ServiceNow
Create and update incidents or change requests only after Action Certificates are verified. All writes map to catalog-scoped policies.
Monthly verification • last run September 2025
Modes & scopes
Modes
- Write-gated
- Read-first for catalog items
Scopes
- Scoped integration user
- Table-level ACLs
Runbook highlights
Connection modes
Private ServiceNow MID server or ServiceNow Private Connect with IP allowlists.
Learning Controls
Approval flows require security, service owner, and finops sign-off recorded in certificates.
Evidence
Certificates include table, catalog item, and change template identifiers plus rollback contract.
Sample automations & evidence
Sample automations
- Open Sev2 incident with governing approvals
- Update change request after SIEM verification
Action Certificate mapping
Every certificate embeds connector identifiers, residency policy hashes, and Learning Control references so downstream systems can verify scope before allowing writes. Export verification logs to Splunk/Datadog using thetrustplane.certificate_id attribute.
Need a signed runbook?
Request a signed copy of this connector runbook, DPIA, or sub-processor alignment via the security contact form. We respond within one business day and can include environment-specific attestations.
Contact security