Updated: Apr 10

ServiceNow’s Vulnerability Response solution allows you to manage the work required to remediate vulnerabilities in your enterprise. In general, Vulnerability Response strives to address vulnerabilities as quickly as appropriate, thereby reducing risk to the IT estate and the business. Not all vulnerabilities introduce the same degree of risk or require a “drop everything and fix” response. In fact, sometimes, it is a better use of time and resources to delay the remediation of known (and low risk) vulnerabilities. But, then, how do you manage those exceptions?

The Exception Process

ServiceNow provides a straight-forward, out-of-the-box workflow that makes it easy to request a deferment on a single vulnerable item or vulnerable group (of items). Here’s how it works:

  • The remediation analyst (who may be a system administrator, an IT analyst or system owner) tasked to remediate a vulnerability identifies the need to delay remediation.

  • The analyst marks the vulnerability state as “Deferred” in the vulnerability record.

  • The analyst provides a reason for the deferral request and specifies a deferment window (by selecting a date in the future at which point the vulnerability will become active again).

  • The system routes the deferral request for approval. (Typically, approval is granted by the vulnerability remediation team, the IT Risk Management team or, in some cases, the CISO.)

  • Approvers review the vulnerability and consider the need for the delay as well as the deferment window, both of which are available for context during the review.

  • When the deferment period nears, the assigned team members are notified that it’s “showtime” and remediation activities ensue.

Note: It is best practice to set an expiration for every exception. At expiration, the vulnerability is remediated or re-evaluated for a new exception. As the expiration date nears, notifications should be sent to anyone assigned a deferred vulnerability. This is a common configuration item during implementation.

Your Exception Process

For organizations that practice more mature exception handling, ServiceNow’s out-of-the-box exception workflow is an excellent “jumping off point”. The workflow is easily configurable to reflect more complex practices.

No matter where you are on your maturity journey, Cerna Solutions has you covered when it comes to handling vulnerability exceptions on the ServiceNow platform. For a walkthrough of the process, check out our video above.

Need help with Vulnerability Response?

Recognized as a ServiceNow "Elite" partner, we are a team full of 100% US-based ServiceNow professionals who specialize in ServiceNow Vulnerability Response. Our approach to Security Operations has earned us a repeat customer rate of 91%, and a customer satisfaction score of 9.7/10. Learn more about our ServiceNow Security Operations offerings, or contact us for more information.

Updated: Apr 6

Our Emergency Response Team has developed an Implementation Guide for ServiceNow’s Crisis Management applications to help the communities that we live in quickly respond to the COVID-19 pandemic.

About the ServiceNow Applications

The Emergency Response Operations application optimizes staff and resources to support emergency response for public agencies and other organizations.

The Emergency Outreach application provides a mechanism for employees and contingent workers with access to your ServiceNow application to report their health status.

The Emergency Exposure Management application helps identify and manage exposure risk when an employee is diagnosed with an illness.

The Emergency Self Report enables employees to report illnesses and readiness to return, and initiates workflows to help managers respond.

About the Guide

Our ServiceNow Emergency Response Operations Guide provides guidance on how to get started. It assumes you have already installed the applications into an existing ServiceNow instance. For information on how to install the applications, visit the ServiceNow documentation website.

About Cerna Solutions

Founded in 2012, we are a team of 100% US-based ServiceNow experts, dedicated to revolutionizing the place of work. In these uncertain times, we are happy to donate our expertise to impacted communities. If you have a need, we are here to serve.

Updated: Mar 28

Join the experts at Cerna Solutions as we discuss all things ServiceNow® in a live video podcast.

In this episode, we discuss ServiceNow version upgrades, and how to develop a strategy to avoid headaches and frustration. Learn what common pitfalls to avoid, as well as which best practices are used by ServiceNow professionals to ensure a smooth and painless upgrade process. Register to watch live as we answer your questions and grow in your understanding of what ServiceNow can really do.

In this session, we discuss:

  • Why staying up-to-date is both critical and beneficial to your company

  • ServiceNow upgrade best practices and strategy

  • The role of automated testing in the upgrade process

  • Common errors and how to avoid them

  • Answers to your questions and real-life scenarios

Presented by:

Jeff Marlow

Joining the panel as our premier ServiceNow expert, Jeff has over 10 years of experience working with ServiceNow and has completed numerous version upgrades with our clients from Kingston to Orlando.

Brett Ishmael

Our expert upgrader, Brett has experience advancing large enterprise upgrades from Plan to Production. He will share with us some of the unique lessons he learned and how to avoid unwanted problems.

Alejandra Chiquillo

A smooth upgrade can only be guaranteed by testing ahead of time. Alejandra brings experience automating testing with CapIO® and will provide insight into how companies can save time and reduce bugs.

Need help with an Upgrade?

How to Prepare for a ServiceNow Upgrade is an eight-page manual that provides guidance on when and why you should upgrade, along with how to prepare for an upgrade using our expert best practices. This free guide also covers common pitfalls to help you protect yourself from painful surprises on your upgrade path. If you need guidance on how to properly prepare and execute an upgrade or are looking for strategies to shorten your testing phase and stomp out bugs faster, this guide is for you.

Start Now

Security & Risk Solutions
IT Solutions
Business Solutions
HR Solutions
Customer Solutions
CS 2020 LOGO - solutions tagline (white)


Phone:  +1 844 804 6111 (US)

               +44 (20) 33254077 (UK)

  • White LinkedIn Icon
  • White YouTube Icon
  • White Twitter Icon
ServiceNow Services

© 2020 Cerna Solutions, Inc. All Rights Reserved. 2056 Palomar Airport Road Carlsbad, CA, 92011.