• David Tessaro

Safeguard Sensitive HR Data on the Now Platform with COE Security Policies

As the access to data increases, the risk of sensitive data exposure increases as well. A great strategy to prevent embarrassing data leaks is to limit access to that data as much as possible. Thankfully, ServiceNow includes excellent out-of-the-box security features that help safeguard the HR department’s reputation. Nevertheless, ServiceNow administrators should take a few extra steps to restrict access to sensitive data, thereby increasing security and privacy for employees.

Risk of sensitive data exposure increases as user access increases graph servicenow human resources security
Implement COE Security policies to limit the number of users who can access sensitive data in ServiceNow

Restrict access to sensitive employee data on the Now Platform

Our ServiceNow expert William Smith demonstrates how to easily create COE security policies to control access to HR case data. Centers of Excellence are tables that allow cases to be organized by HR departments, where security policy records can be created to restrict access to HR case information. User groups that are not included in the COE policy cannot access the cases. This feature is provided as a no code alternative to ACL rules, in that it is simpler to setup, configure, and manage.

| Read more: HR vs. IT - How to Use ServiceNow to End the Feud

Great for organizations with services spread across different teams

This feature is best utilized by larger organizations that have HR services spread across different teams. These teams could include service delivery, benefits, payroll, and more. To restrict access to the department data, create security policies for each team, and then also apply them to specific HR services (such as disciplinary and/or termination).

Centers of Excellence Security Policies
Released with Orlando version in January of 2020
View ServiceNow documentation

Easily ensure data security and privacy for employees

Adding COE security makes it simple to control access to your sensitive HR cases and ensures that only the proper groups can view cases that pertain to them. Implementing these security policies takes just a few clicks. When finished, there will be peace of mind knowing your organization’s HR cases are secure. Bonus, only minimal testing is needed! Watch the video to see how!

Technical Details  Documentation
COE security policies are managed through the hr_SecurityUtils().getCoeSecurityPolicy(caseGr, operation, userId). They are called from the hr_Case().canReadCase() and canEditCase(). These are setup in the read and write table ACLs respectively.

| Read more: 5 ways ServiceNow makes HR Easier

ServiceNow HR Security experts

Implementing COE security policies is just one of the many ways to ensure data security and mitigate the potential for harmful data leaks. No matter where you are on your ServiceNow journey, whether looking to implement the HR application, expand its features, or ensure its security, we can help you accomplish your goals faster. Cerna Solutions is a team of 100% US-based ServiceNow experts, with authoritative expertise in ServiceNow human resources and security. Visit our HR Offering webpage for more information about our HR expertise, or contact us for an HR security assessment.

Read More: Recent Posts