's mobile device.

Okta integration for new hire onboarding

Provision relevant applications for new hires automatically as part of the onboarding process by integrating with the Okta service. This integration uses the Okta spoke in IntegrationHub, as well as the new Business Roles plugin. It is configured to work with the lifecycle event for new hire onboarding that is included as demo data with the Human Resources Scoped App: Lifecycle Events for Enterprise [com.sn_hr_lifecycle_ent] plugin.

CIC Plus integration for new hire onboarding

Enable US-based new hires to provide relevant tax information as part of the onboarding process by integrating with the CIC Plus service.

Lifecycle event properties page

Enables you to set the duration of the activity set closure time in hours.

Show or hide an activity set to the employee

Show or hide an activity set to the opened for or subject person of the lifecycle event case by using the Display to opened for and Display to subject person options. These options enable you to show only the relevant activity sets to your employees.

Display an employee-facing title for an activity set

Display an employee-facing title for an activity set by using the Display title field. The display title enables you to emphasize the experience you are creating for your employees. For example, an employee-facing title for the preboarding activity set could be “Get ready for day one.”

Ignore an empty date field when triggering an activity set

For an activity set that is triggered by a date field, you can choose to ignore an empty date field. If the Ignore empty date option is selected, the activity set will not trigger when the date field is empty.

Trigger an activity set based on specified conditions or a combination of triggers

Define when an activity set triggers based on specified conditions or a combination of triggers (date, other activity sets, and conditions) by using the new trigger types called condition and combination.

Order activities within an activity set

Manage the dependencies of lifecycle event activities within an activity set with the new activity type called activity container. You can use activity containers to order activities in parallel or sequence as well as to configure multiple activity containers within an activity set.

Deliver content to employees through a lifecycle event

Deliver relevant and tailored content to employees with the new activity type called content. For example, you can push company-related information or a first day at work banner to new hires as part of their onboarding.

Map custom text to a lifecycle event activity

Map custom text to a target field or variable in an employee or fulfiller activity by using the Custom text option. The custom text can be static or include variables that are pulled from the source table. For example, you can pass a string for a short description of an IT request.

Resume a lifecycle event case

Enable HR agents to resume a lifecycle event case after a workflow error or timeout.

Show upcoming to-dos to employees

Shows upcoming to-do tasks in both the portal and mobile apps so that employees know which tasks they need to complete in the future.

• Define a security policy for access to employee documents by using the Payroll country and Effective date fields. When you upload the document or move the case attachments to an employee file, the value in the Payroll country field is automatically entered from the user profile of the employee, and the value in the Effective date field is automatically entered from the creation date of the employee document.
• Configure a security policy by defining conditions on the Effective date, Employee, HR case, HR profile and Payroll country fields. Apply the security policy only to documents that match the configured conditions.
• Associate multiple security policies to a document type. In previous releases, you could associate only one security policy with a document type using the Security Policy field. Beginning with this release, you can associate multiple security policies with a document type using the Security policies related list. You can define the order in which the security policies must be evaluated on a document type. You can also deactivate a security policy if you do not want the policy to be evaluated on a document type.
• Read and write a document only if you fulfill the read or write configuration requirement of at least one security policy associated with the document type.
• Purge a document only if you fulfill the purge authorization configuration requirement of at least one security policy associated with the document type.
• Receive a purge notification only if you fulfill the purge authorization or notification configuration requirement of at least one security policy that is associated with the document type.

Use the New Hire Pre Chat and ESC Pre Chat preconfigured surveys that support Advanced Work Assignment. These surveys are driven by user criteria and control the topics that appear in the pre-chat conversation in Employee Service Center.

Use the Service Mapping application to discover all application services in your organization. Service Mapping builds a comprehensive map of all devices, applications, and configuration profiles used in the discovered application services.

Service Mapping maps dependencies, based on a connection between devices and applications. This method is referred to as top-down mapping. The top-down mapping helps you immediately see the impact of a problematic object on the rest of the application service operation. For more information on new and changed features, see Service Mapping release notes.

Create a knowledge article from an Incident using the advanced knowledge management functionality. The feature is available when you activate the KCS Integration for Incident Management plugin (com.snc.incident.knowledge).

Create a knowledge gap record when you do not find any appropriate resolution documented for an Incident. The knowledge gap record helps the team to identify the issue and create an appropriate knowledge article for the Incident.

Create a copy of an Incident from an existing Incident so you can easily create a similar Incident for a different caller.

Create a change record, an outage record, or a problem task from a Problem form.

The number of Interactions helps determine the urgency and priority of the Incident. View Interactions associated with an Incident under the Interactions related list.

Search for additional information relevant to a Problem record by using Agent Assist. Prior to this release, Agent Assist was available only on the Incident form. For more details, watch the video available at ITSM Agent Workspace – Problem.

Narrow your search results by using two new search categories in Agent Assist: Outages and Open Outages. These categories help you to find outages whose information matches the text that you enter in the Short Description field.

Track the amount of time an agent spends working on an Interaction Management. You can then find the average time an agent spends for closing Interactions.

Create a problem record directly from an Interaction to investigate the cause of an issue without going through the Incident management flow. By default, this option is disabled. To enable the option, select the problem property Allow Problem creation from Interaction (glide.problem.interaction.allow_create).

Create a standard change record from the Interaction form to implement a pre-approved change.

User’s Calls: The User’s Calls related list displays historical calls between a requester and Service Desk agents. This feature is available to the users who has the Service Desk Call plugin (com.snc.service_desk_call) already activated. The customer name in the Opened for field in Interaction is matched with the Caller field in Service Desk calls and records are retrieved based on the number of days mentioned in the interaction property Number of days (integer) for which past user call records are retrieved. The default value is seven (7). A setting of zero (0) disables this feature. (glide.new_call.interaction.records_age).

• Search Knowledge Base topic: Re-factored to use the reusable Contextual Search topic block.
• Open IT Ticket: Re-factored to use the reusable Create Incident topic block.
• Provide Virtual Agent Feedback: Re-factored to use the reusable Survey topic block.

Route incidents to agents based on historical affinity with the affinity rule Incident affinity based on Caller for the Incident service channel.

After upgrades and deployments of new applications or integrations, run quick start tests to verify that Incident Management still works. If you customized Incident Management, copy the provided quick start tests and configure them for your customizations.

After upgrades and deployments of new applications or integrations, run quick start tests to verify that Major Incident Management still works. If you customized Major Incident Management, copy the provided quick start tests and configure them for your customizations.

View active producer and consumer replication sets, scheduled jobs, and producer or consumer seeding requests on the IDR dashboard.

Package a replication set configuration from a producer or consumer instance to another instance and then deploy through an update set. For example, you might need to copy a configuration from a test to production environment.

Test the connection between your producer and consumer replication sets to ensure that the connection is set up properly.

Distribute software from the service catalog using third-party management systems. Client Software Distribution uses IntegrationHub flows and subflows to automatically deploy and revoke software. Modify the base system flows and subflows as needed.

Use the executeDataStreamAction() method in the FlowAPI class to run a Data Stream action synchronously from a server-side script and return a ScriptableDataStream object. Use the ScriptableDataStream class to iterate through items in the data stream.

Apply common configurations to interact with APIs that send results in multiple pages. For example, apply the Limit / Offset template to specify the number of items you want returned per page (limit), and the starting number for the first item (offset). After applying a template, update the values to ensure that the configuration complies with the API's requirements.

Access action and subflow outputs as dynamically generated data pills during flow design. You can also build data gathering actions to generate complex objects from Now Platform and IntegrationHub outputs.

View feature usage over time and access information about the usage of a specific feature or scope.

Check the ServiceNow Store for IntegrationHub spokes released on an ongoing basis.

Get data through a ServiceNow® MID Server when running a Data Stream action.

View the count of password reset transactions performed using IntegrationHub.

Import data to your instance using a guided IntegrationHub REST step.

Enable users with the admin and flow_designer roles to set up spoke integrations with third-party systems using a single, customizable form.

Test your Data Stream action to ensure that it works the way you expect before you add it to a flow.

Transform data pill values without the need to write a script. Use transform functions to reformat text, perform mathematical calculations, sanitize potentially unsafe SQL statements, and serialize complex objects to raw XML.

After upgrades and deployments of new applications or integrations, run quick start tests to verify that Investment Funding still works. If you customized Investment Funding, copy the quick start tests and configure them for your customizations.

• Authoring experience: Create, edit, and publish knowledge articles in Agent Workspace. You can use an article template to create a knowledge article, use Agent Assist to eliminate duplicate knowledge articles and research for article content, and map related articles and related catalog items to a knowledge article.
• Support for article templates: Ensure consistent structure for knowledge articles within your knowledge base using predefined and custom article templates. You can now create articles in any article template in Agent Workspace.
• Compare knowledge article versions: Compare and track changes between two versions of a knowledge article.
• Resize the contextual side panel for Agent Assist to see an article preview that enables you to quickly decide whether to attach or flag a knowledge article without the need to open the article in full view.
• Improved knowledge article view: Optimize knowledge article interactions on the knowledge article view page by providing feedback, copying a link to a knowledge article, or flagging a knowledge article.
• Feedback management: Create and resolve actionable feedback tasks from Agent Workspace. If negative feedback is given on a knowledge article, you can choose to have the system automatically create a feedback task and assign it to the owner of the knowledge article.
• Support for translation management: Request a translation of knowledge articles and address translation tasks assigned to you. You can create translation tasks, translate published knowledge articles either manually or through machine-based translation, and compare original and translated content.

• Add or remove knowledge blocks in more than one HTML field of any article template including custom templates. Prior to the Orlando release, you could add a knowledge block only in the standard article template.
• Preview an article that uses an article template with multiple HTML fields based on the version date and user.
• Define how many search results are displayed when a knowledge author searches for a knowledge block while authoring an article.

Use MID Server parameters to configure the behavior of individual MID Servers.

• mid.instance.skip_basic_auth: Allows the MID Server to connect to an instance using cookies instead of basic authentication credentials.
• mid.powershell.jea.append_username: Specifies whether user name of the current user will be appended to the JEA endpoint.
• mid.powershell.jea.endpoint: JEA configuration name (endpoint) on remote servers that the MID Server will connect to.
• mid.shazzam.threads: Specifies the number of concurrent threads that Shazzam uses to optimize Shazzam probe performance.
• mid.shazzam.max_scanners_per_thread: Specifies the number of concurrent scanners processed by each Shazzam thread to optimize Shazzam probe performance.
• mid.windows_host.file_permissions.enforce: Enables the MID Server to use Windows file permissions enforcement to improve security.
• mid.windows_host.file_permissions.allow_list: Sets a white list for Windows file permissions enforcement to improve security.
• mid.sa.discovery.pattern_string_attributes.deduplicate: Reduces memory consumption for pattern execution context attributes by eliminating duplicate strings.

Use MID Server properties to configure the behavior of all MID Servers.

• mid.security.validation.endpoints: Enables enforcement of strict verification security checks.
• mid.probe.collect_debug_info: An optional property to collect debug information and put it in the payload of ECC input messages.

glide.discovery.log_debug_info: An optional property to populate debug information in the Discovery log.

Any communication between ServiceNow and the MID Server is in line with industry standards and provides mandatory validation checks. This functionality uses the MID Server property: mid.security.validation.endpoints. The default value is *.servicenow.com so all requests that initiate at the MID Server going to any ServiceNow domains and sub-domains will automatically go through validation checks for the certificates. You can also enter a comma-separated list of other endpoints that you want to enforce with these same checks.

MID Servers now support Microsoft JEA authentication in order to run basic Discovery. Microsoft JEA enables role-based administration through PowerShell Remoting, which uses Windows Remote Management (WinRM) to manage communication and authentication. PowerShell Remoting is enabled by default on Windows Server 2012 R2 and Windows Server 2016.

Create Map Pages with lists and forms for codeless configuration, in addition to classic, scripted Map Pages. By selecting the Use advanced configuration check box, the script hides and embedded records are displayed. These records enable you to configure and select map filters, map data items, and map marker icons. Advanced map pages can function along with scripting, and upgrade easily with future releases. Advanced map pages do not support mobile.

Define map data items through lists and forms.

• Configure map markers with lists and forms.
• Configure map markers to show different marker icons for the same data collection.
• Define map marker click behavior with lists and forms.

Use the modeling framework to choose a model type to represent your data. An anomaly score helps to understand which model type works best.

Use the double data type with metrics so that values are stored and retrieved with up to 16 digits of precision (instead of only 7 digits for floats). Replication should also preserve precision. The Data Type field allows you to choose float or double when creating a metric.

Select multiple groupBy fields on a transform request to allow for more complex queries. This is only available using Javascript.

• Customize mobile apps with your unique company identity by requesting branded versions of ServiceNow apps.
• Use mobile themes to change the color scheme of your mobile applications. The colors for elements such as headers, links, buttons, and icons can be controlled using themes.

Ability to launch an applet launcher from any screen within an application. The applet launcher was previously accessed only in the first screen of a tab.

Use a mobile dashboard to display data in graphical format. Adding reports and Performance Analytics widgets helps users more easily identify trends and turning points through indicator scores and visual representation.

Administrators can define different default browsers to open a mobile application’s authentication page. This option enables you to use either the devices' in-app browser and/or external browsers.

Copy an existing NLU model to use its clone as an iterative testbed for creating, importing, and comparing alternate NLU components, predictions, and confidence threshold scores between the clone and the original model.

Create a custom entity that's derived from a default system entity such as date, time, duration, or location.

Use Automated Test Framework (ATF) to test email notifications, outbound email flows, and inbound email responses.

The system now prevents users from sending or receiving virus-infected files via email. This feature is controlled by the glide.email.inbound.check_attachment_availability, glide.email.outbound.check_attachment_availability, and glide.email.email_client.check_attachment_availability system properties, which are enabled by default.

After upgrades and deployments of new applications or integrations, run quick start tests to verify that On-Call Scheduling still works. If you customized On-Call Scheduling, copy the quick start tests and configure them for your customizations.

Monitor the antivirus metrics to track activities that are related to the antivirus scanning of attachments in your instance. You can view the metrics for the last 60 days of activity to assess how effective the Antivirus Scanning function is against virus infections.

Version 10.0: Eliminate the task of providing repetitive responses for similar assessments by grouping control attestations or risk assessments. Provide the same evidence to all grouped assessments or respond to individual assessments in the same user interface.

Version 10.0: Send out policies for review and acknowledgment by employees to meet compliance requirements.

Version 10.0: Enable other application users to request policy exceptions and manage both policies and policy exceptions in a centralized place. This feature provides a generic framework for all ServiceNow applications to integrate to GRC policy exception management capability for centralized management of exception requests.

Version 10.0: After upgrades and deployments of new applications or integrations, run quick start tests to verify that Policy and Compliance Management still works. If you customized Policy and Compliance Management, copy the quick start tests and configure them for your customizations.

• RIDAC (Risks, Issues, Decisions, Actions, and Request Changes):
  • Convert Risks, Issues, Decisions, Actions, and Request Changes (RIDAC) entities, in that order, for a demand. For more information, see Convert RIDAC entries of a demand.
  • Associate your existing Risks, Issues, Decisions, Actions, and Request Changes records for a demand to convert them to RIDAC entities. For more information, see Associate existing risks, issues, decisions, actions, and request changes records.
  • Modify the RIDAC workflow using Flow Designer.
• Import cost plans along with individual breakdown values using the Cost Plan Import Set import [imp_cost_plan] map. For more information, see CostPlanBatchOperations API.
• Specify when to close a demand automatically when it is converted into a project. For more information, see Create a demand.
• Set a currency that is locally used as your project currency while converting a demand to a project using the Project currency field on the Demand form. For more information, see Create a demand.
  Note: The Project currency field is available only when you activate the PPM Standard Multicurrency plugin (com.snc.ppm_multicurrency). For more information, see Multi-currency in project financials.
• Add more specific details to a demand's risk using new fields on the Risk form.
• Track and manage a demand's resource plans by accessing the Resources page directly from the Demand form.

• As a Program Manager, create a program status report to view and track the progress of all projects under the program.

• RIDAC (Risks, Issues, Decisions, Actions, and Request Changes):
  • Convert Risks, Issues, Decisions, Actions, and Request Changes (RIDAC) entities, in that order, for a project. For more information see, Convert RIDAC entries for a project.
  • Associate your existing Risks, Issues, Decisions, Actions, and Request Changes records for a project to convert them to RIDAC entities. For more information, see Associate existing risks, issues, decisions, actions, and request changes records.
  • Modify the RIDAC workflow using the Flow Designer.
• Import cost plans along with individual breakdown values using the Cost Plan Import Set import [imp_cost_plan] map. For more information, see CostPlanBatchOperations API.
• Add more specific details to a project's risk using new fields on the Risk form.
• Import custom fields from Microsoft Project to a ServiceNow project by mapping the custom fields. Also, use scripts to import unmapped fields or modify the field data while importing a project from Microsoft Project to ServiceNow. For more information, see Import a Microsoft Project file - map custom fields.
• Include or exclude a project from the program status report using the Show on Program Status Report check box on the Preferences tab of the Project form.
• Track and manage a project's resource plans by accessing the Resources tab directly from the Project form using the Resource Workbench related link.

PPM Collaboration utilizes Slack as a project collaboration tool to facilitate active and timely communication about the project. The project manager, users, and any other stakeholders added to the project channel can easily stay up to date with the project status and chat with other members.

• Allocate hours to resources evenly using the Smart Even Load allocation spread that takes the availability of resources into account while allocating.
• While requesting an extension of a resource plan, a project manager or a demand manager can specify FTE, Person Days, or Hours for the extension period. When the resource manager extends the plan, the requested allocation is auto-filled with hours.
• Identify over-allocated resources by their negative availability values in the Resource Allocation Workbench and Resource Reports so you can make informed resource allocation decisions for your team.
• View any error or warnings that might occur during resource allocation in the Resource Plan Logs [resource_plan_logs] table.
• Use the Resource Diagnostics feature to run additional tests to detect invalid or corrupt data for a resource.

Plan and estimate your project costs and benefits in a currency that is locally used where the project is being managed. You can track your projects both in the functional currency and in a local currency as project currency. Use project currency to track the costs and benefits, and post your actuals by enabling the Project Currency view. Project Managers can plan costs and benefits, track the expenses, and report the financial performance of the project in either the corporate (functional) or the local (project) currency.

The option of using project currency enables you to aggregate the project financials using the appropriate exchange rate in a currency other than the functional currency.

You can change your view in the project form to project currency view and track the planned costs of a project in the selected project currency.

• Create multiple planning scenarios with different combinations of demands and projects in your portfolio for execution. The scenario-based planning enables you to conduct a what-if evaluation and identify risky demands and projects. For more information, see Create planning scenarios.
• Compare multiple scenarios in a portfolio and fund only those demands and projects that add financial value to the organization. For more information, see Compare planning scenarios.
• Confirm a new scenario or override an existing plan with a different plan based on changing market environment. For more information, see Confirm a planning scenario.
• Track the progress of selected demands and projects in your portfolio for consistent evaluation of your investment. For more information, see Track the progress of a portfolio.

• Allocate a percentage of a demand's total cost, benefit, and budget toward achievement of the organizational strategy and goals associated with the demand. For more information, see Allocate strategy and goal percentage for a demand.
• Allocate a percentage of a project's total cost, benefit, and budget toward achievement of the organizational strategy and goals associated with the project. For more information, see Allocate strategy and goal percentage for a project
• Use the Strategic Spend Tracking for PPM dashboard to view how the planned costs, actual costs, and benefits for projects aligned to the organization's goals and strategies trend over time in order to accurately understand the financial performance of the organization.

After upgrades and deployments of new applications or integrations, run quick start tests to verify that Project Portfolio Management still works. If you customized Project Portfolio Management, copy the quick start tests and configure them for your customizations.

Create, view, and edit RIDAC (Risk, Issues, Decisions, Actions, and Request Changes) records for your project.

Receive mobile notification whenever a RIDAC (Risk, Issues, Decisions, Actions, and Request Changes) record is assigned to you for your project.

GRC integration with Thomson Reuters Regulatory Intelligence, Version 1.0.7: Integrate with Thomson Reuters using the framework and guidelines provided in the Regulatory Change Management application.

Use the GRC integration with Thomson Reuters Regulatory Intelligence application and receive the regulatory alerts and changes in your ServiceNow instance.

• User health and willingness to return to work.
• Building readiness.
• Personal protective equipment inventory.
• Active contact tracing cases.
• Potentially exposed contacts under investigation.

Work Progress Status for SAFe provides a green, yellow, and red (GYR) progress status on SAFe epics and features to indicate whether the work is likely to be completed by the item's planned end date. It also provides an estimated completion date based on the rates at which the scope of work is changing and the work is being completed.

All test suites and tests must pass on default implementation. To validate a custom implementation, copy the automated tests and configure them according to your customizations.

• Discover Microsoft Graph Security API alerts that are candidates for security incidents and automate the creation of security incidents.
• Map alert fields to security incident fields.
• Aggregate similar alerts to existing open security incidents.
• Validate your mapping with a preview of the alert field values in a security incident.
• Receive automatic alert status updates when security incidents are created or closed.
• Set up scheduled ingestion of alerts to create security incidents periodically.

• Support for STIX 2.0 and 2.1 standards
• Modules for STIX 2.0 and STIX 2.1 objects and relationships
• STIX visualizer for visual representation of various STIX objects and relationships
• Minor enhancements to the TAXII client

Version 10.0: This integration provides the ability to ingest offenses to create security incidents. It enables automated ingestion of offenses to ServiceNow for offense/event/flow field mapping, filtering, and aggregation capabilities. It provides capabilities to update the offenses based on the security incident status changes, including automated close-out of offenses. This integration also provides the ability to fetch recent events/flows associated with an offense and track the key updates to offenses.

Version 10.1: Starting with version 10.1, the IBM QRadar API authorized service token is used for authentication for both IBM QRadar on-premises and QRoC.

Version 10.4: The IBM QRadar rule selection logic has been updated to fetch all offenses generated by System, Override, and User active rules.

• Aggregate duplicate or similar user reported phishing submissions to a single incident and consolidate incident response actions.
• Extract email headers from .eml attachments or the body of the email.
• Display email headers in a related list in the security incident record.
• Report phishing emails through the service catalog.
• Configure how the email header information is extracted from the email body. You can choose the following options:
  • Extract all email headers or select some of them.
  • Aggregate similar email submissions as child security incidents to an existing parent security incident.
  • Specify the order in which the email ingestion rules are applied.

• Equip security analysts with MITRE-ATT&CK tactics, techniques, and procedures (TTPs) to better analyze and respond to security incidents.
• Automate the incident work flows using the playbook for detecting and containing threats in the context of MITRE-ATT&CK framework.
• Prioritize indicators of compromise and threat hunting with MITRE-ATT&CK information.
• Understand the high-level security posture of your organization in the context of MITRE-ATT&CK framework.

• Map multiple fields for configuration items and observable fields when there are multiple raw base events that are related to a single alarm.
• Search for LogRhythm alarms and events in the mapping section.
• View raw events in a separate related list for raw base alarms.
• View all the raw base alarms by using a new navigation link that has been added to the LogRhythm Drilldown Event module.

• Searches the junk folder for matching phishing emails and deletes them when you initiate an Microsoft Exchange Online search and delete action.
• A security tag is applied to a security incident, and a work note is created when the search and delete action fails.
• An error email notification is sent to a group, and a work note is created when the Microsoft Exchange Online credentials expire.

The following features have been updated for the Microsoft Graph Security API alert ingestion integration:

• Search Catalog Item: Search for a catalog item
• Request Catalog Item: Make conversational requests for a specific item

• For open incidents, add comments on the Details tab without having to navigate to the Updates tab.
• Reopen a resolved incident.

• Adding comments on a ticket page for a requested item or incident
• Approving a request for catalog items
• Ordering catalog items from multiple catalogs
• Filtering for recent open and closed records from the My Requests menu
• Ordering catalog items from the wish list and from saved bundles
• Contents of the My Recent Items widget
• Variables using a regular expression

Select your flow action from the Flow field on the SLA Definition form. This flow runs for all task SLAs associated with the task record.

Open the flow in the Flow designer that is running against the Task SLA record by clicking the Show Flow related link.

After upgrades and deployments of new applications or integrations, run quick start tests to verify that Service Level Management still works. If you customized Service Level Management, copy the quick start tests and configure them for your customizations.

After upgrades and deployments of new applications or integrations, run quick start tests to verify that Service Mapping still works. If you customized Service Mapping, copy the quick start tests and configure them for your customizations.

In addition, test the high-level topology for the most important application services to check that it stays correct after the upgrade to the Orlando release. If you customized Service Mapping, copy the quick start tests and configure them for your customizations.

View service maps for application services converted from legacy business services. For information about the conversion procedure, see Convert business services to application services in bulk.

As a NOC operator, use application service maps to investigate and prioritize alerts without leaving the Agent Workspace UI. In the Agent Workspace UI, application service form and application service map provide visibility into items associated with CIs belonging to the application service, like alerts or incidents.

Resolve Service Portal page issues by identifying widget customization levels and checking widget code directly from a portal page.

Run quick start tests to verify that Skills Management still works after you upgrade and deploy new applications or integrations. If you customized Skills Management, copy the quick start tests and configure them for your customizations.

Set breakpoints or conditional logpoints to log your messages to the console at specific lines for debugging, and remove logpoints when you are done debugging them.

• Create, view, edit, enter notes, and submit time cards from a mobile device as a time sheet user.
• View, approve, reject, or recall a time sheet or time card from a mobile device as a project or user manager.

Version 10.0: After upgrades and deployments of new applications or integrations, run quick start tests to verify that Vendor Risk Management still works. If you customized Vendor Risk Management, copy the quick start tests and configure them for your customizations.

Create and reuse components called topic blocks to perform common functions in Virtual Agent conversations. Virtual Agent provides pre-built topic blocks for performing live agent transfers and surveys. The CSM, HR, and ITSM business applications also provide pre-built topic blocks for use in their business topics, such as contextual search.

Send notifications directly to users in Slack and Microsoft Teams via the Virtual Agent chatbot. Requesters can respond to notifications or start new bot conversations to complete their tasks.

• Limit the number of jobs that can run at the same time with Job concurrency.
• Specify the amount of data (number of items) that you process with specific jobs.
• Cancel jobs.
• Specify the total number of background jobs that are processed in parallel, regardless of the job type.

• Port
• Protocol
• Asset ID
• Proof

See Vulnerability Response upgrade information for more information.

• Key Performance Metrics (KPIs) for vulnerability remediation
• Highlights for areas in the business that have the highest risk
• Recommended actions to lower risk

The NVD integrations prior to v 13.0 of Vulnerability Response have been deprecated.

• Reapply the CI matching rules on discovered items with unmatched CI states on-demand.
• Reapply CI lookup rules on selected discovered items.
• The following updates occur if the link between a discovered item and a CI is changed after reapplying the lookup rules:
  • Open vulnerability detections are updated.
  • Corresponding VI-CI associations are updated for active VIs.
  • Assignment rules, group rules, risk scores, risk ratings, and remediation targets are reevaluated.
  • Discovered item status is updated accordingly. For example, discovered item status changes from Unmatched to Matched

On assignment rules, remediation target rules, and vulnerability calculators records and forms, the search text you enter in the condition builder is not case-sensitive. You do not have the option to enable case-sensitive searches on these records and forms.

• Agile Development Status
• Vulnerability Summary
• Vulnerability Explanation
• Recommendation

With Vulnerability Assignment Recommendations, view a short list of the most appropriate assignees for vulnerable items and vulnerability groups along with confidence scores for each recommendation. Reduce the time you spend chasing down ownership issues across your organization as you discover vulnerabilities and are unsure where they need to go for remediation. Vulnerability Assignment Recommendations is available with a separate subscription from the ServiceNow® Store.

The CMDB CI Class Models application dependency for this feature is installed automatically with v 12.1 of Vulnerability Response and may take some time to install.

Import the flaws (vulnerabilities) resulting from Veracode Dynamic Application Security Testing (DAST) and prioritize and efficiently drive remediation of detected flaws from within the Vulnerability Response application. Imported flaws are automatically assigned to the right team with a risk score and a remediation target date based on the rules you define.

Imported vulnerabilities are further enriched with the CWE imported from MITRE.

Quickly gain insight into your security posture and remediation trends, and view applications with the most critical, overdue vulnerabilities with Scoreboard.

Application Vulnerability Response supports the ServiceNow Vulnerability Response Integration with Veracode.

Starting with version 10.1 of Governance, Risk, and Compliance, you can use new policy exception capabilities in GRC: Policy and Compliance Management from within version 10.3 of the Vulnerability Response application. To use this feature, upgrade Policy and Compliance Management before upgrading Vulnerability Response. If you've already upgraded Vulnerability Response to v10.3 before Policy and Compliance Management v10.1, and you want to use this feature, perform the upgrade procedures again in the correct order. For more information, see Allow policy requests from other applications.

• Create pre-populated change requests of varying types (emergency, standard, or normal).
• Associate vulnerability groups to existing change requests.
• Split large vulnerability groups into manageable chunks.
• Resolve vulnerability groups automatically after change requests are implemented using automated state synchronization.

• You have two options in the Setup Assistant for your authentication with the Tenable.sc product:
  • API Key Authentication.
  • User authentication.

  With these authentication options, you can continue using your FIPS-compliant solutions with v5.12 and earlier of the Tenable product.

  See the product documentation and Vulnerability Response upgrade information for more information.

• The Tenable query filter you select in the Setup Assistant also applies to the Tenable.sc Assets Integration. Only the assets with the vulnerabilities that match the conditions of the query filter are imported. This filter can help you reduce the number of assets and vulnerable items you import so that you can focus on the assets and vulnerabilities you want to see.
• For the Tenable.io assets integration, Last Scan Time is imported and updated only for assets that have vulnerabilities.
• The Backfill Vulnerabilities Integration for the Tenable.sc product is available.
  • Import both open and fixed vulnerabilities that might have been missed over the last seven days to update your detections and vulnerable items.
  • This integration is disabled by default. See Vulnerability Response integrations upgrade information for more information.

• Run a healthy security program and reduce organizational risk.
• Use this integration infrastructure to help you reduce organizational exposure, harden endpoint surface area, and increase organizational resilience.
• Match imported assets to configuration items (CIs) present in the Configuration Management Database (CMDB), using the existing Vulnerability Response CI Matching framework.
• Create CIs for assets not found in the CMDB with the Identification and Reconciliation engine (IRE) framework.

• Identify the assets across your environment that have the same IP addresses.
• Create CIs or update existing CIs for assets with unique network partition identifiers.
• CMDB CI Class Models include the Network Partition Identifier in the IRE identification rules.
• Update your existing CIs with by running a scheduled job on-demand or wait for the next scheduled job to create CIs.

• Updates from solution imports are processed in the following cases:
  • When new solution data is released.
  • When existing solution data is updated.
  • When any manual change impacts solution metrics.
• The Calculate Related Counts for All Solutions job processes solutions data once nightly instead of continuously. This job is disabled by default.
• Solutions data is queued and processed separately from all the import changes by the Process Vulnerability Solution Metrics Queue scheduled job.

• Scan results on vulnerability scan records.
• Vulnerable items updated by scans.
• Details about any assets that were not reached during scans.
• See Vulnerability Response integrations upgrade information for more information about this feature.

• Identify the assets across your environment that have the same IP addresses.
• Create new CIs or update existing CIs for assets with unique network partition identifiers.
• CMDB CI Class Models include the Network Partition Identifier in the IRE identification rules.
• Update your existing CIs with by running a scheduled job on-demand or wait for the next scheduled job to create new CIs.
• See Vulnerability Response integrations upgrade information for more information about the requirements for this feature.

The NVD integrations prior to v 13.0 of Vulnerability Response have been deprecated.

Enable the Rapid7 Comprehensive Vulnerable Item Integration or the Rapid7 Comprehensive Vulnerable Item Integration – API if you want to close stale vulnerable items automatically with the Auto-Close Stale Vulnerable Items module. Based on the most current imported data, vulnerable items not recently found are automatically transitioned to ‘Closed’ by the Auto-Close Stale Vulnerable Items scheduled job. 

After upgrades and deployments of new applications or integrations, run quick start tests to verify that Vulnerability Response still works. If you customized Vulnerability Response, copy the quick start tests and configure them for your customizations.

After upgrades and deployments of new applications or integrations, run quick start tests to verify that Walk-up Experience still works. If you customized Walk-up Experience, copy the quick start tests and configure them for your customizations.