CCDT0026 Presented at ServiceNow's Knowledge 19 Conference Session Description: Customization: the most dreaded word on the ServiceNow Platform. But what exactly makes a configuration a configuration and a customization a customization? The rules aren't always clear. In this session, we will move beyond the traditional argument and instead explore criteria by which we can properly assess the risk of an implementation choice. Objective: To teach developers and implementers how to properly evaluate the risk of an implementation decision rather than rely on definitions of configuration and customization.

1. Which is it?
Configuration vs. Customization
Sr. Architect,
GlideFast Consulting
Travis Toulson

2. 2 © 2019 ServiceNow, Inc. All Rights Reserved.
Safe harbor notice for forward-looking statements
This presentation may contain forward-looking statements. These statements are intended to be covered by
the safe harbor provisions contained in the U.S. Private Securities Litigation Reform Act of 1995. These
statements reflect the current beliefs of ServiceNow and are based on current information available to the
company as of the date hereof. ServiceNow does not assume any obligation to update the forward-looking
statements provided to reflect events that occur or circumstances that exist after the date on which they
were made. The forward-looking statements in this presentation are subject to various risks and
uncertainties that could cause actual outcomes and results to differ materially and adversely from those
expressed in such forward-looking statements. Further information on factors that could affect the
company’s financial and other results is included in the filings we make with the Securities and Exchange
Commission from time to time, including those discussed in our most recent Annual Report on Form 10-K.
The information in this presentation on new offerings, features, or functionality is intended
to outline our general product direction and should not be relied upon in making a purchasing decision.

3. The official guidance

4. 4 © 2019 ServiceNow, Inc. All Rights Reserved.
ServiceNow’s KB0553407
A Customization is any change to code
that is part of the baseline install of a
ServiceNow instance.

5. 5 © 2019 ServiceNow, Inc. All Rights Reserved.
Examples
Customization
• Modify Service Catalog checkout page UI
Macro
• Building a new “custom”
feature into the product
(e.g., custom applications,
third-party widgets, etc.)
Configuration
• UI Policy to make fields mandatory
• Modifying the Form and List Layout
• Installing a Plugin
• Modifying System Properties

6. Would you like to play a game?
Configuration or Customization?

7. 7 © 2019 ServiceNow, Inc. All Rights Reserved.
Is it a Configuration or Customization?
1 ServiceNow Admin adds the Description field to the Incident form

8. 8 © 2019 ServiceNow, Inc. All Rights Reserved.
Configuration!
How we know
• No code involved
• Form and list view changes
are Configuration

9. 9 © 2019 ServiceNow, Inc. All Rights Reserved.
Is it a Configuration or Customization?
2 A new customer on a Geneva instance builds new widgets using Jelly UI Macros
for their CMS

10. 10 © 2019 ServiceNow, Inc. All Rights Reserved.
Customization!
On the other hand
• In Geneva, a baseline CMS without
Customization would have been broken
due to a Known Error with iFrame sizing
• This Known Error would not be fixed until
halfway through the Istanbul upgrade cycle
• Customers were still using the custom
iFrame resize script on CMS well into
Jakarta due to on and off errors with the
baseline fix
How we know
• Code change is required
• Jelly is XML-based code in ServiceNow
similar to the Catalog checkout page
example

11. 11 © 2019 ServiceNow, Inc. All Rights Reserved.
Is it a Configuration or Customization?
3 A Service Portal Developer tailors a Theme and modifies cloned widgets to support corporate branding,
accessibility, and style guide standards

12. 12 © 2019 ServiceNow, Inc. All Rights Reserved.
Customization!
On the other hand
• Service Portal was designed so that cloning
a widget does not cause skipped upgrades
• Can you really imagine only changing the
logo, the logo position, some text colors,
button colors, and the nav bar?
How we know
• Code change is required
• Portal Themes especially pose risk for
breaking between versions
• ServiceNow Docs encourage using CSS
Variables to override Bootstrap styles first

13. 13 © 2019 ServiceNow, Inc. All Rights Reserved.
Is it a Configuration or Customization?
4
A ServiceNow customer implements Test Management in Jakarta as part of PPM;
as part of the implementation, the customer adds some form fields, builds out reporting, dashboards,
and notifications investing in the tool

14. 14 © 2019 ServiceNow, Inc. All Rights Reserved.
Configuration!
On the other hand
• Test Management 2.0 was released in
London using a completely different set of
modules leaving
the customer in question as to future
support
• A hard decision was faced to remain on
Test Management or reimplement on Test
Management v2
• In this case, Configuration failed
to prevent reimplementation
How we know
• No code involved
• Once again we are configuring form views
• Additionally, we are building reports and
dashboards which are all supported
Configurations

15. Wow, this game got dark real fast!
Sorry about that…

16. 16 © 2019 ServiceNow, Inc. All Rights Reserved.
Awesome framed poster in my living room
Everything in life that matters
requires risk.

17. Managing Implementation Risk

18. 18 © 2019 ServiceNow, Inc. All Rights Reserved.
Project Management Body of Knowledge
A risk is an uncertain event or condition
that, if it occurs, has a positive or negative
effect on a project's objectives

19. 19 © 2019 ServiceNow, Inc. All Rights Reserved.
Step 1: Identify the risk
Opportunities (Positive Risk)
• Reduced costs
• Creation of additional revenue
• Mitigation or avoidance of other
organizational risks
• Increased process transparency
Threats (Negative Risk)
• YOU are responsible for maintaining the
code
• Delayed upgrades: Future ServiceNow
upgrades can be skipped or broken
• Unable to use new ServiceNow applications
or features
• Worst case: Z-Boot, Reimplementation, or
Multiple Instances

20. 20 © 2019 ServiceNow, Inc. All Rights Reserved.
Identifying Threat Sources
• Changing out-of-box records (even the active flag)
• Changing newly implemented apps or behaviors
• Changing frequently updated apps or behaviors
• Using non-standard APIs
• Using APIs in non-standard ways
• Modifying default or designed behavior
• Imitating behaviors that exist in other application
• Remember: Any record that can be influenced directly or via dependency by both you and ServiceNow is a
threat to your implementation.

21. 21 © 2019 ServiceNow, Inc. All Rights Reserved.
Step 2: Assess the risk
Rating Probability Severity (threat) Severity (opportunity)
1
Rare or very unlikely to
happen
Minimal maintenance is required to
maintain business operation
Minimal impact to users;
functionality is easily
replaced or ignored
2 Possible
Moderate maintenance will be required
or current business processes may
require change
Moderate impact to user;
functionality will noticeably
improve processes
3
Likely or almost certain
to happen
Severe maintenance required, potential
z-boot risk, or significant loss of business
functionality
Severe business impact;
functionality is likely mission critical
or of measurable impact to key
metrics

22. 22 © 2019 ServiceNow, Inc. All Rights Reserved.
Step 3: Plan risk response
Strategies for opportunities
• Exploit: Take action to maximize the upside
of the opportunity
• Share: Work with ServiceNow or a Partner
to devise the best way of achieving the
opportunity
• Enhance: Take action to increase the
likelihood of successfully realizing the
opportunity
• Accept: Still do nothing and hope for the
best
Strategies for threats
• Avoid: Devise a different implementation to
remove the cause of the risk
• Transfer: Engage with a ServiceNow Partner
to collaborate on upgrades and
maintenance
• Mitigate: Take action to limit the probability
or severity of the risk
• Accept: Do nothing and hope for the best

23. 23 © 2019 ServiceNow, Inc. All Rights Reserved.
• Use Scoped Applications
• Use new tables to compose behavior onto existing tables
• Extend tables if composition won’t work—provides better isolation than nothing
• If you have to, modify existing records in place
– Inactivate the existing and create a new record is no longer the published best practice
• Record your Customizations somewhere!
– Make customizations easy to identify
Remember: The keys to mitigating threats in ServiceNow customization are isolation and limiting
dependencies
Avoidance is not the only strategy!

24. 24 © 2019 ServiceNow, Inc. All Rights Reserved.
Step 4: Make a decision
• For a given solution, assess the Risk Score for
Threats and Opportunities
• (Probability * Severity) / 3 = Risk Score
• Plot the Threat Risk Score vs. the Opportunity
Risk Score on the matrix
• You can average the Risk Scores,
use the Maximum of each, use a more robust
aggregate, or SWAG it
Opportunity
High
Medium
Low
Low Medium High
Threat

25. 25 © 2019 ServiceNow, Inc. All Rights Reserved.
Your Risk Gradient may varyOpportunity
Threat
Opportunity
Threat
Opportunity
Threat

26. 26 © 2019 ServiceNow, Inc. All Rights Reserved.
Risk Management Process Recap
Identify the risk
• Identify the risks
and risk sources
• Identify both positive and
negative risks
Assess the risk
• Evaluate the probability
(likelihood)
and severity
(consequence)
Plan risk response
• Take action to minimize
the negative risks
and maximize
the positive
Make a decision
• To implement or
not to implement, that is
the question

27. 27 © 2019 ServiceNow, Inc. All Rights Reserved.
Key takeaways
1 2 3
Every ServiceNow choice involves
risk.
Debating Configuration
vs. Customization is of limited
use.
Use a Risk Management process
to make
better decisions.

29. 29 © 2019 ServiceNow, Inc. All Rights Reserved.
Tell us what you think!
Find the app in the Apple App Store or
Google Play Store by searching for
ServiceNow Events.
Give us your feedback and
submit the survey.

30. Thank you
https://glidefast.com
https://codecreative.io