Common use of PROTECTION OF CUSTOMER DATA AND DATA SECURITY Clause in Contracts

PROTECTION OF CUSTOMER DATA AND DATA SECURITY. 2.1 During the Subscription Term, a description of the data security provisions for the Connected Operations Product is specified in the ServiceNow Connected Operations Security Guide, attached hereto and incorporated herein as Attachment A. The Connected Operations Security Guide replaces and supersedes all terms and conditions related to data security in the existing Agreement as it relates to the Connected Operations Product. 2.2 During the Subscription Term, references to the “Data Security Addendum” or “DSA” or “Data Security Guide” or “DSG” (collectively, the “DSA”) in the Data Processing Agreement (“DPA”) shall instead refer to the ServiceNow Connected Operations Security Guide described in Section 2.1 above, except as modified as follows: a. Reference to Section 3 (Physical, Technical and Organizational Security Measures) in the DPA shall refer to Section 2 (Physical, Technical and Administrative Security Measures) in the ServiceNow Connected Operations Security Guide. b. All references in the DPA regarding breach or Breach notifications (as defined in the DSA) shall be replaced with the following: “ServiceNow will report to Customer any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data without undue delay following determination by ServiceNow that a Breach has occurred.” 3.3 Notwithstanding anything to the contrary in the DPA, ServiceNow Inc., ServiceNow Nederland B.V., ServiceNow Australia Pty Ltd, ServiceNow Software Development India Private Limited, ServiceNow UK Ltd, ServiceNow Ireland Limited, ServiceNow Japan G.K., Microsoft Corporation (and any further sub-processors appointed by Microsoft) are added to the list of pre-approved sub-processors between ServiceNow and Customer for the Connected Operations Product. This ServiceNow Connected Operations Data Security Guide (“Connected Operations DSG”) describes the measures ServiceNow takes to protect Customer Data (as applicable and as defined in the applicable Agreement) within the Connected Operations Product. In the event of any conflict or ambiguity between the terms of this Connected Operations DSG and the terms of the Agreement, this Connected Operations DSG shall control for the Connected Operations Product. All capitalized terms not defined in this Connected Operations DSG will have the meaning given to them in the Agreement and the Addendum, as applicable.

PROTECTION OF CUSTOMER DATA AND DATA SECURITY. 2.1 During the Subscription Term, a description of the data security provisions for the Connected Operations Product is specified in the ServiceNow Connected Operations Security Guide, attached hereto and incorporated herein as Attachment A. The Connected Operations Security Guide replaces and supersedes all terms and conditions related to data security in the existing Agreement as it relates to the Connected Operations Product. 2.2 During the Subscription Term, references to the “Data Security Addendum” or “DSA” or “Data Security Guide” or “DSG” (collectively, the “DSA”) in the Data Processing Agreement (“DPA”) shall instead refer to the ServiceNow Connected Operations Security Guide described in Section 2.1 above, except as modified as follows: a. Reference to Section 3 (Physical, Technical and Organizational Security Measures) in the DPA shall refer to Section 2 (Physical, Technical and Administrative Security Measures) in the ServiceNow Connected Operations Security Guide. b. All references in the DPA regarding breach or Breach notifications (as defined in the DSA) shall be replaced with the following: “ServiceNow will report to Customer any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data without undue delay following determination by ServiceNow that a Breach has occurred.” 3.3 2.3 Notwithstanding anything to the contrary in the DPA, ServiceNow Inc., ServiceNow Nederland B.V., ServiceNow Australia Pty Ltd, ServiceNow Software Development India Private Limited, ServiceNow UK Ltd, ServiceNow Ireland Limited, ServiceNow Japan G.K., Microsoft Corporation (and any further sub-processors appointed by Microsoft) are added to the list of pre-approved sub-processors between ServiceNow and Customer for the Connected Operations Product. This ServiceNow Connected Operations Data Security Guide (“Connected Operations DSG”) describes the measures ServiceNow takes to protect Customer Data (as applicable and as defined in the applicable Agreement) within the Connected Operations Product. In the event of any conflict or ambiguity between the terms of this Connected Operations DSG and the terms of the Agreement, this Connected Operations DSG shall control for the Connected Operations Product. All capitalized terms not defined in this Connected Operations DSG will have the meaning given to them in the Agreement and the Addendum, as applicable.