HSCR0001807-acnnacioj-2021-02-26-17_13_55 (1)

Asset Management Findings ........................................................................................................................... 78 Case and Knowledge Management Findings ................................................................................................... 80 Platform Findings ............................................................................................................................................ 80 ACN SAC Findings ............................................................................................................................................ 85 ACN Guided Workflow Findings ...................................................................................................................... 86 APIs and Integration Tools Findings ................................................................................................................ 87 AppEngine Findings ........................................................................................................................................ 89 Custom Application Runtime and Execution Findings ..................................................................................... 91 Leave of Absence Findings .............................................................................................................................. 92 ACN MyLearning Findings ............................................................................................................................... 92 ACN WFH Findings .......................................................................................................................................... 95 Agile Development Findings ........................................................................................................................... 97 AIA Datalake Findings ..................................................................................................................................... 97 Ask HR Findings .............................................................................................................................................. 98 BGC Fortify Findings ........................................................................................................................................ 99 AP20 Real Estate Findings ............................................................................................................................. 100 BizInquiry PAV Findings ................................................................................................................................. 101 Data Privacy Findings .................................................................................................................................... 101 EMS Findings ................................................................................................................................................ 102 Reporting Findings ........................................................................................................................................ 102 ACN GCP Findings ......................................................................................................................................... 103 Integrations Findings .................................................................................................................................... 104 Mobile Asset Findings ................................................................................................................................... 105 Change Management Findings ..................................................................................................................... 105 Incident Management Findings .................................................................................................................... 106 ACN PA Findings ............................................................................................................................................ 107 Clear Pass Findings ........................................................................................................................................ 108 E2E Findings .................................................................................................................................................. 109 xMatters Actionable IT Alerts Findings .......................................................................................................... 109 ACN_ASB Findings ......................................................................................................................................... 110 ACN Former Employee Findings .................................................................................................................... 111 Ask PM Findings ............................................................................................................................................ 111 ACN Feedback Findings ................................................................................................................................. 112 AEE Ideas Findings ........................................................................................................................................ 112 Knowledge Management Findings ................................................................................................................ 113 Performance ................................................................................................................................................. 114 Case and Knowledge Management Findings ................................................................................................. 117 Change Management Findings ..................................................................................................................... 119 Incident Management Findings .................................................................................................................... 119 Platform Foundation Findings ....................................................................................................................... 120 Acn Dir Findings ............................................................................................................................................ 128 ACN ESA Findings .......................................................................................................................................... 129 ACN Guided Workflow Findings .................................................................................................................... 130 ACN SAC Findings .......................................................................................................................................... 132 Reporting Findings ........................................................................................................................................ 134 Service Portal Designer Findings ................................................................................................................... 134 ACN NDDO Findings ...................................................................................................................................... 135 ACN WPA Findings ........................................................................................................................................ 135 ACN_ASB Findings ......................................................................................................................................... 136 ACN_PCHW_GPRT Findings .......................................................................................................................... 138 AEE Ideas Findings ........................................................................................................................................ 139 APIs and Integration Tools Findings .............................................................................................................. 140 Major Incident Management Findings .......................................................................................................... 144 BGC Fortify Findings ...................................................................................................................................... 145 E2E Findings .................................................................................................................................................. 147 © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 3 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

ACN_ASB Findings ......................................................................................................................................... 259 ACN_MOBILECP Findings .............................................................................................................................. 259 Security ......................................................................................................................................................... 261 Platform Foundation Findings ....................................................................................................................... 261 Platform Findings .......................................................................................................................................... 266 Upgradeability .............................................................................................................................................. 267 Asset & Cost Management Findings ............................................................................................................. 269 Case and Knowledge Management Findings ................................................................................................. 269 Contract Management Findings .................................................................................................................... 270 ACN AMC Findings ........................................................................................................................................ 271 Asset Management Findings ......................................................................................................................... 272 Platform Foundation Findings ....................................................................................................................... 273 Service Catalog Findings ............................................................................................................................... 273 Software Asset Management Findings .......................................................................................................... 274 BGC Fortify Findings ...................................................................................................................................... 275 Cloud Management Findings ........................................................................................................................ 275 Discovery Findings ........................................................................................................................................ 275 Discovery and Service Mapping Patterns Findings ........................................................................................ 276 Automated Testing Framework Findings ....................................................................................................... 276 Change Management Findings ..................................................................................................................... 277 Incident Management Findings .................................................................................................................... 277 Service Portal Designer Findings ................................................................................................................... 278 Configuration Review for ITSM .......................................................... 279 Manageability ............................................................................................................................................... 279 Incident Management Findings .................................................................................................................... 281 Configuration Management Database Findings ............................................................................................ 283 Problem Management Findings .................................................................................................................... 284 Knowledge Management Findings ................................................................................................................ 285 Change Management Findings ..................................................................................................................... 288 ACN AMC Findings ........................................................................................................................................ 290 ACN NDDO Findings ...................................................................................................................................... 291 ACN WPA Findings ........................................................................................................................................ 291 ACN_ASB Findings ......................................................................................................................................... 291 ACN_MOBILECP Findings .............................................................................................................................. 292 Service Catalog Findings ............................................................................................................................... 292 User Experience ............................................................................................................................................ 294 Knowledge Management Findings ................................................................................................................ 294 ACN AMC Findings ........................................................................................................................................ 298 ACN WFH Findings ........................................................................................................................................ 298 AP20 Real Estate Findings ............................................................................................................................. 299 Service Catalog Findings ............................................................................................................................... 300 Discovery Findings ........................................................................................................................................ 301 Agent Workspace Findings ............................................................................................................................ 301 Change Management Findings ..................................................................................................................... 302 Incident Management Findings .................................................................................................................... 302 Platform Foundation Findings ....................................................................................................................... 304 Problem Management Findings .................................................................................................................... 305 Security ......................................................................................................................................................... 306 ACN AMC Findings ........................................................................................................................................ 308 Knowledge Management Findings ................................................................................................................ 309 Upgradeability .............................................................................................................................................. 311 Configuration Management Database Findings ............................................................................................ 311 Performance ................................................................................................................................................. 312 © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 6 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Instance Health Health Scorecard The scores below give an indication as to the health of your instance. Certain key definitions have been identified to give a summary for each category. Each of the categories is scored from 0-100%, where 100% means the instance is aligned to the best practices. A low score indicates that the instance is not aligned to best practices. Overall Score 59% Manageability This relates to the management of configuration and data. These best practices help you spend less time on administrative activities. 43% Performance An instance that feels fast and is responsive to the user provides a better user experience and helps maximize efficiency. 46% Security This category highlights items that you should consider for a more secure system. 92% Upgradeability ServiceNow recommends that you upgrade frequently. This category includes any impediments that may affect a successful upgrade. 75% User Experience Certain configuration and customization choices negatively impact a user's experience with the ServiceNow applications, making the system more frustrating to use. 55% © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 9 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Definition Rating Short description Results Category Score Overall Score HSD0001020 Discuss List Report without any columns selected 539 1.01% 0.32% HSD0001015 Act Reports should typically not be made public 1095 2.01% 0.64% HSD0001312 Recommend Client-side code should not contain the console.log() debugging method 920 1.01% 0.32% HSD0001187 Discuss Minimize logging in production 1336 2.01% 0.64% HSD0001391 Discuss Number of users with the admin role 100 2.01% 0.64% HSD0001202 Discuss Report assigned to a user which is not active 1 0.10% 0.03% HSD0001275 Recommend Scripts should not contain hard- coded IDs 1955 2.01% 0.64% HSD0001551 Discuss Number of Workflows 62 0.24% 0.08% Insights  Reporting enables users to extract data from the ServiceNow instance. This needs to be done securely, to ensure data is not shared inappropriately. For example, there are 1095 reports that are available without a login.  Not following process best practices will mean standard maintenance tasks take longer. Records that are no longer used obfuscate the current, in use reports and tasks.  Excessive logging and use of debug properties can hurt performance. The system will spend time writing and evaluating debug information rather than responding to the user. Minimize the use of debugging in production.  Following the best practices for platform and applications will help to keep the system easy to maintain. For example, errors should be dealt with promptly, user access reviewed, and outdated scripts removed. Otherwise, this results in routine activities taking longer than necessary.  Writing code to be readable and to produce obvious results is important for easy maintenance. Certain techniques can make debugging errors harder, or cause issues in the first place.  Ensure applications are configured securely to have appropriate data separation between users. These may be product specific.  ServiceNow provides robust capabilities to make the system your own. However, custom functionality requires maintenance. Having large numbers of custom scripts, workflows and other items can increase upgrade times due to the testing required whilst increasing © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 12 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Definition Rating Short description Results Category Score Overall Score customers to control access by ServiceNow Customer Support HSD0004448 Recommend Allow Entity Validation with Whitelisting 1 0.52% 0.03% HSD0004442 Act Disable Entity Expansion 1 1.87% 0.12% HSD0003041 Recommend Convert Inbound Email HTML 1 0.52% 0.03% HSD0001639 Discuss Enable IP Range Based Authentication 1 0.75% 0.05% HSD0004060 Recommend Only allow acceptable file extensions to be uploaded during file attachment 1 0.52% 0.03% HSD0003030 Recommend Enable Privacy on Client-Callable Script Includes 1 0.52% 0.03% HSD0001557 Recommend Enforce strong passwords 1 0.52% 0.03% HSD0003385 Recommend Restrict Emails by Domain 1 0.52% 0.03% HSD0001354 Recommend Upload MIME Type Restriction should be enabled 1 0.52% 0.03% Insights  ServiceNow recommends that secure platform properties are set according to the Security Hardening guide. Refer to the Security section of the product documentation.  Reporting enables users to extract data from the ServiceNow instance. This needs to be done securely, to ensure data is not shared inappropriately.  ServiceNow recommends that the Security Hardening guide is followed, and appropriate plugins and settings should be configured. Refer to the Security section of the product documentation. Upgradeability Definition Rating Short description Results Category Score Overall Score HSD0001666 Recommend Differs from baseline: UI Macros and 3 0.56% 0.19% © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 15 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Summaries The tables below give a summation of the number of findings. They are broken down by category and rating . Automated findings have been found via the HealthScan automated scanning technology. As such, there may be extenuating circumstances, or be driven by business requirements. Please note that the detailed results of automated findings may references multiple source objects (e.g. Business Rules), we have limited the publication of such source object references to a maximum of 5 entries, thereby keeping the report to a manageable size. A detailed CSV export of all findings with references to all affected objects is available on request. ServiceNow recommends that findings rated as act are aligned with best practice or otherwise justified. Recommend findings may need review since there may be more mitigating circumstances, while discuss findings should be aligned if possible. More information is in the appendix . Automated Findings Summary Category Act Recommend Discuss Manageability 2514 29227 30799 Performance 806 4635 634 Security 917 2691 7 Upgradeability 499 404 1363 User Experience 1005 1628 750 © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 18 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

PIP Probation 2 6 1 Platform 162 Platform Foundation 914 951 521 Procurement 1 Request Supplementary Pay 2 RTO Pulse Survey 1 Sales and Quality 4 6 Salesforce Integration 1 1 Service Catalog 7 17 Service Level Management 1 Service Portal Designer 1 Source To Pay 8 11 15 Time Card Management 2 4 Tracker App 1 TRIPP 1 TSEF 1 VA Adoption Insights 1 WS Admin 2 Integrations Findings Categorization Details Definition: HSD0001011: Slow loading forms in the last 30 Days Rating: Discuss Description: For the last 30 days table related forms that by average take longer than 500 milliseconds (0.5 secs) to load, excluding network and other time. Slow loading forms are frustrating to the user. Recommendation: Slow loading forms may occur if there are a lot of fields, scripts, database lookups, ACLs, UI Policies, Business Rules etc. Optimize client side logic and form behaviour. Review transactions in System Diagnostics > Stats > Slow Transactions, and System Logs > Transactions (All user). Documentation Click here for more details Table / Object Details Table [saml2_update1_properties]: 1053 ms Look on instance Categorization Details Definition: HSD0004819: Journal fields in export records Rating: Recommend Description: Property Name: glide.export.force_ui_list_behavior Journal fields such as worknotes and comments in the export record can cause the exported file to be big and is not needed in most of the cases. © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 21 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Recommendation: Add this property and set the value to true to not include Journal fields in the export. Documentation Click here for more details Table / Object Details System Property [sys_properties]: glide.export.force_ui_list_behavior Look on instance Platform Foundation Findings Categorization Details Definition: HSD0001011: Slow loading forms in the last 30 Days Rating: Discuss Description: For the last 30 days table related forms that by average take longer than 500 milliseconds (0.5 secs) to load, excluding network and other time. Slow loading forms are frustrating to the user. Recommendation: Slow loading forms may occur if there are a lot of fields, scripts, database lookups, ACLs, UI Policies, Business Rules etc. Optimize client side logic and form behaviour. Review transactions in System Diagnostics > Stats > Slow Transactions, and System Logs > Transactions (All user). Documentation Click here for more details Table / Object Details Table [sys_script]: 1377 ms Look on instance Categorization Details Definition: HSD0002687: Weekday schedules should have holiday includes Rating: Recommend Description: Generally, schedules that run only during the week should ideally have exclusions for local holidays. Recommendation: Ensure that when setting up schedules for business hours you consider excluding local holidays. Documentation Click here for more details Object:  cmn_schedule_span  cmn_schedule_span  cmn_schedule_span  cmn_schedule_span Categorization Details Definition: HSD0005687: Too many fields and/or large fields can cause database storage issues Rating: Recommend Description: Too many fields and/or large fields on task table or table extended from task can cause issues when row size on underlying MySQL database reaches its maximum allowable limit resulting no more fields can be added on task or table extended from task table. Recommendation: Please review fields on tables identified through this finding to reduce number of large © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 22 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

string and html fields. Alternatively for fields having maximum size defined between 85 to 255 consider increasing field size to 256 or more, this in turn will change internal data type of field and save space on database. Please contact ServiceNow HI Support if you need any further assistance. Documentation Click here for more details Table / Object Details Table [sys_db_object]: Please review fields on table(s) x_amspi_fac_compli_checkpoints_philippines,x_amspi_acn_amc_2_amc_task,x_amspi_acn _amc_2_amc_request,x_amspi_ap20_real_disposition,x_amspi_cdp_task,task,x_amspi_e2e _request Look on instance Categorization Details Definition: HSD0001302: Application navigator application menu with only one module. Rating: Discuss Description: Application menu items with only one module are often created automatically when creating a new table/application. Consider grouping into another Application menu. Recommendation: Consider grouping into a consolidated application menu, removing the module if it is not needed, or adding some more useful modules to the application menu. Documentation Click here for more details Table / Object Details Application Menu [sys_app_application]: Approval Rules Look on instance Application Menu [sys_app_application]: CSV Report Look on instance Application Menu [sys_app_application]: AIR Database Look on instance Categorization Details Definition: HSD0002813: Activity Formatter placement Rating: Recommend Description: Put the Activity Formatter placement in a section for a consistent user experience Recommendation: The Activity Formatter should not be part of the title section and instead be moved to a dedicated section. This will provide a consistent user experience and prevent forms from becoming overly long. Documentation Click here for more details Table / Object Details Section Element [x_amspi_time_exp_task]: Activity Formatter placement Look on instance Section Element [x_amspi_cwhite_workstn_ mgnmt]: Activity Formatter placement Look on instance Section Element Activity Formatter placement © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 23 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

[x_amspi_acn_asb_project_d efinition]: Look on instance Section Element [x_amspi_acn_mobile_updat e_mobile_compliance_publi shing]: Activity Formatter placement Look on instance Categorization Details Definition: HSD0002582: Child group does not contain all parent roles Rating: Act Description: If a group has a parent, the child group inherits the roles of the parent group. This group did not inherit all the parent roles and any members of this group would not be granted the intended access. Recommendation: Review this group to understand why the roles have not been inherited from the parent group. This could happen when the Business Rules did not execute. Another potential cause could be a clone where the Group Role [sys_group_has_role] table has been excluded. This could also occur when the roles have been deleted directly from the Group Role [sys_group_has_role] table. Removing the parent from this group, saving, and then adding the parent back should resolve this issue. Documentation Click here for more details Table / Object Details Group [sys_user_group]: CMT_LeadershipApprover Look on instance Group [sys_user_group]: Personnel_Administration_fulfiller41 Look on instance Group [sys_user_group]: Health CIO in the New Look on instance Group [sys_user_group]: Accenture Federal Services_PageOwner Look on instance Categorization Details Definition: HSD0002606: Process Flow placement Rating: Discuss Description: Correct Process Flow placement for a consistent user experience Recommendation: Process flow should be at the top of the form and span both columns Documentation Click here for more details Table / Object Details x_amspi_acn_asb_structure_ setup: Process Flow placement Look on instance x_amspi_acn_esa_request: Process Flow placement Look on instance x_amspi_acn_esa_task: Process Flow placement © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 24 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Look on instance HR Case and Knowledge Management Findings Categorization Details Definition: HSD0002683: Approvers listed are no longer active Rating: Act Description: If you have a record in the approval table whose approvers are no longer active, the case would be stuck in awaiting approval Recommendation: Update the approval record to have a valid and active user to process the approval. You may need to review the underlying workflow too for the approval logic. Documentation Click here for more details Table / Object Details sysapproval_approver: 3334 pending for approval by inactive approver Look on instance ACN AMC Findings Categorization Details Definition: HSD0001207: Form layout whitespace: make sure layout split does not have large empty areas because only one side contains fields. Rating: Recommend Description: If more there is a disparity of more than 5 fields (e.g., left has 1, right has 7), we should consider making the form more balanced. This might also indicate some client-side rules are hiding some of these fields if the whitespace is not apparent. Recommendation: Make sure the form is balanced and there is not excessive whitespace on one side or the other. Documentation Click here for more details Table / Object Details Table [sys_ui_element]: x_amspi_acn_amc_2_amc_task table has a discrepency of 8 elements.. x_amspi_acn_amc_2_amc_task.do?sys_id=-1&sysparm_view= - x_amspi_acn_amc_2_amc_task.do?sys_id=-1&sysp Look on instance Categorization Details Definition: HSD0002128: Same field twice on one form Rating: Act Description: Check if a given field is placed twice on the same form. If so this will cause issues in saving/scripting etc. Recommendation: Review and remove any duplicate form fields, as this could cause issues with saving. Documentation Click here for more details Table / Object Details Form [sys_ui_form]: sf_x_amspi_acn_amc_task. not_visible on form 2 times in one or more sections. Look on instance © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 25 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Categorization Details Definition: HSD0001344: Minimize the number of options in a choice field Rating: Discuss Description: Having many options in a choice field often results in a poor user experience. Recommendation: Check if all the options are really required. Try to reduce to less than 15. Consolidate the options down or pick another field type. Documentation Click here for more details Table / Object Details Dictionary Entry [sys_dictionary]: Time Needed (GMT) Look on instance Categorization Details Definition: HSD0001372: Too many fields on a form Rating: Recommend Description: Too many fields on forms impact the service experience and leave users frustrated. Performance and ease of management is also impacted. Recommendation: Try to reduce the complexity of the given form to fewer than 30 fields. Use views or calculate fields automatically. Documentation Click here for more details Table / Object Details Form [sf_x_amspi_acn_amc_task]: 32 Look on instance Form [x_amspi_acn_amc_2_amc_t ask]: 69 Look on instance Form [sf_x_amspi_acn_amc_reque st]: 31 Look on instance Form [x_amspi_acn_amc_2_amc_r equest]: 33 Look on instance Categorization Details Definition: HSD0002020: Long module titles Rating: Discuss Description: Sometimes customers can use long titles for modules, which end up getting truncated and an ellipsis (...) added to it. When this happens, users do not see the full title and feel compelled to click it so they can see what that module is doing. Even more so, this can impact user experience when there are many similarly named modules. Recommendation: Long module titles will be truncated in the UI or they may overlap with the edit/favorite icons. Consider shortening the titles, making them unique. Or, if there are many with a © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 26 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

similar name, consider collating them under a separator and renaming them. Documentation Click here for more details Table / Object Details : Estimated Time to Complete Fullfillment Look on instance : For my Sales Pursuit/key project deliverable, I need assistance with… Look on instance : Estimated Time to Complete Fullfillment s Look on instance ACN BCTAPP Findings Categorization Details Definition: HSD0001207: Form layout whitespace: make sure layout split does not have large empty areas because only one side contains fields. Rating: Recommend Description: If more there is a disparity of more than 5 fields (e.g., left has 1, right has 7), we should consider making the form more balanced. This might also indicate some client-side rules are hiding some of these fields if the whitespace is not apparent. Recommendation: Make sure the form is balanced and there is not excessive whitespace on one side or the other. Documentation Click here for more details Table / Object Details Table [sys_ui_element]: x_amspi_acn_bctapp_travel_approval table has a discrepency of 5 elements.. x_amspi_acn_bctapp_travel_approval.do?sys_id=-1&sysparm_view= Look on instance Categorization Details Definition: HSD0001372: Too many fields on a form Rating: Recommend Description: Too many fields on forms impact the service experience and leave users frustrated. Performance and ease of management is also impacted. Recommendation: Try to reduce the complexity of the given form to fewer than 30 fields. Use views or calculate fields automatically. Documentation Click here for more details Table / Object Details Form [x_amspi_acn_bctapp_travel _approval]: 56 Look on instance ACN WFH Findings Categorization Details Definition: HSD0001207: Form layout whitespace: make sure layout split does not have large empty © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 27 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

areas because only one side contains fields. Rating: Recommend Description: If more there is a disparity of more than 5 fields (e.g., left has 1, right has 7), we should consider making the form more balanced. This might also indicate some client-side rules are hiding some of these fields if the whitespace is not apparent. Recommendation: Make sure the form is balanced and there is not excessive whitespace on one side or the other. Documentation Click here for more details Table / Object Details Table [sys_ui_element]: x_amspi_acn_wfh_ph_request table has a discrepency of 5 elements.. x_amspi_acn_wfh_ph_request.do?sys_id=-1&sysparm_view= Look on instance Categorization Details Definition: HSD0001344: Minimize the number of options in a choice field Rating: Discuss Description: Having many options in a choice field often results in a poor user experience. Recommendation: Check if all the options are really required. Try to reduce to less than 15. Consolidate the options down or pick another field type. Documentation Click here for more details Table / Object Details Dictionary Entry [sys_dictionary]: IG Look on instance Dictionary Entry [sys_dictionary]: IG Look on instance Categorization Details Definition: HSD0002830: Notifications with recipients who are not active Rating: Recommend Description: Notifications will not be sent to inactive users. Therefore notifications may not be sent when they would be expected to. Recommendation: Replace inactive recipients or set notifications to be sent to groups that are being maintained with only active users Documentation Click here for more details Table / Object Details Notification [sysevent_email_action]: WFH SLA Breached - 3rd Reminder Look on instance Notification [sysevent_email_action]: WFH Service Desk- 3rd Day Reminder Look on instance Notification [sysevent_email_action]: WFH Service Desk- 3rd Day Reminder - AO Look on instance © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 28 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Notification [sysevent_email_action]: WFH Final Rem- Service Desk Look on instance ACN WPA Findings Categorization Details Definition: HSD0001207: Form layout whitespace: make sure layout split does not have large empty areas because only one side contains fields. Rating: Recommend Description: If more there is a disparity of more than 5 fields (e.g., left has 1, right has 7), we should consider making the form more balanced. This might also indicate some client-side rules are hiding some of these fields if the whitespace is not apparent. Recommendation: Make sure the form is balanced and there is not excessive whitespace on one side or the other. Documentation Click here for more details Table / Object Details Table [sys_ui_element]: x_amspi_acn_wpa_work_permit_subscription table has a discrepency of 5 elements.. x_amspi_acn_wpa_work_permit_subscription.do?sys_id=-1&sysparm_view= Look on instance Table [sys_ui_element]: x_amspi_acn_wpa_work_permit_task table has a discrepency of 5 elements.. x_amspi_acn_wpa_work_permit_task.do?sys_id=-1&sysparm_view= Look on instance Categorization Details Definition: HSD0002737: UI Actions displayed as a button should be short and precise Rating: Discuss Description: The text displayed on an UI Action should be short and precise to avoid buttons becoming to large. Recommendation: Review the name for each of the UI Actions and shorten it. Documentation Click here for more details Table / Object Details UI Action [sys_ui_action]: Additional Information Requested Look on instance UI Action [sys_ui_action]: Additional Information Requested Look on instance Platform Findings Categorization Details Definition: HSD0002694: Get the number of Requested Approval for more than 10 Days. Rating: Recommend Description: Approvals are recommended to be processed within 10 days after requested Recommendation: Approvals are recommended to be processed within 10 days after requested and keep the user aware of the turnaround time of processing © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 29 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Documentation Click here for more details Table / Object Details sysapproval_approver: 310427 Unapproved Task updated 10 days ago Look on instance Categorization Details Definition: HSD0002695: Unassigned Tasks created 5 days or more Rating: Recommend Description: Tasks are recommended to be assigned as soon as possible to address the query, concern or issues of each user Recommendation: Assign the Task as soon as created and provide the SLA for resolution or reply to keep the user aware of the process and turnaround time of processing Documentation Click here for more details Table / Object Details x_amspi_dataprvcy_pcc: 11 Unassigned updated 5 days ago Look on instance x_amspi_ap20_real_cre_anal ytics_task: 3 Unassigned updated 5 days ago Look on instance x_amspi_ems_base_request: 94 Unassigned updated 5 days ago Look on instance x_amspi_client_tax_matters _task: 4806 Unassigned updated 5 days ago Look on instance AP20 Real Estate Findings Categorization Details Definition: HSD0001265: Auto-complete to match text in the columns listed in the ref_ac_columns attribute should be enabled. Rating: Discuss Description: Check if dictionary 'ref_ac_columns_search' attribute is set to true in order to enable auto- complete to match text in any column listed in the ref_ac_columns attribute. Recommendation: Set dictionary attribute 'ref_ac_columns_search' to true to enable auto-complete to match text in all reference field columns. By default (or when this attribute is false) auto-complete only matches text in the display value column. Documentation Click here for more details Table / Object Details Dictionary Entry [sys_dictionary]: GeoRegion Look on instance ACN NDDO Findings Categorization Details Definition: HSD0002737: UI Actions displayed as a button should be short and precise © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 30 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Rating: Discuss Description: The text displayed on an UI Action should be short and precise to avoid buttons becoming to large. Recommendation: Review the name for each of the UI Actions and shorten it. Documentation Click here for more details Table / Object Details UI Action [sys_ui_action]: Request for Additional Details Look on instance ACN PA Findings Categorization Details Definition: HSD0002737: UI Actions displayed as a button should be short and precise Rating: Discuss Description: The text displayed on an UI Action should be short and precise to avoid buttons becoming to large. Recommendation: Review the name for each of the UI Actions and shorten it. Documentation Click here for more details Table / Object Details UI Action [sys_ui_action]: Copy Activity Tracker Information Look on instance ACN_MOBILECP Findings Categorization Details Definition: HSD0002737: UI Actions displayed as a button should be short and precise Rating: Discuss Description: The text displayed on an UI Action should be short and precise to avoid buttons becoming to large. Recommendation: Review the name for each of the UI Actions and shorten it. Documentation Click here for more details Table / Object Details UI Action [sys_ui_action]: Download Legal & Data Privacy+EULA forms Look on instance BizInquiry PAV Findings Categorization Details Definition: HSD0001302: Application navigator application menu with only one module. Rating: Discuss Description: Application menu items with only one module are often created automatically when creating a new table/application. Consider grouping into another Application menu. Recommendation: Consider grouping into a consolidated application menu, removing the module if it is not needed, or adding some more useful modules to the application menu. © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 31 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Documentation Click here for more details Table / Object Details Application Menu [sys_app_application]: Line Items Look on instance Application Menu [sys_app_application]: Fiscal Period Look on instance Acn Dir Findings Categorization Details Definition: HSD0002128: Same field twice on one form Rating: Act Description: Check if a given field is placed twice on the same form. If so this will cause issues in saving/scripting etc. Recommendation: Review and remove any duplicate form fields, as this could cause issues with saving. Documentation Click here for more details Table / Object Details Form [sys_ui_form]: x_amspi_acn_dir_sf_task. not_visible on form 2 times in one or more sections. Look on instance Categorization Details Definition: HSD0001344: Minimize the number of options in a choice field Rating: Discuss Description: Having many options in a choice field often results in a poor user experience. Recommendation: Check if all the options are really required. Try to reduce to less than 15. Consolidate the options down or pick another field type. Documentation Click here for more details Table / Object Details Dictionary Entry [sys_dictionary]: Lead status Look on instance Dictionary Entry [sys_dictionary]: Reason close Look on instance ACN ESA Findings Categorization Details Definition: HSD0002128: Same field twice on one form Rating: Act Description: Check if a given field is placed twice on the same form. If so this will cause issues in saving/scripting etc. Recommendation: Review and remove any duplicate form fields, as this could cause issues with saving. Documentation Click here for more details © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 32 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Table / Object Details Form [sys_ui_form]: sf_x_amspi_acn_esa_task. not_visible on form 2 times in one or more sections. Look on instance Categorization Details Definition: HSD0002020: Long module titles Rating: Discuss Description: Sometimes customers can use long titles for modules, which end up getting truncated and an ellipsis (...) added to it. When this happens, users do not see the full title and feel compelled to click it so they can see what that module is doing. Even more so, this can impact user experience when there are many similarly named modules. Recommendation: Long module titles will be truncated in the UI or they may overlap with the edit/favorite icons. Consider shortening the titles, making them unique. Or, if there are many with a similar name, consider collating them under a separator and renaming them. Documentation Click here for more details Table / Object Details : Imp Tmpl X Amspi Acn Acnesa Esa Group Assignment Look on instance ACN Former Employee Findings Categorization Details Definition: HSD0002128: Same field twice on one form Rating: Act Description: Check if a given field is placed twice on the same form. If so this will cause issues in saving/scripting etc. Recommendation: Review and remove any duplicate form fields, as this could cause issues with saving. Documentation Click here for more details Table / Object Details Form [sys_ui_form]: x_amspi_acn_former_sf_employee_task. not_visible on form 2 times in one or more sections. Look on instance Categorization Details Definition: HSD0002020: Long module titles Rating: Discuss Description: Sometimes customers can use long titles for modules, which end up getting truncated and an ellipsis (...) added to it. When this happens, users do not see the full title and feel compelled to click it so they can see what that module is doing. Even more so, this can impact user experience when there are many similarly named modules. Recommendation: Long module titles will be truncated in the UI or they may overlap with the edit/favorite icons. Consider shortening the titles, making them unique. Or, if there are many with a similar name, consider collating them under a separator and renaming them. © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 33 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Documentation Click here for more details Table / Object Details : ACN Former Employee Request Templates Look on instance ACN GCP Findings Categorization Details Definition: HSD0002128: Same field twice on one form Rating: Act Description: Check if a given field is placed twice on the same form. If so this will cause issues in saving/scripting etc. Recommendation: Review and remove any duplicate form fields, as this could cause issues with saving. Documentation Click here for more details Table / Object Details Form [sys_ui_form]: x_amspi_acn_gcp_sf_task. not_visible on form 2 times in one or more sections. Look on instance Asset Management Findings Categorization Details Definition: HSD0002833: List with a reference field as the first column Rating: Discuss Description: The first column in user facing lists should not be a reference field. Recommendation: Review the list layout and change the position of the reference field. The first column of the list should be a non-reference attribute of the table that is displayed. Documentation Click here for more details Table / Object Details List [sys_ui_list]: alm_asset Look on instance List [sys_ui_list]: alm_asset Look on instance List [sys_ui_list]: alm_asset Look on instance List [sys_ui_list]: alm_asset Look on instance © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 34 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Manageability Each of the findings by in this category have been further broken down by products in the table below. Again, you can see the findings by rating. Product Act Recommend Discuss ACN AMC 31 134 248 ACN BCTAPP 1 25 32 Acn Dir 20 158 88 ACN Document Builder 2 2 11 ACN ESA 8 69 109 ACN Feedback 3 11 ACN Former Employee 6 27 59 ACN GCP 20 171 101 ACN Guided Workflow 5 17 14 ACN MyLearning 20 209 109 ACN NDDO 22 331 130 ACN PA 18 156 111 ACN SAC 19 85 137 ACN WFH 18 204 296 ACN WPA 19 170 118 ACN_ASB 31 305 292 ACN_CBMS 17 111 116 ACN_MOBILECP 12 79 179 ACN_PCHW_GPRT 22 69 113 Admin Account Request 2 3 11 AEE Ideas 15 364 130 Agent Intelligence 4 Agile Development 16 23 AIA Datalake 9 8 28 AP20 Real Estate 38 462 406 APIs and Integration Tools 4 829 431 AppEngine 353 22 Appointment Booking 2 Ask HR 2 84 112 Ask PM 3 109 130 Asset & Cost Management 3 Asset Management 39 142 42 Attachment Utility 1 Audit Tax App 4 82 103 Automated Testing Framework 1 1 © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 35 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

BGC Fortify 6 680 652 Biz Approval 10 92 118 BizInquiry PAV 1 7 19 Business Support Request 15 147 80 Case and Knowledge Management 42 694 521 Cash Appl 9 156 78 CDP 34 332 452 Change Management 25 244 181 Clear Pass 20 197 230 Client Tax Matters 14 267 153 Client Whitelist 13 80 58 Cloud Management 1 Complaint Management Tool 15 128 90 Configuration Management Database 8 217 67 Connect Support 2 Contract Management 4 CRS 20 52 91 Custom Application Runtime and Execution 85 Customer Service Management 1 Data Privacy 49 889 821 Delegation 3 36 37 Disability 31 313 255 Discovery 5 Discovery and Service Mapping Patterns 1 1 E2E 13 253 152 EAM Asset Import 14 50 59 Ecosystem Supplier Management Support 37 54 Employee Data Change 1 147 114 Employee Exit 58 18 EMS 8 93 115 Enterprise Insight 25 167 155 Environment Config 1 1 Fac Compliance 11 378 308 Facilities Service Management 2 5 Fixed Assets 11 190 80 Fixed Assets Change 9 233 105 Flexi Work 1 44 77 Full and Final Exit 3 183 195 © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 36 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

GDPR Recruiting 1 6 6 Governance, Risk & Compliance 1 8 Holiday Payout 35 66 Hours That Help 2 114 142 HR Case and Knowledge Management 1 Human Resources: Lifecycle Events 1 Idea Innovation 16 83 112 Incident Management 132 162 456 Integration - MyTE 5 4 Integrations 4 9 Interaction Logging, Routing, and Queueing 1 Internal Archiving 1 3 ITSM VA Accelerator 1 3 ITSM Workspace 1 Knowledge Management 1 57 7 Leave of Absence 13 222 233 LOC 1 49 93 Major Incident Management 13 202 141 Managed documents 2 Metric Definition 3 MetricBase (Clotho) - Time Series Database 1 Mobile 7 Mobile Asset 1 16 Mobile ITSM 3 14 MS Forms 14 54 66 MS Teams Recording Enablement 18 106 135 My Access 11 37 Normalization Data Services Client 2 Notifications 526 On-Call Scheduling 2 10 PAM Password Rotataion 1 32 18 Password Reset 1 Payroll 18 220 90 Payroll Uploads 1 145 121 PDF Generator 3 Performance Analytics 18 PIP Probation 27 116 314 © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 37 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Platform 4 183 Platform Foundation 753 11788 10589 Problem Management 1 69 30 Query stats 1 1 Reporting 470 1349 Request Supplementary Pay 2 98 86 RTO Pulse Survey 6 3 20 Sales and Quality 7 153 63 Salesforce Integration 3 9 56 Service Catalog 130 1818 5868 Service Level Management 5 Service Portal Designer 2 7 ServiceNow NowMobile App – Catalog Screens and Applet Launcher 2 3 Software Asset Management 3 7 Source To Pay 35 328 298 Task table schema 1 Task-Outage Relationship 1 Time Card Management 11 159 81 Tracker App 19 17 TRIPP 1 23 33 TSEF 46 43 Users, Groups, and Roles 25 2 VA Adoption Insights 1 1 7 Walk-up Experience 1 11 25 Workflow 2 2 Workflow Runtime Engine 10 WS Admin 1 9 31 xMatters Actionable IT Alerts 15 4 ACN AMC Findings Categorization Details Definition: HSD0001924: Use Notification Categories Rating: Discuss Description: Notification categories allow your users an easy way to manage their notifications. Recommendation: Associate a notification category with every email notification Documentation Click here for more details Table / Object Details © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 38 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Notification [sysevent_email_action]: Email Notif for CAT Feedback Look on instance Notification [sysevent_email_action]: Email Notif to Due Requests Look on instance Notification [sysevent_email_action]: ACN AMC REQUEST SUBMITTED Look on instance Categorization Details Definition: HSD0002071: Verify that system properties have a value (blank may be a valid value but still good to check this) Rating: Recommend Description: Verify that system properties have a value (blank may be a valid value but still good to check this) //Exclude properties whose names contain "glide" as they may be system properties Recommendation: System propertiess hould have a value (blank may be a valid value but still good to check this) Documentation Click here for more details Table / Object Details System Property [sys_properties]: x_amspi_acn_amc_2.evening.rush.hours Look on instance System Property [sys_properties]: x_amspi_acn_amc_2.morning.rush.hours Look on instance Categorization Details Definition: HSD0001015: Reports should typically not be made public Rating: Act Description: By default, reports that are public are available without logging in. This means that data may be unintentionally exposed and viewable by any user. Recommendation: Instead of publishing a report that is accessible by any user, regardless of whether they are logged in or not, share reports based on Roles, Users and/or Groups. To make a report available only to logged in users, set its Sharing setting to Everyone, but do not publish it. List reports are excluded from this definition as they always apply table level security (ACLs). Documentation Click here for more details Table / Object Details Report [x_amspi_acn_amc_request] : CI maintenance requests by building / space Look on instance Report [x_amspi_acn_amc_task]: CI maintenance tasks by building / space Look on instance Report [x_amspi_acn_amc_request] : Asset maintenance requests by building / space Look on instance Report [x_amspi_acn_amc_task]: Asset maintenance tasks by building / space © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 39 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Look on instance Categorization Details Definition: HSD0003086: Scripted REST service and its resources should have a short description Rating: Discuss Description: Scripted REST services and their resources should have at least a short description for documentation purposes. Recommendation: Scripted REST service or attached resource does not provide a short description. Please add at least a short description for documentation purposes. Documentation Click here for more details Table / Object Details Scripted REST API [sys_ws_definition]: OPS API Look on instance Scripted REST Resource [sys_ws_operation]: addNonRequestHours Look on instance Categorization Details Definition: HSD0001058: Scoped app uses logging utils or depreciated methods for logging rather than the verbosity method. Rating: Act Description: Scoped applications should use scoped logging APIs rather than legacy methods. Recommendation: Scoped applications should use scoped logging APIs rather than legacy methods. Documentation Click here for more details Table / Object Details Script Include [sys_script_include]: getActiveContactPerson Look on instance Fix Script [sys_script_fix]: update_practice_domains_to_S&C Look on instance Fix Script [sys_script_fix]: update_practice_domains_to_security Look on instance Categorization Details Definition: HSD0001060: Use UI Policies Instead of Client Scripts Rating: Discuss Description: Review the Client Scripts and identify ones that should be UI Policies Recommendation: UI Policies are superior to Client Scripts as they dont require scripting. Review the client scripts and identify ones that should be UI Policies Documentation Click here for more details Table / Object Details Catalog Client Scripts Hide Fields when No Request. Script:Found on lines 17, 21, 23, 24, 29, 36, 37 and 47. Found © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 40 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

[catalog_script_client]: on lines 16, 20, 30, 31, 32, 33, 34 a Look on instance Client Script [sys_script_client]: amc_request_onSubmit. Script:Found on lines 50 and 55 Look on instance Catalog Client Scripts [catalog_script_client]: amc_onChange_RequestType. Script:Found on lines 5, 7, 17, 18, 25 and 26. Found on lines 6, 10, 13, 16, 24 and 31. Found on lin Look on instance Client Script [sys_script_client]: Chargeability based on Focus Area. Script:Found on line 34. Found on lines 13, 22 and 31 Look on instance Categorization Details Definition: HSD0002808: Scripts without description Rating: Recommend Description: Script Includes or Client Scripts where the description is either empty, very short or the same as the script name. Recommendation: A meaningful description describing the use case should be provided for each Client Script or Script Include. Documentation Click here for more details Table / Object Details Client Script [sys_script_client]: onChangeClientFeed Look on instance Catalog Client Scripts [sys_script_client]: amc_onChange_Country Look on instance Client Script [sys_script_client]: Check UI Action Look on instance Client Script [sys_script_client]: onchange_serviceStatus Look on instance Categorization Details Definition: HSD0002122: Coding practices: Reading field values (e.g. gr.incident) in a Business Rule Rating: Discuss Description: For readability of code, we should continue to push the customers in the direction of using getValue() or toString() when reading values in a server script. Even more so when using those values in a condition. Recommendation: For improved readability and to leverage current coding practices, utilise the GlideRecord API's getter (glideRecord.getValue()) and setter (glideRecord.setValue()) methods with the identified Script Includes. Using gr.fieldName returns an object, whereas using gr.getValue('fieldName') will return a string value. Documentation Click here for more details Table / Object Details Business Rule [sys_script]: Estimated Hours Group. Showing first 5: lines 8, 10, 11, 12, 15 Look on instance © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 41 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Business Rule [sys_script]: AMC Task estimated cost. Found on line 8 - Found on line 16 Look on instance Business Rule [sys_script]: Add activity log for new attachment. Found on line 10 Look on instance Business Rule [sys_script]: AMC Create General Questions Child Task. Showing first 5: lines 13, 14, 15, 16, 17 Look on instance Categorization Details Definition: HSD0001167: Disable list-edit for all fields that have UI Policies and Client script on them. For example, in the list view it s possible to assign an Incident to someone Rating: Recommend Description: This definition verifies whether list editing is disabled for all fields that have UI Policies and Client Scripts on them. Recommendation: Creat edit_list ACLs to limit list editing for fields that require the user to navigate to the form. Reasons you may require a user to edit a field in a form include client script, complex UI policy constraints, or other policies you have in place. Documentation Click here for more details Table / Object Details UI Policy Action [sys_ui_policy_action]: Field "sf_x_amspi_acn_amc_task.ending_state" does not contain an appropriate ACL edit_list in place. It could allow users to edit "sf_x_amspi_acn_amc_task" records directly in the list bypassing any client scripts and/or UI policies. Look on instance UI Policy Action [sys_ui_policy_action]: Field "sf_x_amspi_acn_amc_task.starting_state" does not contain an appropriate ACL edit_list in place. It could allow users to edit "sf_x_amspi_acn_amc_task" records directly in the list bypassing any client scripts and/or UI policies. Look on instance UI Policy Action [sys_ui_policy_action]: Field "sf_x_amspi_acn_amc_request.ending_state" does not contain an appropriate ACL edit_list in place. It could allow users to edit "sf_x_amspi_acn_amc_request" records directly in the list bypassing any client scripts and/or UI policies. Look on instance UI Policy Action [sys_ui_policy_action]: Field "sf_x_amspi_acn_amc_request.starting_state" does not contain an appropriate ACL edit_list in place. It could allow users to edit "sf_x_amspi_acn_amc_request" records directly in the list bypassing any client scripts and/or UI policies. Look on instance Categorization Details Definition: HSD0001193: Use the condition field in Business Rules Rating: Discuss Description: Business rules should have a condition field, rather than just using "if" in the script. Recommendation: Using the condition field makes it easier to spot when scripts are being evaluated in the session debugger. Also, it is more efficent, since the script does not need to be parsed unless it is going to be executed. Documentation Click here for more details © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 42 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Table / Object Details Business Rule [sys_script]: Estimated Hours Group Delete. Script:Found on line 8 Look on instance Business Rule [sys_script]: Estimated Hours Group. Script:Found on line 7 Look on instance Business Rule [sys_script]: RequestClosedDate Additional Validation. Script:Found on line 10 Look on instance Business Rule [sys_script]: setReportFIlter. Script:There are lots of matches. Showing the first 10: lines 10, 21, 23, 25, 27, 29, 31, 33, 35, 3 Look on instance Categorization Details Definition: HSD0001275: Scripts should not contain hard-coded IDs Rating: Recommend Description: Hard coding sys_ids makes the system more difficult to manage, and less able to move functionality between instances Recommendation: Create a system property to store the name of the record (not the sys_id) for easier manageability. The script can use gs.getProperty() to retrieve the record and use the sys_id. If the named record was not found, an error can be displayed appropriately. Documentation Click here for more details Table / Object Details Notification [sysevent_email_action]: ACN AMC REQUEST SUBMITTED. Advanced condition:Found on line 9 Look on instance Email Script [sys_script_email]: OPS_Due_Request. Script:Found on lines 13 and 26 Look on instance Script Include [sys_script_include]: getAMCOG. Script:Found on lines 14 and 14 Look on instance Business Rule [sys_script]: AMC Create General Questions Child Task. Script:Found on lines 61 and 62 Look on instance Categorization Details Definition: HSD0001278: Before Business Rules should not update() or insert() records on other tables Rating: Recommend Description: Running an insert() or update() in a onBefore BR will cause updates to other tables, even though the update may be cancelled Recommendation: To ensure data integrity, change this business rule to run "after". Documentation Click here for more details Table / Object Details Business Rule [sys_script]: Set Request Status to Assigned. Script:Found on line 6 Look on instance Business Rule [sys_script]: Set Service Status to Assigned. Script:Found on line 5 © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 43 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Look on instance Business Rule [sys_script]: Add activity log for removed attachment. Script:Found on line 11 Look on instance Business Rule [sys_script]: AMC Create Media Child Task. Script:Found on line 65 Look on instance Categorization Details Definition: HSD0001312: Client-side code should not contain the console.log() debugging method Rating: Recommend Description: The client-side function console.log could cause errors in certain browser versions Recommendation: Replace console.log() calls with jslog. The benefits of jslog are that you have to open the JavaScript Debugger Window to view the output, it is compatible with all browsers, and can be left in production since only administrators can open the window. Documentation Click here for more details Table / Object Details Catalog UI Policy [catalog_ui_policy]: Hide fields onload. Execute if true:Found on line 8 Look on instance Client Script [sys_script_client]: onChange_MMSiD. Script:Found on line 216 Look on instance UI Script [sys_ui_script]: x_amspi_acn_amc_2.angular-bootstrap-cale. Script:Found on lines 4142, 4144 and 4146 Look on instance Catalog Client Scripts [catalog_script_client]: amc_onChange_MMSiD. Script:Found on line 238 Look on instance Categorization Details Definition: HSD0001320: Don't use a variable called gr in scripts Rating: Discuss Description: It is very common to use a variable called "gr" in scripts. This puts it at high risk of namespace conflicts. Choose another variable name. Recommendation: Change code like "var gr = new GlideRecord('incident')", to be something like "var grInc = new GlideRecord('incident')" Documentation Click here for more details Table / Object Details Script Include [sys_script_include]: acn_amc_AJAX. Script:There are lots of matches. Showing the first 10: lines 9, 10, 11, 12, 13, 21, 22, 23, 24, 25 Look on instance Business Rule [sys_script]: AMC Create Conceptual Design Child Task. Script:There are lots of matches. Showing the first 10: lines 13, 14, 15, 16, 17, 18, 19, 20, 21, 2 Look on instance Business Rule [sys_script]: Assigned to Estimated hours. Script:There are lots of matches. Showing the first 10: lines 99, 100, 101, 102, 103, 104, 105, 106 Look on instance © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 44 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Business Rule [sys_script]: Sync Data from Request to Task. Script:There are lots of matches. Showing the first 10: lines 2, 3, 4, 6, 7, 8, 9, 10, 11, 12, 13, Look on instance Categorization Details Definition: HSD0003083: Scripted REST resource without enabled security Rating: Act Description: Scripted REST services offer 2 security options on resource level: requiring authentication and requiring ACL authorization. At least one of them should be checked. Recommendation: Enable at least authorization, even for scripted REST services that don't alter data. Consider using ACL authorization as well, if data will be altered by the web service. Documentation Click here for more details Table / Object Details Scripted REST Resource [sys_ws_operation]: addNonRequestHours Look on instance Categorization Details Definition: HSD0002331: Coding practices: Reading field values (e.g. gr.incident) in a Script Include Rating: Discuss Description: For readability of code, we should continue to push the customers in the direction of using getValue() or toString() when reading values in a server script. Even more so when using those values in a condition. As an example, you may have var someValue = glideRecord.fieldName; //this is a GlideElement object This returns an object where loose coding (or hacks) are used to make them practical, but readability becomes an issue: var someValue = glideRecord.fieldName + ''; //add empty string to make a string if ("someString" == someValue) {} // notice the == instead of === As a good practice, it is recommended to use getValue(). So the above script would become var someValue = glideRecord.getValue("fieldName"); For dot-walking can use toString(). For example: var someValue = glideRecord.refField.fieldName.toString(); There is the additional benefit of avoiding conflicting code so you can stick to consistency. For example the Javascript .value versus a value field. Recommendation: For improved readability and to leverage current coding practices, utilise the GlideRecord API's getter (glideRecord.getValue()) and setter (glideRecord.setValue()) methods with the identified Script Includes. Using gr.fieldName returns an object, whereas using gr.getValue('fieldName') will return a string value. Documentation Click here for more details Table / Object Details Script Include [sys_script_include]: getMarketUnit. Found on line 8 Look on instance Script Include [sys_script_include]: getAMCRequestype. Found on lines 8, 11 and 12 Look on instance Script Include [sys_script_include]: getStatuses. Showing first 5: lines 31, 146, 147, 149, 150 - Found on line 154 - Showing first 5: lines 31, 146, Look on instance © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 45 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Script Include [sys_script_include]: getAllPPSMembers. Found on line 25 Look on instance Categorization Details Definition: HSD0003082: Enable Scripted REST API versioning Rating: Discuss Description: Scripted REST APIs may be versioned, allowing you to test and deploy changes without impacting existing integrations. Recommendation: Enable versioning for a scripted REST API to provide multiple versions of the API while maintaining compatibility with existing integrations. Documentation Click here for more details Table / Object Details Scripted REST API [sys_ws_definition]: OPS API Look on instance Categorization Details Definition: HSD0002688: New globally-scoped client-side scripts don't run in strict mode and DOM access enabled. Rating: Recommend Description: A key feature of scoped applications is their isolation from one-another. The platform enforces this isolation to ensure each applications independence. Along with many other parts of the platform, this enforcement occurs in client-side scripting. Recommendation: Enable system property "glide.script.block.client.globals" if you have no need to to access global JavaScript objects. Documentation Click here for more details Table / Object Details System Property [sys_properties]: x_amspi_acn_amc_2.glide.script.block.client.globals. false Look on instance Categorization Details Definition: HSD0001597: Auto check: Prefer strict equality (===) and inequality (!==) operators over normal (== and !=) operators Rating: Discuss Description: Make sure that equality is exact. Recommendation: The === (also called the identity operator) only returns true only if the two operands are exactly the same thing. Not the same value, but exactly the same object. The operator !== is exactly the inverse of this. Documentation Click here for more details Table / Object Details Access Control [sys_security_acl]: x_amspi_acn_amc_request.category. Script:Found on lines 4, 5 and 6 Look on instance © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 46 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Access Control [sys_security_acl]: x_amspi_acn_amc_2_amc_request. Script:Found on line 4 Look on instance Business Rule [sys_script]: Set Request Status to Assigned. Script:Found on line 3. Found on lines 3 and 3 Look on instance Access Control [sys_security_acl]: x_amspi_acn_amc_task.short_description. Script:Found on lines 4, 5 and 6 Look on instance Categorization Details Definition: HSD0005001: Roles without any user Rating: Act Description: This definition checks if any role exists which is not assigned to any user. If the role is not needed, these roles can be removed. Recommendation: If the role is not assigned to any user, this role is probably not needed and can be removed from the system. Documentation Click here for more details Table / Object Details Role [sys_user_role]: x_amspi_acn_amc_2_initiator Look on instance Role [sys_user_role]: x_amspi_acn_amc_2_agent Look on instance Role [sys_user_role]: x_amspi_acn_amc_2_approver_user Look on instance Role [sys_user_role]: x_amspi_acn_amc_2.master_client_name_user Look on instance Categorization Details Definition: HSD0002111: Default ACLs on custom tables not modified Rating: Discuss Description: When creating a custom table, the standard choice is to create simple CRUD ACLs with one role attached to it. Couple scenarios where this does not make sense: - DELETE Acl should be an admin function - If table is extended and same ACL's are on parent they are useless Recommendation: 1. DELETE ACLs should be an admin function 2. If table is extended and the CRUD ACL's are on parent, ACLs on the Child table are redundant. Documentation Click here for more details Table / Object Details Access Control [sys_security_acl]: Delete ACL "x_amspi_acn_amc_2_request_sub_type_be" not assigned to Admin user. Look on instance Access Control [sys_security_acl]: Delete ACL "x_amspi_acn_amc_2_deliverable_language" not assigned to Admin user. Look on instance Access Control [sys_security_acl]: Possible redundant "write" ACL "x_amspi_acn_amc_2_amc_task". Similar ACL found of parent table "x_amspi_acn_amc_task". Look on instance © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 47 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Access Control [sys_security_acl]: Delete ACL "x_amspi_acn_amc_2_request_type" not assigned to Admin user. Look on instance ACN BCTAPP Findings Categorization Details Definition: HSD0001924: Use Notification Categories Rating: Discuss Description: Notification categories allow your users an easy way to manage their notifications. Recommendation: Associate a notification category with every email notification Documentation Click here for more details Table / Object Details Notification [sysevent_email_action]: Travel Approvers - Status is Rejected Look on instance Notification [sysevent_email_action]: Travel Approvers - Status is Approved Look on instance Categorization Details Definition: HSD0001058: Scoped app uses logging utils or depreciated methods for logging rather than the verbosity method. Rating: Act Description: Scoped applications should use scoped logging APIs rather than legacy methods. Recommendation: Scoped applications should use scoped logging APIs rather than legacy methods. Documentation Click here for more details Table / Object Details Fix Script [sys_script_fix]: acn_PMG_FixScript_BCT_RITM9387271 Look on instance Categorization Details Definition: HSD0001167: Disable list-edit for all fields that have UI Policies and Client script on them. For example, in the list view it s possible to assign an Incident to someone Rating: Recommend Description: This definition verifies whether list editing is disabled for all fields that have UI Policies and Client Scripts on them. Recommendation: Creat edit_list ACLs to limit list editing for fields that require the user to navigate to the form. Reasons you may require a user to edit a field in a form include client script, complex UI policy constraints, or other policies you have in place. Documentation Click here for more details Table / Object Details UI Policy Action [sys_ui_policy_action]: Field "x_amspi_acn_bctapp_travel_approval.approve_reject_status" does not contain an appropriate ACL edit_list in place. It could allow users to edit "x_amspi_acn_bctapp_travel_approval" records directly in the list bypassing any client © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 48 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

scripts and/o Look on instance Platform Foundation Findings Categorization Details Definition: HSD0002602: List Layout with more than one List Element on the same position Rating: Act Description: List Elements on a List layouts should all have a unique position. List layouts will get corrupted when migrating to and from environments where they do not have unique positions. Recommendation: A list layout has been corrupted. You can address this by reviewing the list layouts to ensure the list elements all have a unique position. Documentation Click here for more details Table / Object Details List [sys_ui_list]: sys_script_include. 7 common Element(s) in List Look on instance Categorization Details Definition: HSD0001016: Lots of active tasks more than a month old Rating: Discuss Description: If there are lots of active tasks (more than 10% of the total) that are older than a month, it indicates a process problem. Recommendation: Check your processes to ensure that tasks (Incidents, Problems, Changes, Requests) are being closed as expected, and the active flag is set to false. Documentation Click here for more details Object:  wm_order  x_amspi_hpt_request  em_remediation_task  sc_req_item Categorization Details Definition: HSD0002397: Review updates left in a default update set Rating: Discuss Description: Check in a default update set if there are any updates created by any of developers who created update sets in the instance. if there are, advise developers to review them to make sure that there is nothing left there that should be promoted to production instances. Recommendation: Default update set contains several updates by developer, please review them to make sure that there is nothing left in default update set that should be promoted to next environement. Documentation Click here for more details Table / Object Details sys_update_xml: 898 © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 49 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Look on instance sys_update_xml: 2954 Look on instance sys_update_xml: 33 Look on instance sys_update_xml: 45 Look on instance Categorization Details Definition: HSD0001066: Groups with no users Rating: Recommend Description: A group is a set of users who share a common purpose. Groups without users indicate poor data management. There are some occasions where this would not be the case, for example when groups are used for hierarchy purpose, and there is a logic in place not to pick these groups. In these cases you can also ignore this finding. Recommendation: Ensure that all assignment groups have members. Groups that are redundant should be deactivated. If groups are being created via integration services such as LDAP, then ensure they are necessary and have members. Documentation Click here for more details Table / Object Details Group [sys_user_group]: BusSvs-OS-T2-CL-FLOORVALPO Look on instance Group [sys_user_group]: APPSUP-CIO-SERVICENOW-ADMIN-ACCESS Look on instance Group [sys_user_group]: TSL-NTWKSVS-GDN-ALLSEC-CHENNAI Look on instance Group [sys_user_group]: SVSDSK Look on instance Categorization Details Definition: HSD0004650: Transform maps should not have boolean fields in their import set table Rating: Act Description: "Copy empty fields" check on the transform map make sure that the fields that are not supposed to be updated by the transform should not get emptied out during the transform. Boolean fields are never empty and by default is false. If a transform map is run with Copy Empty fields as false but a boolean field is present in the map's import set table, it will result in updating this field on all target records to false even though that is not intended. Recommendation: Replace the True/False field on the import set table to string field and write the transformation script to populate the value on the target record if needed. This will make sure if this field is not part of the data provided for update, it won't be modified on the target record. Documentation Click here for more details Table / Object Details © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 50 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Field Map [sys_transform_entry]: u_reverse_zone Look on instance Field Map [sys_transform_entry]: u_turn_off_automatic_reminder Look on instance Field Map [sys_transform_entry]: u_gs Look on instance Field Map [sys_transform_entry]: u_cdl Look on instance Categorization Details Definition: HSD0003054: Activate plugin 'Contextual Security: Role Management V2' Rating: Recommend Description: ServiceNow recommends you enable the plugin 'Contextual Security: Role Management V2'. This plugin helps manage user groups and roles to protect information through role- based access controls. It also efficiently consolidates duplicate entries for inherited roles. Recommendation: The Contextual Security: Role Management V2 plugin should be activated. It helps manage user groups and roles to protect information through role-based access controls. Efficiently consolidates duplicate entries for inherited roles. Documentation Click here for more details Table / Object Details System Plugin [v_plugin]: Contextual Security: Role Management V2 Look on instance Categorization Details Definition: HSD0001195: Tables without ACLs Rating: Act Description: Every table should be secured by ACLs Recommendation: For tables that have no ACLs defined, the default deny property can be used to make the wildcard table ACL rules restrict the read, write, create, and delete operations on all tables unless the user has the admin role or meets the requirements of another table ACL rule. This means that custom tables without ACLs will not be accessible by any other user beside admin. Documentation Click here for more details Table / Object Details Table [sys_db_object]: label Look on instance Categorization Details Definition: HSD0004354: Scheduled jobs that fail or produce errors Rating: Recommend Description: Scheduled jobs that produce errors or that fail should be investigated and the issues © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 51 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

remediated. Recommendation: Manually investigate what the cause for the errors and failures is and fix. Documentation Click here for more details Table / Object Details Schedule Item [sys_trigger]: Job SMTP Sender 4 has failed 93 times, last error being com.glide.sys.TransactionCancelledException : Transaction cancelled: Available memory is almost depleted Look on instance Schedule Item [sys_trigger]: Job Scheduled execution of EBI SLA Breach has failed 1 times, last error being java.lang.NullPointerException : null Look on instance Schedule Item [sys_trigger]: Job PA Forecast Job Schedule has failed 43 times, last error being java.lang.NoSuchFieldError : SEASONAL_TREND_LOESS Look on instance Schedule Item [sys_trigger]: Job Scheduled Execution of SLOG Reduction Re has failed 1 times, last error being java.lang.NullPointerException : null Look on instance Categorization Details Definition: HSD0002015: Update Sets should be named uniquely Rating: Recommend Description: Where duplicate Update Set names exist, there is a likelihood that the contents of the update sets (customer updates) will also be duplicates. These duplicates may have been manually imported or imported when changing update sources. They can often lead false- positive results on update set previews and update sets being committed in the wrong order. Duplicate update sets should (where possible) be identified and deleted or given a unique name if are being used for current development. Recommendation: Duplicate update sets should be removed or renamed if being used for active development. Documentation Click here for more details Table / Object Details sys_update_set: 2 update sets with duplicate name "BizInquiry_WBS_INC4468011" Look on instance sys_update_set: 2 update sets with duplicate name "acn_asb_sprint_1_R2_01_ASB_6" Look on instance sys_update_set: 2 update sets with duplicate name "OfficeServices_FY18Q1_CR_441414_01" Look on instance sys_update_set: 2 update sets with duplicate name "WPA_Oct_StabFix_01_CHG0845157" Look on instance Categorization Details Definition: HSD0001306: Debug properties should be disabled in production Rating: Discuss © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 52 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Description: Having debugging enabled unnecessarily can cause performance issues and possibly leak data. Recommendation: If not actively debugging in production, disable all debug system properties. Documentation Click here for more details Table / Object Details System Property [sys_properties]: queue.manager.debug. true Look on instance System Property [sys_properties]: glide.ldap.debug. true Look on instance Categorization Details Definition: HSD0001338: Business Rules should not be defined on the Global table (Global Business Rule) Rating: Act Description: A global Business Rule is any Business Rule where the selected Table is Global. Any other script can call global Business Rules. Global Business Rules have no condition or table restrictions and load on every page in the system. Recommendation: For the majority of situations, you can use a script include instead of a global business rule. Documentation Click here for more details Table / Object Details Business Rule [sys_script]: sc_req_item_functions Look on instance Business Rule [sys_script]: Get Number Look on instance Business Rule [sys_script]: custom_ProcessFlowList() Look on instance Categorization Details Definition: HSD0001392: Scripts should not use the eval() method Rating: Recommend Description: The eval() function evaluates or executes an argument. Improper use of eval() opens up your code for injection attacks and debugging can be more challenging, as no line numbers are displayed with an error. Recommendation: Avoid the use of eval. It encourages the use of untrusted code. If you must execute arbitrary code, use GlideScriptEvaluator which ensures it came from a record. Documentation Click here for more details Table / Object Details Script Include [sys_script_include]: acn_UnifiedGatewayReadData. Script:Found on line 320 Look on instance Script Include [sys_script_include]: acn_clone. Script:Found on line 1115 Look on instance © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 53 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

UI Page [sys_ui_page]: receive_assetSW_clone. Processing script:There are lots of matches. Showing the first 10: lines 16, 32, 34, 35, 37, 38, 39 Look on instance UI Page [sys_ui_page]: eam_change_model_category. Processing script:Found on lines 9 and 10 Look on instance Categorization Details Definition: HSD0001398: Script Includes with duplicate names Rating: Act Description: When two Script Includes exist with the same name in the same scope, when those script includes are called it is unreliable as to which Script Include will actually be instantiated. Recommendation: Ensure all your Script Includes have unique names. Rename any script include with a duplicate name with a unique name. Documentation Click here for more details Table / Object Details Script Include [sys_script_include]: SLAConditionBase Look on instance Script Include [sys_script_include]: u_siebel_askpm_copy_attachment Look on instance Script Include [sys_script_include]: u_siebel_askpm_copy_attachment Look on instance Script Include [sys_script_include]: MyDateTimeAjax Look on instance Categorization Details Definition: HSD0002592: Dictionary entries present for a table that does not exist Rating: Act Description: Dictionary entries [sys_dictionary] have been found, but the Table [sys_db_object] record ir references does not exist Recommendation: Review Documentation Click here for more details Table / Object Details Dictionary Entry [sys_dictionary]: u_rep_amspi_global_jimy_joseph_ccp_all_2020 Look on instance Dictionary Entry [sys_dictionary]: u_rep_amspi_global_jimy_joseph_ci_updated_in_2days Look on instance Dictionary Entry [sys_dictionary]: u_rep_amspi_global_jimy_joseph_new Look on instance Dictionary Entry [sys_dictionary]: u_rep_amspi_global_jimy_joseph_ccp_data1 Look on instance © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 54 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Categorization Details Definition: HSD0002917: Update Set should have Description field populated Rating: Recommend Description: Provide details relating to update in 'Description' field of update set as it helps indetifying the changes included in it. Recommendation: Include details relating to updates which were made in update set, you can include: * Story Number or Short Description * Defect Number or Short Description * Change Number or Short Description * or any other details relating to this update Documentation Click here for more details Table / Object Details sys_update_set: description. Number of update sets with empty descriptions = 13380 Look on instance Categorization Details Definition: HSD0002437: Check if strict mode for GlideRecord queries is active Rating: Recommend Description: Checks if glide.invalid_query.returns_no_rows is set to true. Recommendation: The system property "glide.invalid_query.returns_no_rows" should be set to "true" in order to force GlideRecord queries with invalid encoded queries to return an empty record set. Otherwise, errors in GlideRecord queries can have severe unintended side effects. See also the description of the property here: https://docs.servicenow.com/bundle/london- platform-administration/page/administer/reference- pages/reference/r_AvailableSystemProperties.html If you change this property, please do so in a subproduction instance first and perform thorough regression testing. Consider a trial period with thorough test coverage as part of UAT before enabling on existing, long standing production environments. Documentation Click here for more details Table / Object Details System Property [sys_properties]: glide.invalid_query.returns_no_rows Look on instance Categorization Details Definition: HSD0004723: Incative User Criteria should not be used for "Available" related list Rating: Recommend Description: Removed any Inactive User Criteria on the "Available" list. For a more managable and easy detection of any issues on the viewing catalog items, it is recommended to have a clean list on active use criteria of the catalog items for "Available" related list. This will reduce the time when investigating or debugging user criteria issues on catalog items. Recommendation: Removed any Inactive User Criteria on the "Available" list. For a more managable and easy detection of any issues on the viewing catalog items, it is recommended to have a clean list on active use criteria of the catalog items for "Available" related list. This will reduce the time when investigating or debugging user criteria issues on catalog items. Documentation Click here for more details Object:  Catalog Item Available for [sc_cat_item_user_criteria_mtom] © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 55 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

 Catalog Item Available for [sc_cat_item_user_criteria_mtom]  Catalog Item Available for [sc_cat_item_user_criteria_mtom] Table / Object Details Catalog Item Available for [sc_cat_item_user_criteria_ mtom]: Non-Standard Software Review.India Look on instance Categorization Details Definition: HSD0001467: Duplicate foundation/core data found. Rating: Recommend Description: Duplicate foundation data records found in your instance. Recommendation: This could cause confusion from an end user perspective but also from a maintenance perspective. The recommendation is to ensure these records have unique, unambiguous names in the system. Documentation Click here for more details Table / Object Details cmn_cost_center: 349516 duplicate record(s) found in table [cmn_cost_center]. NOTE: Only showing first 40 Look on instance core_company: 1069 duplicate record(s) found in table [core_company]. NOTE: Only showing first 40 Look on instance sys_user_group: 4 duplicate record(s) found in table [sys_user_group]. Look on instance cmn_department: 1 duplicate record(s) found in table [cmn_department]. Look on instance Categorization Details Definition: HSD0004489: LDAP Listener is active Rating: Recommend Description: Verify if the listener field on all the active LDAP servers is set to true. Add a finding for each active server that doesn't have the listeren active Recommendation: By activating the listener on LDAP integrations ensures that all user data is updated in real time and therefore improves accuracy Documentation Click here for more details Table / Object Details LDAP Server [ldap_server_config]: AccenturePasswordExpiration Look on instance LDAP Server [ldap_server_config]: AccenturePasswordExpiration_secure Look on instance LDAP Server [ldap_server_config]: LDAPACNMANACCSServer Look on instance © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 56 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

LDAP Server [ldap_server_config]: AccentureLDAPAMRDC Look on instance Categorization Details Definition: HSD0004724: Incative User Criteria should not be used for "Not Available" and "Available" related list Rating: Recommend Description: Removed any Inactive User Criteria on the "Not Available" and Available list. For a more managable and easy detection of any issues on the viewing catalog items, it is recommended to have a clean list on active use criteria of the catalog items for "Not Available" and "Available" related list. This will reduce the time when investigating or debugging user criteria issues on catalog items. Recommendation: Removed any Inactive User Criteria on the "Available" and "Not Available" list. For a more managable and easy detection of any issues on the viewing catalog items, it is recommended to have a clean list on active use criteria of the catalog items for "Available" and "Not Available"related list. This will reduce the time when investigating or debugging user criteria issues on catalog items. Documentation Click here for more details Object:  Catalog Item Available for [sc_cat_item_user_criteria_mtom]  Catalog Item Available for [sc_cat_item_user_criteria_mtom]  Catalog Item Available for [sc_cat_item_user_criteria_mtom]  Catalog Item Available for [sc_cat_item_user_criteria_mtom] Categorization Details Definition: HSD0004991: Control how exported CSV data appears in Notepad Rating: Recommend Description: Enables the user to control how exported CSV data appears in Notepad. Valid values are LF for a line feed between records and CRLF for a carriage return followed by a line feed Recommendation: Enables the user to control how exported CSV data appears in Notepad. Valid values are LF for a line feed between records and CRLF for a carriage return followed by a line feed Documentation Click here for more details Table / Object Details System Property [sys_properties]: glide.csv.export.line_break Look on instance Categorization Details Definition: HSD0001556: For domain separated instances, admins should be at the top level domain instead of Global Rating: Recommend Description: Checks domain membership for admins and creates a finding if an admin doesnt belong to Global. Recommendation: Consider moving all Global domain users to the Top level domain in production. © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 57 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Documentation Click here for more details Table / Object Details User [sys_user]: admin Look on instance User [sys_user]: preserver.admin Look on instance User [sys_user]: ads.rjones Look on instance User [sys_user]: ads.CIOFFCLN Look on instance Categorization Details Definition: HSD0005017: Enable Update set tables to be audited Rating: Act Description: Check if the Update set tables is included in the auditable tables. Update set should be audited for deletions to make sure no developer can just delete directly from update sets. Recommendation: Enable auditing for update sets by adding the 'sys_update_xml' table to the 'glide.ui.audit_deleted_tables' property. This will enable auditing of deletions from Update sets. Documentation Click here for more details Table / Object Details System Property [sys_properties]: glide.ui.audit_deleted_tables. sys_user,sys_user_group,sys_user_role,sys_user_has_role,sys_user_grmember,sys_group_h as_role,sys_sec Look on instance Service Catalog Findings Categorization Details Definition: HSD0002602: List Layout with more than one List Element on the same position Rating: Act Description: List Elements on a List layouts should all have a unique position. List layouts will get corrupted when migrating to and from environments where they do not have unique positions. Recommendation: A list layout has been corrupted. You can address this by reviewing the list layouts to ensure the list elements all have a unique position. Documentation Click here for more details Table / Object Details List [sys_ui_list]: item_option_new. 10 common Element(s) in List Look on instance Categorization Details Definition: HSD0001646: Workflow(s) should not be checked out for an extended time © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 58 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Rating: Discuss Description: A workflow version that is checked out isn't available for general use. Be sure to publish once edits are done. Recommendation: Follow up with owner of the checked out version and ensure the changes were made appropriate and/or remove the checked out version. Documentation Click here for more details Table / Object Details Workflow Version [wf_workflow_version]: ns_Transition_Process_subflow_NewProject_Infrastructure Look on instance Workflow Version [wf_workflow_version]: dim_ciw_workflow_v2 Look on instance Acn Dir Findings Categorization Details Definition: HSD0002071: Verify that system properties have a value (blank may be a valid value but still good to check this) Rating: Recommend Description: Verify that system properties have a value (blank may be a valid value but still good to check this) //Exclude properties whose names contain "glide" as they may be system properties Recommendation: System propertiess hould have a value (blank may be a valid value but still good to check this) Documentation Click here for more details Table / Object Details System Property [sys_properties]: x_amspi_acn_dir.morning.rush.hours Look on instance System Property [sys_properties]: x_amspi_acn_dir.evening.rush.hours Look on instance Categorization Details Definition: HSD0003625: Script code in Business Rules should be encapsulated in the executeRule method Rating: Recommend Description: The code should check if there is any business rule that have some code that is not encapsulated in the executeRule function. Recommendation: Encapsulate the code in the executeRule method so that the method is in scope for execution. Documentation Click here for more details Table / Object Details Business Rule [sys_script]: Assigned Look on instance Business Rule [sys_script]: Cancel Cleanup © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 59 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Look on instance Business Rule [sys_script]: Start Work Look on instance Business Rule [sys_script]: Accept Look on instance Categorization Details Definition: HSD0001286: No coalesce field set for transform map Rating: Recommend Description: It is recommended that transform maps should have a coalesce field. Configuring a target field to coalesce causes the import set to treat the field as a unique key, updating records if they exist and only creating new ones if a match is not found for this field. Recommendation: Set a coalesce field for the transform map. Configuring a target field to coalesce causes the import set to treat the field as a unique key. When selected, the import set application attempts to match source values to records with values from an existing record. If a match is found, the transform map updates the record instead of creating a new record. When false, the import set application always creates new records for each transformation. Documentation Click here for more details Table / Object Details Table Transform Map [sys_transform_map]: Operationg Group Relationship Transform Look on instance Table Transform Map [sys_transform_map]: op_grp_industry_transform Look on instance Table Transform Map [sys_transform_map]: acn_bus_tow_transform Look on instance Table Transform Map [sys_transform_map]: Accenture Business TOW Transform Look on instance Categorization Details Definition: HSD0002419: Coding practices: Reading field values (e.g. gr.incident) in a UI Action Rating: Discuss Description: For readability of code, we should continue to push the customers in the direction of using getValue() or toString() when reading values in a server script. Even more so when using those values in a condition. As an example, you may have var someValue = glideRecord.fieldName; //this is a GlideElement object This returns an object where loose coding (or hacks) are used to make them practical, but readability becomes an issue: var someValue = glideRecord.fieldName + ''; //add empty string to make a string if ("someString" == someValue) {} // notice the == instead of === As a good practice, it is recommended to use getValue(). So the above script would become var someValue = glideRecord.getValue("fieldName"); For dot-walking can use toString(). For example: var someValue = glideRecord.refField.fieldName.toString(); Recommendation: For improved readability and to leverage current coding practices, utilise the GlideRecord API's getter (glideRecord.getValue()) and setter (glideRecord.setValue()) methods with the identified Script Includes. Using gr.fieldName returns an object, whereas using © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 60 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

gr.getValue('fieldName') will return a string value. Documentation Click here for more details Table / Object Details UI Action [sys_ui_action]: Copy Record. Showing first 5: lines 3, 4, 5, 6, 7 Look on instance Categorization Details Definition: HSD0004150: UI Actions with complex scripted conditions should be managed differently Rating: Recommend Description: It is more difficult to manage and understand conditional logic entered in the condition field of a UI action than in a script include that allows for descriptive comments. This is especially true when multiple conditions exist or the length of the condition is long. Tips: 1. Use a function with relevant comments 2. Simplify the condition logic (reduce repeat script) 3. Use a script include for re-usability across the platform Recommendation: It is more difficult to manage and understand conditional logic entered in the condition field of a UI action than in a script include that allows for descriptive comments. This is especially true when multiple conditions exist or the length of the condition is long. Example bad case: gs.getUser().getName() != 'system' && (!new hr_Utils().checkUserHasRole(hr.ROLE_HR_CASE_READER)) Example good case: new hr_Utils().applicableUser() Where possible, move conditional logic into a function that allows for comments and/or simplified script that is more easily consumable. This will help speed up troubleshooting and decrease maintenance efforts while promoting re-usability. Example: /* * Returns true if the user is neither the HR case reader nor the system user */ applicableUser: function() { var systemUser = gs.getUser().getName() == 'system'; var caseReader = this.checkUserHasRole(hr.ROLE_HR_CASE_READER); return !(systemUser || caseReader); } Documentation Click here for more details Table / Object Details UI Action [sys_ui_action]: Ready For Work Look on instance UI Action [sys_ui_action]: Cancel Look on instance UI Action [sys_ui_action]: Pending Look on instance UI Action [sys_ui_action]: Save Look on instance Categorization Details Definition: HSD0002688: New globally-scoped client-side scripts don't run in strict mode and DOM access enabled. Rating: Recommend Description: A key feature of scoped applications is their isolation from one-another. The platform enforces this isolation to ensure each applications independence. Along with many other parts of the platform, this enforcement occurs in client-side scripting. © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 61 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Recommendation: Enable system property "glide.script.block.client.globals" if you have no need to to access global JavaScript objects. Documentation Click here for more details Table / Object Details System Property [sys_properties]: x_amspi_acn_dir.glide.script.block.client.globals. false Look on instance ACN ESA Findings Categorization Details Definition: HSD0002071: Verify that system properties have a value (blank may be a valid value but still good to check this) Rating: Recommend Description: Verify that system properties have a value (blank may be a valid value but still good to check this) //Exclude properties whose names contain "glide" as they may be system properties Recommendation: System propertiess hould have a value (blank may be a valid value but still good to check this) Documentation Click here for more details Table / Object Details System Property [sys_properties]: x_amspi_acn_acnesa.morning.rush.hours Look on instance Categorization Details Definition: HSD0002688: New globally-scoped client-side scripts don't run in strict mode and DOM access enabled. Rating: Recommend Description: A key feature of scoped applications is their isolation from one-another. The platform enforces this isolation to ensure each applications independence. Along with many other parts of the platform, this enforcement occurs in client-side scripting. Recommendation: Enable system property "glide.script.block.client.globals" if you have no need to to access global JavaScript objects. Documentation Click here for more details Table / Object Details System Property [sys_properties]: x_amspi_acn_acnesa.glide.script.block.client.globals. false Look on instance HR Case and Knowledge Management Findings Categorization Details Definition: HSD0001926: Specify group types Rating: Recommend Description: Use group types to organize different types of group. Provides the ability to limit groups on Group reference fields. Recommendation: Specify group types to organize different types of group. Provides the ability to limit groups © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 62 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

on Group reference fields. Documentation Click here for more details Table / Object Details sys_user_group: 1942 groups with empty group type Look on instance Asset Management Findings Categorization Details Definition: HSD0001020: List Report without any columns selected Rating: Discuss Description: List report who has no fields configured in field_list will always fall back to default layout of the lists Recommendation: List report who has no fields configured in field_list will always fall back to the default layout of the lists. If this is expected behavior for this report, you do not have to take any action, else you should configure the fields you want to see in this list report Documentation Click here for more details Table / Object Details Report [sys_report]: EAM-Assets in Stock Look on instance Report [sys_report]: EAM-Assets Pending Disposal >90 days Look on instance Categorization Details Definition: HSD0001187: Minimize logging in production Rating: Discuss Description: Turn debug logging off in production. It can affect performance, and potentially cause data leak challenges Recommendation: Remove the logging functions entirely or control their use with a property. At the minimum, switch to using gs.info and gs.debug Documentation Click here for more details Table / Object Details Business Rule [sys_script]: EAM_Asset_Tag_Generation - Hardware. Script:Found on line 8 Look on instance Access Control [sys_security_acl]: alm_asset.assigned_to. Script:Found on lines 4 and 9 Look on instance Categorization Details Definition: HSD0002454: Business rules with complex scripted conditions should be managed differently Rating: Recommend Description: It is more difficult to manage and understand conditional logic entered in the condition field © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 63 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

of a business rule than in a script include that allows for descriptive comments. This is especially true when multiple conditions exist or the length of the condition is long. Tips: 1. Use a function with relevant comments 2. Simplify the condition logic (reduce repeat script) 3. Use a script include for re-usability across the platform Recommendation: It is more difficult to manage and understand conditional logic entered in the condition field of a business rule than in a script include that allows for descriptive comments. This is especially true when multiple conditions exist or the length of the condition is long. Example bad case: gs.getUser().getName() != 'system' && (!new hr_Utils().checkUserHasRole(hr.ROLE_HR_CASE_READER)) Example good case: new hr_Utils().applicableUser() Where possible, move conditional logic into a function that allows for comments and/or simplified script that is more easily consumable. This will help speed up troubleshooting and decrease maintenance efforts while promoting re-usability. Example: /* * Returns true if the user is neither the HR case reader nor the system user */ applicableUser: function() { var systemUser = gs.getUser().getName() == 'system'; var caseReader = this.checkUserHasRole(hr.ROLE_HR_CASE_READER); return !(systemUser || caseReader); } Documentation Click here for more details Table / Object Details Business Rule [sys_script]: EAM - Query Country/Region wise Assets Look on instance Case and Knowledge Management Findings Categorization Details Definition: HSD0001020: List Report without any columns selected Rating: Discuss Description: List report who has no fields configured in field_list will always fall back to default layout of the lists Recommendation: List report who has no fields configured in field_list will always fall back to the default layout of the lists. If this is expected behavior for this report, you do not have to take any action, else you should configure the fields you want to see in this list report Documentation Click here for more details Table / Object Details Report [sys_report]: HR Case Identifier Look on instance Report [sys_report]: VENDOR CASE Look on instance Report [sys_report]: PMG Workday Monitoring - Invite Letters Look on instance Platform Findings Categorization Details Definition: HSD0002814: Draft or New task older than 1 month Rating: Recommend Description: Tasks should not stay in Draft for more than a month. Most likely those are no longer valid. Recommendation: Highly recommended to cancel all those tasks. © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 64 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Documentation Click here for more details Table / Object Details alm_transfer_order_line_tas k: 6 Draft/New older than 1 month - alm_transfer_order_line_task Look on instance upgrade_history_task: 208 Draft/New older than 1 month - upgrade_history_task Look on instance x_amspi_acn_asb_structure_ setup: 171 Draft/New older than 1 month - x_amspi_acn_asb_structure_setup Look on instance x_amspi_aee_ideas_request: 3 Draft/New older than 1 month - x_amspi_aee_ideas_request Look on instance Categorization Details Definition: HSD0002740: Active Tasks with Inactive 'Opened By' User Rating: Recommend Description: Scan all open tasks and cases verify that there are no open cases with an inactive "Opened By" field. This is particularly important when the case is closed and there is a user acceptance workflow and in addition, it is a problem as the case agent is trying to communicate with this user through the case. Recommendation: Scan and review these tasks. As the owner is inactive, it may not be necessary to complete it anymore. Documentation Click here for more details Table / Object Details change_request: 377 with inactive Opened By - change_request Look on instance x_amspi_ask_hr_ask_hr: 1404 with inactive Opened By - x_amspi_ask_hr_ask_hr Look on instance x_amspi_emp_exit_employe e_exit: 10 with inactive Opened By - x_amspi_emp_exit_employee_exit Look on instance x_amspi_stp_procurement_r equests: 27 with inactive Opened By - x_amspi_stp_procurement_requests Look on instance Categorization Details Definition: HSD0002804: Active task with Closed Date Rating: Recommend Description: Task when closed should not be re-opened, that will have impact on your reporting. There are some metrics that are looking at closed dates. Customer needs to be strict on this and should update their process to just open another task and make a reference of the closed task instead. Recommendation: Check the URL provided on the finding and review the State and Active fields. Create/Update ACL to not allow re-opening of tasks. Consider using Resolved state then auto-close after 3 days so users are given enough time to accept or reject resolution. © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 65 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Documentation Click here for more details Table / Object Details change_request: 55 active records but have closed date - change_request Look on instance x_amspi_comp_tool_task: 270 active records but have closed date - x_amspi_comp_tool_task Look on instance sc_request: 2670 active records but have closed date - sc_request Look on instance change_task: 32 active records but have closed date - change_task Look on instance Categorization Details Definition: HSD0004419: Inactive user accounts need to be deactivated Rating: Recommend Description: Users that have not logged into ServiceNow within the last 6 months are potentially users that are no longer working for the customer, are users that should not have been imported in the first place, or are not actually users but instead printers and rooms that are imported due to bad data quality. Flag active user records that have not logged in in the last 6 months for review. Recommendation: Review the active user records and deactivate those that are not relevant. Also recommended to review the user integration process to make sure the data quality is improved, only the relevant user records are imported and synced, and that employees no longer with the company are deactivated. Documentation Click here for more details Table / Object Details Table [sys_user]: 1338008 user(s) that have not logged in within the last 6 months. Look on instance Categorization Details Definition: HSD0002827: All events should have a description Rating: Recommend Description: All custom events in the event registry should have the "description" field populated. This will ensure that the event's purpose is easily identifiable by administrators who did not create the registry entry and improve maintainability of the instance. Recommendation: Populate the description on all events Documentation Click here for more details Table / Object Details sysevent_register: 1473 Event with empty Description. Look on instance Categorization Details © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 66 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Definition: HSD0002700: Active Scheduled Job run by Deleted User Rating: Act Description: Scheduled Job if configured to be run by a different user (Run as), should be run by a valid active user in the application to execute the job. Customer intend to delete including OOTB users. We need to validate that all jobs are not affected by such deletion. Recommendation: Validate that all jobs are configured with a valid user if there are any define values under the "Run as" field Documentation Click here for more details Table / Object Details sysauto: 422 jobs with invalid user as 'Run as'. Look on instance Categorization Details Definition: HSD0002479: Group must not have an inactive Member Rating: Act Description: A group is a set of users who share a common purpose. Groups which include inactive users indicate poor data management and could result in failed task assignments causing delays to the processing. Recommendation: Remove inactive users from the group. Documentation Click here for more details Table / Object Details sys_user_grmember: 8148 group membership(s) where user is inactive. Look on instance Categorization Details Definition: HSD0002828: All events should have the "fired by" field populated Rating: Recommend Description: All custom events in the event registry should have the "fired_by" field populated. This will ensure that the event's trigger is easily identifiable by administrators who did not create the registry entry and improve maintainability of the instance. Recommendation: Populate the fired by on all events Documentation Click here for more details Table / Object Details sysevent_register: 1215 Event with empty Fired By. Look on instance Categorization Details Definition: HSD0002480: Group should not have an inactive Manager Rating: Act Description: A group is a set of users who share a management structure. Groups with an inactive user as a Manager indicate poor data management. No groups should be assigned a manager © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 67 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

who is inactive. Recommendation: Update the affected groups with an active manager. Documentation Click here for more details Table / Object Details sys_user_group: 12 group(s) with inactive Manager Look on instance Categorization Details Definition: HSD0002701: Active Scheduled Job run by Inactive User Rating: Act Description: Scheduled Job if configured to be run by a different user (Run as), should be run by a valid active user in the application to execute the job. Users can easily deactivate. We need to validate that all jobs are not affected by such activity. Recommendation: Validate that all jobs are configured with a valid user if there are any define values under the "Run as" field Documentation Click here for more details Table / Object Details sysauto: 48 Job(s) with inactive user as 'Run as'. Look on instance ACN SAC Findings Categorization Details Definition: HSD0003086: Scripted REST service and its resources should have a short description Rating: Discuss Description: Scripted REST services and their resources should have at least a short description for documentation purposes. Recommendation: Scripted REST service or attached resource does not provide a short description. Please add at least a short description for documentation purposes. Documentation Click here for more details Table / Object Details Scripted REST Resource [sys_ws_operation]: GET_INFORMATIONAL_TILE_BY_ID Look on instance Scripted REST Resource [sys_ws_operation]: GetSoftwareByID Look on instance Scripted REST Resource [sys_ws_operation]: getApproverProfile Look on instance Categorization Details Definition: HSD0003082: Enable Scripted REST API versioning Rating: Discuss © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 68 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Description: Scripted REST APIs may be versioned, allowing you to test and deploy changes without impacting existing integrations. Recommendation: Enable versioning for a scripted REST API to provide multiple versions of the API while maintaining compatibility with existing integrations. Documentation Click here for more details Table / Object Details Scripted REST API [sys_ws_definition]: SAC Software API Look on instance Categorization Details Definition: HSD0001614: A before Business Rule should alter the current object. Otherwise it can be done async. Rating: Discuss Description: Similar (but not the same) as PID0001017 Recommendation: Use Async business rule Documentation Click here for more details Table / Object Details Business Rule [sys_script]: SAC Requested Items Look on instance ACN Guided Workflow Findings Categorization Details Definition: HSD0001058: Scoped app uses logging utils or depreciated methods for logging rather than the verbosity method. Rating: Act Description: Scoped applications should use scoped logging APIs rather than legacy methods. Recommendation: Scoped applications should use scoped logging APIs rather than legacy methods. Documentation Click here for more details Table / Object Details Script Include [sys_script_include]: acn_gw_cart_submit Look on instance APIs and Integration Tools Findings Categorization Details Definition: HSD0003076: Basic authentication credentials on SOAP Message definition Rating: Recommend Description: Basic Authentication for outbound SOAP Messages should use Basic Auth Profiles instead of putting the credentials on the function definition itself. Recommendation: Move the credentials from the SOAP Message definition into a Basic Auth Profile record and reference it for easier, centralized management of credentials. Documentation Click here for more details © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 69 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Table / Object Details SOAP Message Function [sys_soap_message_function ]: AddSharedMailbox Look on instance SOAP Message Function [sys_soap_message_function ]: GBUObjectSoap.AddGroupMember Look on instance SOAP Message Function [sys_soap_message_function ]: GBUObjectSoap.AddGroupMember Look on instance SOAP Message Function [sys_soap_message_function ]: Create Look on instance Categorization Details Definition: HSD0003084: Scripted REST without a REST resource Rating: Discuss Description: A scripted REST service will not be usefull unless it defines at least one REST resource. Recommendation: Either create a REST resource for this scripted REST service or delete it, as it is not usable in its current state. Documentation Click here for more details Table / Object Details Scripted REST API [sys_ws_definition]: Update Service Look on instance Categorization Details Definition: HSD0003083: Scripted REST resource without enabled security Rating: Act Description: Scripted REST services offer 2 security options on resource level: requiring authentication and requiring ACL authorization. At least one of them should be checked. Recommendation: Enable at least authorization, even for scripted REST services that don't alter data. Consider using ACL authorization as well, if data will be altered by the web service. Documentation Click here for more details Table / Object Details Scripted REST Resource [sys_ws_operation]: Update CI Record Look on instance Scripted REST Resource [sys_ws_operation]: updateComment Look on instance Scripted REST Resource [sys_ws_operation]: ipAddressAndLocation Look on instance Scripted REST Resource [sys_ws_operation]: Get Status Look on instance © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 70 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Categorization Details Definition: HSD0002825: glide.import.error_message.generic is not enabled. Rating: Recommend Description: When true, failed imports display a generic error instead of a verbose SQL message. Enabling this property is highly recommended. Recommendation: Enable glide.import.error_message.generic to improve user experience thus limiting exposure to error messages. Documentation Click here for more details Table / Object Details System Property [sys_properties]: glide.import.error_message.generic Look on instance Categorization Details Definition: HSD0003082: Enable Scripted REST API versioning Rating: Discuss Description: Scripted REST APIs may be versioned, allowing you to test and deploy changes without impacting existing integrations. Recommendation: Enable versioning for a scripted REST API to provide multiple versions of the API while maintaining compatibility with existing integrations. Documentation Click here for more details Table / Object Details Scripted REST API [sys_ws_definition]: Update Service Look on instance Categorization Details Definition: HSD0001600: Transform Script that run onBefore should not update() or insert() records on another table Rating: Discuss Description: A finding will be created for each transform script that uses updates or inserts on other tables than the traget table Recommendation: Avoid creating record other than the target table, otherwise the import could take a long time. Typically because the BR loging and potential additional logic will be triggered with every update. In addition, it is hard to find out from where a record was updated. Documentation Click here for more details Table / Object Details Transform Script [sys_transform_script]: onBefore in tm_dsrm_di_domain_inclusion_bulk_request. Script:Found on lines 20 and 126 Look on instance AppEngine Findings Categorization Details © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 71 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Definition: HSD0001071: Custom Tables in global scope Rating: Recommend Description: Having many custom tables is difficult to manage. New tables should be created inside a scope, which makes things easier. There is a finding for each custom table outside of a scope. Recommendation: Leverage scoped apps to create new tables and consider transitioning old ones. This allows you to split responsibilities with Delegated developement. Documentation Click here for more details Table / Object Details CIO CI Manual Bulk Import Target Table [u_cio_ci_manual_bulk_imp ort_target_table]: CIO CI Manual Bulk Import Target Table Look on instance dSRM TR Imp [u_dsrm_tr_imp]: dSRM TR Imp Look on instance dSRM PDR DS Imp [u_dsrm_pdr_ds_imp]: dSRM PDR DS Imp Look on instance dSRM VSPD VDI Bulk [u_dsrm_vspd_vdi_bulk]: dSRM VSPD VDI Bulk Look on instance Categorization Details Definition: HSD0001538: Workflow activity references an empty or invalid group Rating: Discuss Description: Approval and other workflow activities with empty or invalid groups may cause issues with the workflow process. Recommendation: Make sure the correct group is assigned to the activity and that there are active users in the group. Documentation Click here for more details Table / Object Details Workflow Activity [wf_activity]: Get administrator group approval. Group Accenture LTS has no users. Look on instance Workflow Activity [wf_activity]: Catalog Request Approvers. Group Catalog Request Approvers > $1000 has no users. Look on instance Workflow Activity [wf_activity]: People Mobility Approval. Group ETR People Mobility Approvers has invalid users. Look on instance Workflow Activity [wf_activity]: CAB Approval. Group CAB Approval has no users. Look on instance Custom Application Runtime and Execution Findings Categorization Details Definition: HSD0001106: Applications should use Source Control Rating: Discuss © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 72 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Description: Applications build on the Now platform should be linked to a source control repository Recommendation: Applications build on the Now platform are recommended to be linked to a Source Control Repository. Documentation Click here for more details Table / Object Details Custom Application [sys_app]: Ask HR Look on instance Custom Application [sys_app]: Client Whitelist Look on instance Custom Application [sys_app]: Clear Pass Look on instance Custom Application [sys_app]: ACN_ASB Look on instance Categorization Details Definition: HSD0001107: JavaScript Mode is not set on ES5 Rating: Discuss Description: To support existing scripts and new scripts developed to the ECMAScript5 standard, the JavaScript engine has two modes. The modes are Compatibility Mode and ES5 Standards Mode. The JavaScript engine dynamically determines which mode to use on a script-by- script basis. ES5 Standards mode is the default when you create new scoped scripts. This mode does not preserve the legacy behaviors in the pre-Helsinki JavaScript engine. Recommendation: All apps created after Helsinki should have ES5 set as the JavaScript mode. For any legacy apps, consider migrating to ES5. For any new apps, ES5 should be selected. Documentation Click here for more details Table / Object Details Custom Application [sys_app]: BizInquiry PAV Look on instance Leave of Absence Findings Categorization Details Definition: HSD0003084: Scripted REST without a REST resource Rating: Discuss Description: A scripted REST service will not be usefull unless it defines at least one REST resource. Recommendation: Either create a REST resource for this scripted REST service or delete it, as it is not usable in its current state. Documentation Click here for more details Table / Object Details Scripted REST API [sys_ws_definition]: LOA Get ACN MRDR People Relationship Look on instance ACN MyLearning Findings © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 73 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Categorization Details Definition: HSD0001153: Hard coded instance URL Rating: Recommend Description: Raises a finding for any hard-coded instance URLs Recommendation: Hard coded URLs to the instance make it difficult to move code between sub-prod and prod environments, causing broken links in at least one of the environments. Instead of hard coding, you might choose to use relative paths such as /incident.do or if you must use the instance URL use gs.getProperty('glide.servlet.uri'). Documentation Click here for more details Table / Object Details Email Script [sys_script_email]: mylrn_surveyLink. Script:Found on line 4 Look on instance Categorization Details Definition: HSD0002419: Coding practices: Reading field values (e.g. gr.incident) in a UI Action Rating: Discuss Description: For readability of code, we should continue to push the customers in the direction of using getValue() or toString() when reading values in a server script. Even more so when using those values in a condition. As an example, you may have var someValue = glideRecord.fieldName; //this is a GlideElement object This returns an object where loose coding (or hacks) are used to make them practical, but readability becomes an issue: var someValue = glideRecord.fieldName + ''; //add empty string to make a string if ("someString" == someValue) {} // notice the == instead of === As a good practice, it is recommended to use getValue(). So the above script would become var someValue = glideRecord.getValue("fieldName"); For dot-walking can use toString(). For example: var someValue = glideRecord.refField.fieldName.toString(); Recommendation: For improved readability and to leverage current coding practices, utilise the GlideRecord API's getter (glideRecord.getValue()) and setter (glideRecord.setValue()) methods with the identified Script Includes. Using gr.fieldName returns an object, whereas using gr.getValue('fieldName') will return a string value. Documentation Click here for more details Table / Object Details UI Action [sys_ui_action]: Cancel Request. Found on line 49 Look on instance Categorization Details Definition: HSD0002454: Business rules with complex scripted conditions should be managed differently Rating: Recommend Description: It is more difficult to manage and understand conditional logic entered in the condition field of a business rule than in a script include that allows for descriptive comments. This is especially true when multiple conditions exist or the length of the condition is long. Tips: 1. Use a function with relevant comments 2. Simplify the condition logic (reduce repeat script) 3. Use a script include for re-usability across the platform © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 74 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Recommendation: It is more difficult to manage and understand conditional logic entered in the condition field of a business rule than in a script include that allows for descriptive comments. This is especially true when multiple conditions exist or the length of the condition is long. Example bad case: gs.getUser().getName() != 'system' && (!new hr_Utils().checkUserHasRole(hr.ROLE_HR_CASE_READER)) Example good case: new hr_Utils().applicableUser() Where possible, move conditional logic into a function that allows for comments and/or simplified script that is more easily consumable. This will help speed up troubleshooting and decrease maintenance efforts while promoting re-usability. Example: /* * Returns true if the user is neither the HR case reader nor the system user */ applicableUser: function() { var systemUser = gs.getUser().getName() == 'system'; var caseReader = this.checkUserHasRole(hr.ROLE_HR_CASE_READER); return !(systemUser || caseReader); } Documentation Click here for more details Table / Object Details Business Rule [sys_script]: Auto assessment business rule Look on instance Categorization Details Definition: HSD0001602: Number maintenance fields unique Rating: Discuss Description: Number fields in the sys_number table should always be marked unique. A unique index on a table guarantees that the index key contains no duplicate values and therefore ensures that every row in the table is unique in some way. Recommendation: Enable a unique index on the table. Documentation Click here for more details Table / Object Details Dictionary Entry [sys_dictionary]: Survey_id Look on instance Categorization Details Definition: HSD0001614: A before Business Rule should alter the current object. Otherwise it can be done async. Rating: Discuss Description: Similar (but not the same) as PID0001017 Recommendation: Use Async business rule Documentation Click here for more details Table / Object Details Business Rule [sys_script]: myLrng_updateDuration Look on instance Business Rule [sys_script]: Mylrn Last Notes Updation Look on instance Business Rule [sys_script]: mylrn_contactSupport_task_onAfter Look on instance © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 75 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

ACN WFH Findings Categorization Details Definition: HSD0001153: Hard coded instance URL Rating: Recommend Description: Raises a finding for any hard-coded instance URLs Recommendation: Hard coded URLs to the instance make it difficult to move code between sub-prod and prod environments, causing broken links in at least one of the environments. Instead of hard coding, you might choose to use relative paths such as /incident.do or if you must use the instance URL use gs.getProperty('glide.servlet.uri'). Documentation Click here for more details Table / Object Details Email Script [sys_script_email]: wfh_servicenow. Script:Found on line 3 Look on instance Email Script [sys_script_email]: wfh_BL_Approvals. Script:Found on line 7 Look on instance Email Script [sys_script_email]: wfh_req. Script:Found on line 5 Look on instance Email Script [sys_script_email]: wfh_contributor. Script:Found on line 3 Look on instance Categorization Details Definition: HSD0001214: Report assigned to a non-existent group/user Rating: Discuss Description: In case a report is shared with a non-existent group/user, this might be a left over after the group/user was deleted. Admins should consider keeping those records up to date to keep the system manageable Recommendation: Update the report and share it only with valid groups/users known to the system. In the rare case the system creates a group/user with the same orphan sys_id, the report would otherwise immediately shared with the group/user. Documentation Click here for more details Table / Object Details Report Users and Groups [sys_report_users_groups]: WFH PH Reports, Group: 86bbd69bdb89101ce61cd054d4961938 Look on instance Categorization Details Definition: HSD0004595: Email notifications with missing users, groups (no members), user/groups Rating: Recommend Description: Scan active email notifications for who should receive the notification and provide a list of any notifications that have missing users, user/groups, or groups with no members. This check is used to confirm that the notification settings are still correct, that the configuration is accurate. Exclude notifications where Event parms can contain recipient or Users/Groups © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 76 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

in fields can contain recipient. Recommendation: Review notifications that indicate missing information and correct them. Documentation Click here for more details Table / Object Details Notification [sysevent_email_action]: ACN WFH SLA Breached - Connectivity Look on instance Notification [sysevent_email_action]: ACN WFH Assigned - Escalation 3- 6th day Look on instance Notification [sysevent_email_action]: ACN WFH Closed for Pre-Closure - AO Look on instance Notification [sysevent_email_action]: ACN WFH - 7 prior to WFH End Date - AO Look on instance Categorization Details Definition: HSD0001614: A before Business Rule should alter the current object. Otherwise it can be done async. Rating: Discuss Description: Similar (but not the same) as PID0001017 Recommendation: Use Async business rule Documentation Click here for more details Table / Object Details Business Rule [sys_script]: WFH_Skip HRPA approval Look on instance Agile Development Findings Categorization Details Definition: HSD0001187: Minimize logging in production Rating: Discuss Description: Turn debug logging off in production. It can affect performance, and potentially cause data leak challenges Recommendation: Remove the logging functions entirely or control their use with a property. At the minimum, switch to using gs.info and gs.debug Documentation Click here for more details Table / Object Details Business Rule [sys_script]: Remove accenture data. Script:Found on line 11 Look on instance AIA Datalake Findings Categorization Details Definition: HSD0001187: Minimize logging in production © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 77 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Rating: Discuss Description: Turn debug logging off in production. It can affect performance, and potentially cause data leak challenges Recommendation: Remove the logging functions entirely or control their use with a property. At the minimum, switch to using gs.info and gs.debug Documentation Click here for more details Table / Object Details Script Include [sys_script_include]: ACNBaseClass. Script:Found on line 39 Look on instance Ask HR Findings Categorization Details Definition: HSD0001187: Minimize logging in production Rating: Discuss Description: Turn debug logging off in production. It can affect performance, and potentially cause data leak challenges Recommendation: Remove the logging functions entirely or control their use with a property. At the minimum, switch to using gs.info and gs.debug Documentation Click here for more details Table / Object Details Script Include [sys_script_include]: acn_askHRQuery. Script:Found on line 207 Look on instance Categorization Details Definition: HSD0002454: Business rules with complex scripted conditions should be managed differently Rating: Recommend Description: It is more difficult to manage and understand conditional logic entered in the condition field of a business rule than in a script include that allows for descriptive comments. This is especially true when multiple conditions exist or the length of the condition is long. Tips: 1. Use a function with relevant comments 2. Simplify the condition logic (reduce repeat script) 3. Use a script include for re-usability across the platform Recommendation: It is more difficult to manage and understand conditional logic entered in the condition field of a business rule than in a script include that allows for descriptive comments. This is especially true when multiple conditions exist or the length of the condition is long. Example bad case: gs.getUser().getName() != 'system' && (!new hr_Utils().checkUserHasRole(hr.ROLE_HR_CASE_READER)) Example good case: new hr_Utils().applicableUser() Where possible, move conditional logic into a function that allows for comments and/or simplified script that is more easily consumable. This will help speed up troubleshooting and decrease maintenance efforts while promoting re-usability. Example: /* * Returns true if the user is neither the HR case reader nor the system user */ applicableUser: function() { var systemUser = gs.getUser().getName() == 'system'; var caseReader = this.checkUserHasRole(hr.ROLE_HR_CASE_READER); return !(systemUser || caseReader); } Documentation Click here for more details © 2018 ServiceNow, Inc. All rights reserved. CONFIDENTIAL 78 ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.