As the access to data increases, the risk of sensitive data exposure increases as well. A great strategy to prevent embarrassing data leaks is to limit access to that data as much as possible. Thankfully, ServiceNow includes excellent out-of-the-box security features that help safeguard the HR department’s reputation. Nevertheless, ServiceNow administrators should take a few extra steps to restrict access to sensitive data, thereby increasing security and privacy for employees.
Restrict access to sensitive employee data on the Now Platform
Our ServiceNow expert William Smith demonstrates how to easily create COE security policies to control access to HR case data. Centers of Excellence are tables that allow cases to be organized by HR departments, where security policy records can be created to restrict access to HR case information. User groups that are not included in the COE policy cannot access the cases. This feature is provided as a no code alternative to ACL rules, in that it is simpler to setup, configure, and manage.
| Read more: HR vs. IT - How to Use ServiceNow to End the Feud
Great for organizations with services spread across different teams
This feature is best utilized by larger organizations that have HR services spread across different teams. These teams could include service delivery, benefits, payroll, and more. To restrict access to the department data, create security policies for each team, and then also apply them to specific HR services (such as disciplinary and/or termination).
Centers of Excellence Security Policies Released with Orlando version in January of 2020 View ServiceNow documentation
Easily ensure data security and privacy for employees
Adding COE security makes it simple to control access to your sensitive HR cases and ensures that only the proper groups can view cases that pertain to them. Implementing these security policies takes just a few clicks. When finished, there will be peace of mind knowing your organization’s HR cases are secure. Bonus, only minimal testing is needed! Watch the video to see how!
Technical Details Documentation COE security policies are managed through the hr_SecurityUtils().getCoeSecurityPolicy(caseGr, operation, userId). They are called from the hr_Case().canReadCase() and canEditCase(). These are setup in the read and write table ACLs respectively.
| Read more: 5 ways ServiceNow makes HR Easier
ServiceNow HR Security experts
Implementing COE security policies is just one of the many ways to ensure data security and mitigate the potential for harmful data leaks. No matter where you are on your ServiceNow journey, whether looking to implement the HR application, expand its features, or ensure its security, we can help you accomplish your goals faster. Cerna Solutions is a team of 100% US-based ServiceNow experts, with authoritative expertise in ServiceNow human resources and security. Visit our HR Offering webpage for more information about our HR expertise, or contact us for an HR security assessment.