Every regulation,
mapped to ServiceNow.

Digital Operational Resilience Act

DORA is EU regulation that entered into force in January 2025, requiring financial entities operating in the European Union to strengthen their digital operational resilience — including ICT risk management, incident reporting, resilience testing, and third-party ICT provider oversight. ServiceNow provides financial entities with the operational platform to meet DORA requirements.

Federal Risk and Authorization Management Program

FedRAMP provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services used by U.S. federal agencies. Cloud service providers seeking FedRAMP authorization must implement NIST SP 800-53 controls and maintain continuous compliance evidence. ServiceNow helps cloud providers and agencies manage FedRAMP compliance operationally.

Health Insurance Portability and Accountability Act

HIPAA establishes national standards for protecting sensitive patient health information. Covered entities and business associates must implement administrative, physical, and technical safeguards — and demonstrate compliance through ongoing risk assessment and control management. ServiceNow helps healthcare organizations automate HIPAA compliance and manage privacy risk.

ISO/IEC 27001

ISO/IEC 27001 is the international standard for information security management systems (ISMS). Achieving and maintaining certification requires organizations to establish, implement, maintain, and continually improve a systematic approach to managing information security risks. ServiceNow GRC/IRM provides the operational platform to run a certifiable ISMS.

NIST Cybersecurity Framework

The NIST Cybersecurity Framework provides a voluntary, risk-based framework for managing cybersecurity risk across five core functions: Identify, Protect, Detect, Respond, and Recover. ServiceNow enables organizations to operationalize NIST CSF by connecting risk management, security operations, and business continuity into a single platform.

Payment Card Industry Data Security Standard

PCI-DSS establishes security standards for any organization that stores, processes, or transmits cardholder data. Compliance requires documented controls, regular testing, vulnerability management, and incident response capabilities. ServiceNow helps payment ecosystem participants automate PCI-DSS compliance and manage cardholder data environment risk.

Sarbanes-Oxley Act

The Sarbanes-Oxley Act requires U.S. public companies to maintain accurate financial reporting, implement internal controls, and provide auditable evidence of compliance. ServiceNow GRC/IRM helps organizations automate SOX control testing, link controls to risks and issues, and build audit-ready reporting.

SOC 2

SOC 2 is an auditing standard developed by the AICPA that evaluates how technology and cloud companies manage customer data across five Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. ServiceNow GRC/IRM helps technology companies build and operate the continuous control environment that SOC 2 Type II requires.