Servicenow-CIS-RC guide - Certified Implementation Specialist - Risk and Compliance Updated: 2023

Why are goals so important when choosing a CRM? Goals define the features and capabilities that will best meet your needs. These include broader business goals (like mission statements) alongside measurable and attainable goals.

For example, a deeply customized luxury service might not benefit from a CRM specializing in automation. Instead, flexible service businesses might benefit from analytical CRM tools. That way, these businesses can receive regular reports on their most profitable ventures and processes.

Critical CRM Software Selection Criteria

When selecting the best CRM for your business needs, here are some criteria you might consider.

Integrations and Ecosystem

Integrations refer to the third-party apps that Boost the functionality of your tools. By working with more outside programs, a CRM has more flexibility.

Costlier CRMs typically integrate with more apps. Smaller CRMs tend to work with specific programs (usually the larger ones). But the right CRM for you works with apps that help you achieve your business goals.

Ideally, these are programs you already use and are familiar with. You don’t want to introduce too many new programs simultaneously, which might overwhelm employees.

Examples:

• Salesforce has a marketplace of apps on its App Exchange (like Zapier and Jitterbit).
• HubSpot supports an app marketplace that includes Gmail, WordPress and many more.

Mobile Capabilities

85% of Americans use a smartphone, and 15% of those Americans are smartphone-only internet users. You can find a similar trend like this at the workplace, which is a direct response to our increasingly remote, mobile workforce.

If your sales staff includes a field team, a mobile CRM is worth considering. Mobile CRMs have mobile-friendly dashboards that provide the same customer information as their desktop variants. With mobile information on hand, sales reps can reference pipeline data on the go.

Examples:

• Keap offers a mobile app that provides on-the-go customer info, notes and tasks.
• Agile CRM offers milestone and schedule tracking, helping you track your salespeople.

Ease of Use

Whether you’re running a small business or a large enterprise, high-quality CRMs are easy to use. This becomes apparent during the training stages of the implementation strategy. Those familiar with similar tools should be able to find customer data and pipeline information easily. The less time CRM users have to spend with customer support, the better.

Look for CRMs that have a free trial or money-back guarantee. That way, you don’t have to commit to a CRM system before you know you like it. It can take time to recognize that some CRMs aren’t easy to use. The best way to learn this is to try multiple CRMs before deciding on your favorite.

Examples:

• Monday.com offers a 14-day free trial that helps you learn the platform.
• Pipedrive is a simple platform that focuses on organizing your sales management pipeline.

Analytics and Reporting

Virtually all CRMs offer some data. However, the type of CRM data you need varies depending on your goals. So, it’s important to find CRMs that create reports that align with your business goals.

For example, let’s say your goal is to increase your conversions by 5%. To do this, you want to use historical data. It makes sense in this case for you to pursue CRMs that offer predictive analytics.

You might also benefit from deeper dives into the sales funnel or service results. When deciding on your CRM features, create a list of must-haves in order of importance. The CRM you pick likely won’t have everything on your list, which is why it’s important to decide which features you’re willing to provide up.

Examples:

• HubSpot provides analytics and reporting features using a website tracking code
• Google Analytics can tag users (with cookies) and help you better track the customer journey

Data Model and Customization

Without data, we make business decisions in the dark. CRMs help prevent this issue by connecting data and letting you customize based on your pipeline. Each pipeline is different, and it’s unlikely you’ll find a CRM that matches yours exactly, which is why customization of the pipeline and data is so relevant.

CRMs are data repositories that collect user information, including notes, company size and sales cycle stage. By connecting these various data points together, you can sell more effectively. The more you know about someone, the more you can relate to them, which increases your chances of appealing to them during the sale process.

For example, let’s say you have a customer who has asked about your product. This customer has a large business and works in e-commerce. Thankfully, you have a sales agent who knows and works with these clients. Sorting these people into different sales channels is an example of segmentation, which is incredibly handy when increasing your odds of converting a visitor into a customer.

Without a CRM, you could still identify and utilize this information. However, you might not have a single, accessible data source for all your agents to retrieve this information. CRMs save some time by providing that single source. Beyond that, some CRMs with customizable data fields help you collect unique information. Your business is unique, so make sure the data you can collect is too.

Examples:

• ClickUp lets its users customize a different user- and client-facing process.
• Salesforce is a data-driven CRM that offers helpful, backend data validation tools (so you can confirm its accuracy).

Security and Compliance

When you take customer data, you must be sure it’s safely stored. So ideally, you’ll want to find a CRM known for high standards in security and compliance. You can do this by reviewing their online reputation, such as searching for something like “HubSpot data breach.”

The information you collect includes PII (Personally Identifiable Information). Companies that handle this information must follow Department of Labor regulations. Even if your CRM causes a data leak, your company might be liable for a CRM provider’s mistakes.

Some companies might also have an internal threat actor. This means one of your employees could use the data against you. To prevent this, find CRMs that let you create different roles with changing permissions. These roles get access to different levels of information. In addition, being able to see who accessed the data is essential. Controlling the flow of information is vital when keeping your customer data secure.

Examples:

• Salesforce relies on advanced data security controls. These include SSL (secure socket layer) and MFA (multi-factor authentication).
• Regardless of your chosen CRM, in-house data security protocols better secure customer information.

Automation

While some service companies excel at providing flexible, customizable packages, other sales companies rely on a more consistent process. In either case, you can benefit from fully automating aspects of a workflow.

It’s estimated that around 50% of all work can be completely automated, allowing humans to focus on where they excel: creativity. CRMs provide this by automating certain workflows. For example, some CRM systems include (or integrate with) email marketing services. So, you can send an automated reply email daily after making a follow-up call, saving your marketing staff time.

Automation can include automatic report sending, conversation logging and data entry. These are just a few examples of how automation can help save time and money.

Examples:

• Zapier integrates multiple tools (including CRMs) with automated processes where there were previously none.
• Larger tools, like HubSpot, help specifically in marketing automation, triggering automatic responses as customers sign up for newsletters or express interest in a product.

Artificial Intelligence

Much like automation, AI (artificial intelligence) is another feature to help save time in your CRM. AI covers many fields but is mostly found in its chat form, often relying on the popular ChatGPT. Here are the two cases you’ll likely come across:

• Sales assistant: An AI can use data from your sales pipeline or provide general advice to provide you improvement suggestions.
• Customer-facing chatbot: A customer-facing chatbot can replace some customer service functions, like providing information to site visitors curious about your product.

While AI may be the future, it might not be ready for prime time yet. Even Google’s chatbot, Bard, dropped Alphabet’s stock after making a public error. So, if choosing the customer-facing chatbot option, be aware that it might make a mistake.

Examples:

• Freddy AI from Freshworks is one example of a customer-facing chatbot that can provide automated answers.
• Einstein GPT is Salesforce’s multi-faceted AI chat tool that offers guidance for sales, marketing and customer-facing interactions.

Pricing

Depending on the CRM you want, pricing can vary heavily. Some CRMs have a free version while others start at nearly $200 monthly. During the preparation processes, determine your budget for finding a CRM, and don’t forget to include the extra cost of training and extra resources. Having a budget before shopping eliminates some expensive CRMs before you start. 

You also don’t want to pick a CRM that won’t meet your needs. While Pipedrive starts at $14.90 per user per month for its Essential plan (billed annually), this entry-level plan only provides one insights dashboard. So, if you have multiple sales funnels running simultaneously, you’ll need something more.

Pricing, as well as everything else, contributes to selecting the best CRM solution for your needs. So, be strategic in your decisions. Once you pick the best CRM, you can start the six-step CRM implementation process below.

ServiceNow, a global leader in digital workflow solutions, has always been dedicated to nurturing a culture of innovation, collaboration and belonging among its employees. It’s no surprise that the company has been recognized as one of Fortune’s Best Workplaces in Technology 2023 and certified as a Great Place to Work in 11 countries.

This commitment is epitomized by its annual Unified Technology Group Connect event, where engineering employees from all corners of the world come together to celebrate their achievements, share ideas and strengthen their bonds as a unified team. This year, the event took place in the United States, Ireland and India, with employees attending the event in the region closest to them.

This year’s UTG Connect just wrapped up, so Built In reached out to three ServiceNow  employees who attended the event to learn about how it empowers growth and opportunity, supports a globally distributed yet vibrant culture, and advances innovation at ServiceNow.

Ekta Akadkar’s journey with ServiceNow began in May 2021 when she joined the company as a summer intern. Her initial experience left an indelible mark and drew her back to the company as a full-time employee after graduation. 

“You want to work at a company whose work is impactful and done in a motivating environment,” she said. “It’s always exciting when other people tell me how using the ServiceNow platform at their companies has made their work more efficient.”

ServiceNow’s culture, rooted in teamwork and continuous improvement, played a pivotal role in  Ekta’s growth as a software engineer. She found herself surrounded by experienced colleagues who welcomed questions and encouraged her to explore various technical skills. 

For Ekta, UTG Connect serves as a symbol of the company’s commitment to supporting individual growth within a collaborative environment.

The event is organized to ensure employees are engaged throughout, with time to rest, refuel, connect and get updates on the latest technology implemented in the ServiceNow platform.

Outside the sessions, Ekta had the opportunity to visit technical booths hosted and facilitated by different teams. She was also able to network with colleagues and learn from their experiences in a more informal setting.

“Bringing the team together creates a common place for employees to connect in person. In the new world of work where many employees work remotely, face-to-face conversation and getting to know people on a deeper level in person was meaningful,” she said.

Bringing the team together creates a common place for employees to connect in person. In the new world of work, face-to-face conversation and getting to know people on a deeper level in person was meaningful.”

For Ekta, having the chance to connect with her colleagues reinforced the power of ServiceNow’s culture and sparked her ambitions to continue to grow with the company.

“Everyone here works on the principle of winning as a team and constantly seeks ways to be helpful. My team members’ humble nature brings confidence in a newcomer like me to ask them any questions,” she said. “I am continuously evolving as a software engineer, and I am learning many technical skills by being on a team with many experienced people.”

Roja Puppala’s journey with ServiceNow began in March 2022, after having been drawn to the company by its stellar reputation and innovative products. She soon fell in love with the flourishing culture, where creativity was celebrated and new ideas were welcomed with open arms.

“The work environment here is simply incredible — a perfect blend of vibrancy and dynamism,” she said. “It motivates me to provide my best every day and be a part of the positive impact ServiceNow makes.”

Our vibrant and dynamic culture motivates me to provide my best every day and be a part of the positive impact ServiceNow makes.”

Roja’s growth at ServiceNow was powered by her involvement with UTG Connect. She became a key player in organizing UTG Connect — India, collaborating with multiple leaders and stakeholders across the company and expanding her horizons.

“The event planning team goes above and beyond their regular work roles to ensure its success,” she said. “Whether it’s learning sessions, experience demos, tech activations or culture showcases, they do their best to enhance the experience for all attendees. They willingly offer support to their colleagues and take on additional responsibilities to win as a team.”

Working on the event allowed her to gain insights into the company’s developments and innovations while flexing her own skills to support her team. The event served as a platform for showcasing innovations, strengthening bonds within the organization and fostering connections that transcend geographical boundaries.

“As an operations professional, enabling teams brings me immense joy, and UTG Connect presented a tremendous opportunity to do just that,” she said. “Being empowered and encouraged to bring out our creative best is something I value greatly, and here, it’s an integral part of the work ethos. What’s even more inspiring is how receptive everyone is to new ideas, and we’re given the freedom to operate and excel.”

Sangita Pathak joined ServiceNow in July 2018, attracted by the exceptional people who make up its workforce. Ever since, she has been captivated by ServiceNow’s unique blend of executing with heart and a focus on innovation.

As someone who has attended UTG Connect events in different regions around the world, Sangita’s favorite aspect is the energy and excitement brought by ServiceNow’s teams. The events provide a platform for engineering teams to meet in person, fostering connections and boosting innovation.

“UTG connect events enable engineering teams across the world to actually meet each other and see what their teammates are building,” she said. “They serve as a real connection builder and innovation booster. I have heard so many stories about how people met their team members for the first time or attended a talk in person from someone they had only heard of. But simply walking the hallways, attending the sessions and learning about our teammates is my favorite thing about the event. It’s a gift and privilege that we should cherish.”

According to Sangita, UTG Connect contributes significantly to professional growth and development within ServiceNow.

“Connect helps break siloes, create visibility, create belonging and allow teams to refresh and recharge while inspiring their continued innovation,” she said.

Connect helps break siloes, create visibility, create belonging and allow teams to refresh and recharge while inspiring their continued innovation.”

Sangita is excited about ServiceNow’s future and her career within the company. She feels privileged to work for an organization that navigates the technology landscape boldly and invests in future technology.

“We love what we do and it shows,” Sangita said.

And across ServiceNow’s tech teams, no event reveals that more than UTG Connect.

Bringing Equity to Implementation

Implementation science—the study of the uptake, scale, and sustainability of social programs—has failed to advance strategies to address equity. This collection of articles reviews case studies and articulates lessons for incorporating the knowledge and leadership of marginalized communities into the policies and practices intended to serve them. Sponsored by the Anne E. Casey Foundation

View the digital edition and download the PDF.

DevOps teams rely more on AI-coding assistants to boost team productivity by automating coding tasks with only the most conscientious scanning final code for security flaws, Forrester warns in their 2024 cybersecurity, risk, and privacy predictions. 

The research and advisory firm predicts inconsistent compliance and governance practices combined with many Devops teams experimenting with multiple AI-coding assistants simultaneously to increase productivity will lead to flawed A.I. code responsible for at least three publically-admitted breaches in 2024. Forrester also warns that A.I. code flaws will pose API security risks. 

AI-coding assistants are redefining Shadow I.T. 

49% of business and technology professionals with knowledge of AI-coding assistants say their organizations are piloting, implementing, or have already implemented them in their organizations. Gartner predicts that by 2028, 75% of enterprise software engineers will use A.I. coding assistants, up from less than 10% in early 2023.

Devops leaders tell VentureBeat it’s common to find multiple AI-coding assistants being used across teams as the pressure to produce a high volume of code every day is growing. Tighter timelines for more complex coding combined with the proliferation of over 40 AI-coding assistants available is leading to a new form of shadow I.T. where Devops teams switch from one A.I. assistant to another to see which delivers the highest performance for a given task. Enterprises are struggling to keep up with the demand from their Devops teams for new AI-coding tools approved for use corporate-wide.  

AI-coding assistants are available from leading A.I. and LLM providers, including Anthropic, Amazon, GitHub, GitLab, Google, Hugging Face, IBM, Meta, Parasoft, Red Hat, Salesforce, ServiceNow, Stability AI, Tabnine, and others.    

CISOs face a challenging balancing act in 2024 

Forrester’s cybersecurity, risk, and privacy predictions reflect a challenging year ahead for CISOs who will need to balance the productivity gains generative A.I. provides with the need for greater compliance, governance, and security for A.I. and machine learning models under development. 

Getting compliance right will be essential for protecting intellectual property, the one asset no one wants to put at risk despite the stepwise gains generative A.I. is delivering today. 

How well a CISO and their teams can triangulate innovation, compliance, and governance to provide their companies a competitive advantage in 2024 will be more measurable in 2024 than any previous year. Generative A.I.’s productivity gains balanced against risks, and the need for reliable guardrails will be a key issue every CISO will likely deal with next year, too.

The goal: Achieve A.I.’s innovation gains while reducing risk

Forrester’s cybersecurity, risk, and privacy predictions for 2024 guide every organization on achieving greater A.I. innovation gains while reducing the risks of human- and code-based breach risks. Taken together, they reflect how urgent it is to get compliance, governance, and guardrails for new A.I. and ML models right first, so the productivity gains from generative AI-based coding and devops tools deliver the greatest benefit at the lowest risk. 

“In 2024, as organizations embrace the generative A.I. (genAI) imperative, governance and accountability will be a critical component to ensure that A.I. usage is ethical and does not violate regulatory requirements,” writes Forrester in their cybersecurity predictions. “This will enable organizations to safely transition from experimentation to implementation of new AI-based technologies,” the report continues. 

Forrester’s 2023 data shows that 53% of A.I. decision-makers whose organizations have made policy changes regarding genAI are evolving their A.I. governance programs to support A.I. use cases.

The following are their predictions for 2024: 

Social engineering attacks soar as attackers find new ways to use generative AI

FraudGPT was just the start of how attackers will weaponize generative A.I. and go on the offensive. 2024 will see social engineering attacks soar from 74% of all breach attempts to 90% next year. Forrester warns they’re seeing the human element be more attacked than ever. 

That’s sobering news for an industry where some of the most devastating ransomware attacks in 2023 started with a phone call. Existing approaches to security awareness training aren’t working. Forrester makes the point that what’s needed is a more data-driven approach to behavior change that quantifies human risk and provides real-time training feedback to employees and perceptual gaps they may have in identifying threats.

Merritt Baer, field CISO of Lacework, told VentureBeat: “Tech is built by humans, for humans. It is no longer good enough to blame ‘the human element’ for security breaches. If you are using fine-grained logical and perimeter-based controls around your security and identity; if you are doing good governance around continuous pruning and creating ‘paved roads’ for folks to make the secure thing to do, the easy thing to do; if you are templatizing environments and using ephemerality as a security benefit; if you are noting anomalies to intelligently refine those permissions; then, we see less entry for human error.”

Baer further observed that “to err is human; to secure environments is not for the divine, but for practitioners who get better over time.”

Cyber insurance carriers will tighten their standards, red-flagging two tech vendors as high risk

Combining greater real-time telemetry data and more powerful analytics and genAI tools to analyze it will provide insurance carriers the visibility they’ve needed for years to reduce their risks. Forrester observes that insurance carriers will also have more insights from security services and tech partnerships and more data-driven insights, including forensics from insurance claims. 

Given the growing number and severity of massive one-to-many breaches like MOVEit, Forrester predicts security vendors will be assessed by risk scoring and calculations that will also be used for calculating insurance premiums of their customers seeking coverage.

Expect to see a ChatGPT-based app fined for mishandling personally identifiable information (PII)

Implicit in this prediction is how vulnerable identity and access management (IAM) systems are to attack. Active Directory (A.D.) is one of the most popular targets of any identity-motivated attack. Approximately 95 million Active Directory accounts are attacked daily, as 90% of organizations use the identity platform as their primary authentication and user authorization method. John Tolbert, director of cybersecurity research and lead analyst at KuppingerCole, writes in the report Identity & Security: Addressing the Modern Threat Landscape: “Active Directory components are high-priority targets in campaigns, and once found, attackers can create additional Active Directory (A.D.) forests and domains and establish trusts between them to facilitate easier access on their part. They can also create federation trusts between entirely different domains.”

Forrester notes that OpenAI continues to receive more regulatory scrutiny with the ongoing investigation in Italy, and lawyers in Poland are dealing with a new lawsuit for several potential GDPR violations. As a result, the European Data Protection Board has launched a task force to coordinate enforcement actions against OpenAI’s ChatGPT. In the U.S., the FTC is also investigating OpenAI. While OpenAI has the technical and financial resources to defend itself against regulators, other third-party apps running ChatGPT do not. 

Senior-level zero-trust roles and titles will double across the global public and private sectors

Currently, there are 92 zero trust positions available in the U.S. advertised on LinkedIn and 151 worldwide. Forrester’s optimistic forecast of zero trust position growth doubling in the next twelve months is supported by the broader adoption of the NIST Zero Trust Architecture framework across their client base. Forrester predicts zero trust adoption will also increase demand for cybersecurity professionals with engineering, governance, strategy, and leadership expertise. These positions will sit within federal agency security organizations and become a staple of the staffing and services for firms that augment those agency functions and the private sector enterprises responsible for supporting 85% of the U.S.’s critical infrastructure. Forrester advises their clients to prepare by reviewing the requirements for a zero-trust role at their organizations and identifying a cohort of individuals to pursue Zero Trust certifications.