PRODUCT CAPABILITIES. The Subscription Service allows Customer to: (a) authenticate users before accessing the Customer’s instance; (b) encrypt passwords; (c) allow users to manage passwords; and (d) prevent access by users with an inactive account. Customer manages each user’s access to and use of the Subscription Service by assigning to each user a credential and user type that controls the level of access to the Subscription Service. Customer is solely responsible for reviewing ServiceNow’s Security Program and making an independent determination as to whether it meets Customer’s requirements, taking into account the type and sensitivity of Customer Data that Customer processes within the Subscription Service. Customer shall be responsible for implementing encryption and access control functionalities within the instance for protecting all Customer Data containing sensitive data, including credit card numbers, social security and other government- issued identification numbers, financial and health information, Personal Data (including any data deemed sensitive or “special categories of personal data” under Data Protection Laws). Customer is solely responsible for its decision not to encrypt such Customer Data and ServiceNow will have no liability to the extent that damages would have been mitigated by Customer’s use of such encryption measures. Customer is responsible for protecting the confidentiality of each user’s login and password and managing each user’s access to the Subscription Service. Customer shall be responsible for implementing ServiceNow’s documented best practices and hardening guidelines for securing its ServiceNow instances.
Appears in 1 contract
PRODUCT CAPABILITIES. The Subscription Service allows Customer to: (a) authenticate users before accessing the Customer’s instance; (b) encrypt passwords; (c) allow users to manage passwords; and (d) prevent access by users with an inactive account. Customer manages each user’s access to and use of the Subscription Service by assigning to each user a credential and user type that controls the level of access to the Subscription Service. Customer is solely responsible for reviewing ServiceNow’s Security Program and making an independent determination as to whether it meets Customer’s requirements, taking into account the type and sensitivity of Customer Data that Customer processes within the Subscription Service. Customer shall be responsible for implementing encryption and access control functionalities within the instance for protecting all Customer Data containing sensitive data, including credit card numbers, social security and other government- government-issued identification numbers, financial and health information, Personal Data (including any data deemed sensitive or “special categories of personal data” under Data Protection Laws). Customer is solely responsible for its decision not to encrypt such Customer Data and ServiceNow will have no liability to the extent that damages would have been mitigated by Customer’s use of such encryption measures. Customer is responsible for protecting the confidentiality of each user’s login and password and managing each user’s access to the Subscription Service. Customer shall be responsible for implementing ServiceNow’s documented best practices and hardening guidelines for securing its ServiceNow instances.
Appears in 1 contract