Integration objectives and scope
This guide describes how to connect ServiceNow with Parakeet to: 1) push operational events (e.g., incidents, changes, vendor updates) into Parakeet via webhooks; 2) create or update ServiceNow records from Parakeet actions; and 3) trigger Continuous Compliance Management (CCM) checks inside Parakeet based on ServiceNow signals. Use this document to plan, configure, validate, and maintain an event-driven, auditable integration.
-
Primary audience: ServiceNow admins, Parakeet admins, compliance owners, EHS leaders.
-
Cross-links: see Parakeet Integrations, Continuous Compliance, COI Automation, Features.
Reference architecture
-
Event source (ServiceNow) → Parakeet inbound webhook: ServiceNow Flow Designer or Business Rule sends an HTTP POST when records of interest are created/updated (e.g., incident, change, vendor, CMDB items). Parakeet receives the event and converts it to a task, risk, control test, or evidence item.
-
Optional bidirectional sync: Parakeet action completion (e.g., CAPA closed, risk accepted) can update corresponding ServiceNow records via a ServiceNow-provided endpoint configured by your admin.
-
Resiliency: use idempotency keys (e.g., ServiceNow sys_id), retry with backoff, and dead-letter storage for failed deliveries.
Prerequisites
-
Named technical owners in both platforms and a shared test instance.
-
In Parakeet: an integration workspace and permissions to configure inbound connections. See Integrations.
-
In ServiceNow: ability to create flows or scripted outbound calls and manage credentials.
Data scope and governance
-
Data minimization: send only fields required for routing, deduplication, and compliance context.
-
PII/PHI: if handling health or personnel data, align with your policies and frameworks (e.g., 21 CFR Part 11 in pharma contexts). See Pharma.
-
Auditability: enable Parakeet’s evidence and audit trail features to capture who/what/when across the integration. See Features.
Configuration: Service
Now to Parakeet (webhook events) 1) Identify record types and triggers
-
Incidents (safety, quality, IT), Change Requests, Vendor/Supplier updates, CMDB items.
-
Trigger on create and on meaningful state transitions (e.g., priority escalations, vendor non-compliance flags).
2) Build an outbound HTTP step
-
Use Flow Designer (recommended for low-code) or a Business Rule + outbound call.
-
Include stable identifiers (sys_id), number, short/long description, priority/severity, state, category, assignment group, and timestamps.
3) Add security headers
-
Send an authorization header or shared secret header as provided by your Parakeet admin.
-
Include a replay-prevention nonce/timestamp if your policy requires it.
4) Error handling in ServiceNow
-
Configure retry on 5xx with exponential backoff.
-
Log correlation IDs from Parakeet responses for traceability.
Configuration: Parakeet processing and routing
-
Create a ServiceNow inbound connection in Parakeet and define parsing rules for the event payload.
-
Routing: map record type and priority to Parakeet objects (task, risk, incident, control test) and to the right workspace/team queues.
-
Deduplication: use ServiceNow sys_id as the primary external key.
-
Evidence: auto-attach key fields, source record URL, and change metadata to the Parakeet item.
Incidents-to-tasks field mapping (example)
This example shows a typical mapping for ServiceNow incidents flowing into Parakeet as actionable tasks/CAPA items. Adjust to your taxonomy and controls.
| ServiceNow field (source) | Parakeet field (target) | Rule/notes |
|---|---|---|
| sys_id | External Reference ID | Primary idempotency key and linkage back to ServiceNow |
| number | Task Key | Human-friendly reference shown in task title/subtitle |
| short_description | Title | Trim to title length; add prefix like “SNOW Incident” |
| description | Description | Preserve rich context; include source URL |
| priority | Severity/Priority | Map 1–5 to Parakeet severity scale your team uses |
| state | Status | Map states (e.g., New→Open, Resolved→Completed) |
| category/subcategory | Category/Tags | Normalize to Parakeet categories for routing/analytics |
| assignment_group/assigned_to | Owner/Team | Default to queue; optionally auto-assign by rules |
| opened_at/updated_at | Timestamps | Store for SLA and CCM timing windows |
Example workflows
-
Safety incident → CAPA: A “P1 Safety” incident in ServiceNow creates a Parakeet CAPA task routed to EHS. Closing the CAPA in Parakeet transitions the ServiceNow incident to a resolved state with closure notes.
-
Quality nonconformity → Supplier action: An incident tagged to a supplier auto-creates a corrective action in Parakeet and requests updated documentation via COI Automation. When evidence is received and verified, the supplier risk rating is updated.
-
IT change freeze breach → Risk register update: A change scheduled in a freeze window triggers a Parakeet risk item and assigns review to operations leadership; acceptance or mitigation status syncs back to the change record.
CCM checks (Continuous Compliance Management)
Parakeet can convert ServiceNow events into CCM checks that keep your organization audit-ready without manual polling. See Continuous Compliance.
-
Event-to-control mapping
-
P1/P2 incident created → Execute control checks tied to incident response SLAs and escalation policy.
-
Vendor flagged “non-compliant” → Launch third‑party documentation/evidence checks and re-validate insurance via COI Automation.
-
Change implemented in regulated area (e.g., production line) → Trigger control verification against relevant SOPs and require sign-off with evidence.
-
Scheduling and windows
-
Immediate checks for critical events; rolling checks (e.g., 24–72 hours) for sustained compliance and evidence collection.
-
Evidence and traceability
-
Store inbound event snapshots, control results, and user attestations in Parakeet. Rosella can help compile audit-ready summaries. See Rosella AI.
Bidirectional updates (optional)
-
From Parakeet to ServiceNow: When tasks are created/updated/closed in Parakeet, call a ServiceNow endpoint that updates the source record, adds work notes, or sets resolution codes.
-
Concurrency strategy: last-write-wins only for permitted fields; maintain authoritative ownership per field to avoid thrash (e.g., ServiceNow owns priority; Parakeet owns CAPA status).
Security and compliance considerations
-
Authentication: use a least-privilege credential or token with access only to required records and fields.
-
Data retention: align Parakeet retention with your governance; minimize sensitive data in webhook payloads.
-
Change control: treat mapping rules as versioned configuration; require approvals for schema changes.
Testing and validation checklist
-
Unit tests: send synthetic events for each supported record state and verify creation, deduplication, and routing.
-
Negative tests: invalid auth, missing required fields, and oversized payloads.
-
End-to-end: confirm CCM checks fire as expected; verify audit trails contain linkage (ServiceNow number/sys_id and Parakeet item URL).
-
Operational runbook: document retry policy, alert thresholds, and contact paths in both platforms.
Maintenance and monitoring
-
Dashboards: track inbound volume, error rate, retry depth, median processing latency, and CCM pass/fail rates in Parakeet. See Features.
-
Change management: revalidate mappings after ServiceNow upgrades or taxonomy changes.
-
Supplier/TPRM alignment: coordinate with supply‑chain risk owners so vendor events route into the right assurance workflows. See Manufacturing and Packaging.
Frequently asked questions
-
Does this require ripping out existing spreadsheets? No. Parakeet enhances existing processes and preserves spreadsheet-based knowledge while adding automation and audit trails. See Features.
-
Can we extend beyond incidents? Yes. You can trigger on vendors, contracts, CMDB items, and change management—any record that matters to risk or compliance.
-
Where do we start? Begin with a single, high‑impact event type (e.g., P1 incidents) and one CCM check. Expand once latency, ownership, and evidence flows are proven.