"Compliance is a cost center and slows us down." We think that's backwards. Our CEO, Tom Thomson, sat down to make the opposite case: compliance, run the right way on @ServiceNow , becomes a competitive edge, especially now with the additions of @ArmisSecurity and @vezainc. The conversation digs into AI compliance and what changes when governance lives inside ServiceNow instead of scattered across spreadsheets. A first look below. Full conversation coming soon. Thanks to the BrightTALK team.

Every federal agency just got a new compliance clock, and most don't know it started. On May 22, OMB released M-26-14, replacing the federal logging directive that has driven agency security spending for years. The old approach of hoarding raw log data with no operational purpose is officially dead. The new mandate: risk-based, prioritized logging built around real-time monitoring and threat response. Once CISA publishes the Logging Reference Architecture, agencies face hard deadlines: → 90 days: Submit an Agency Logging Plan → 120 days: 70% of IT, OT, and IoT assets inventoried → 180 days: 80% with daily inventory updates → 320 days: 90% inventory with 70% tuned alert coverage The part most teams will underestimate: maturity is scored on a lowest-watermark basis. One weak element drops the entire agency rating to Level 0. Partial credit does not exist. Everything in this memo rests on one prerequisite many agencies have not met: a complete, continuously verified asset inventory across IT, IoT, and OT. @ServiceNow 's acquisition of @ArmisSecurity addresses that visibility layer directly. But visibility alone is not compliance. Agencies still need security incident response, vulnerability management, and continuous monitoring operationalized on the same platform. That is where we come in. @c1_secure builds the operational backbone on ServiceNow that makes programs secure by design. If your team is planning around this, let's connect. Comment "OMB" below to learn more!

Open an attestation record. Ask the AI to explain the control. Get back an evidence-grade response that holds up under audit. That is the SmartAI Compliance Analyst, the first reasoning worker shipping on SmartWorks, our governed AI platform on @ServiceNow. SmartWorks is a governed AI hub on ServiceNow with support for multiple AI providers, configurable table-level access controls, and full tracking of every action, tool invocation, and table touch on the platform. The Compliance Analyst is the first of what we are calling SmartWorks SmartAI Analysts: role-scoped, record-embedded reasoning workers built to compose into ServiceNow's Autonomous Workforce. It reasons across NIST, CMMC, FedRAMP, SOC 2, ISO, HIPAA, PCI, and more, all governed by AI Control Tower and activated through SmartAI Ops. Our Analysts are complementary to ServiceNow AI Specialists, not parallel. Specialists run the operational workforce. Our Analysts run the reasoning workforce, producing work that holds up outside the platform. The Compliance Analyst is one of many, and the catalog underneath is broader than what we are showing today. This is our third release in three weeks. Three weeks ago we shipped SmartAI Ops, giving CIOs and CFOs visibility into AI operations paired with ServiceNow AI Control Tower. Last week, SmartReady, release assurance with App Passports for every AI-built and business-built app heading to production. Today, SmartWorks and the SmartAI Compliance Analyst. More coming.

Biggest Knowledge yet for C1Secure. Partner of the Year award, a product launch, and a platform direction from @ServiceNow that lines up with everything we are building. #ServiceNow #Knowledge2026 #K26 #C1Secure

This week we joined @ServiceNow for an AI Control Tower Deep Dive Workshop on governing AI and delivering value safely. C1Secure 's focus: extending AICT with the layer that converts governance intent into an executable program. #AIControlTower #AIGovernance #C1Secure #Servicenow

The biggest drain on GRC is translation. The back-and-forth between owners and reviewers over control objectives stalls progress for weeks. C1 SmartCompliance Suite on @ServiceNow bridges this gap, moving to a standard of continuous assurance. #GRC #AI #ServiceNow #C1Secure

FedRAMP ConMon is stuck in the past. 🕰️ C1 SmartConMon 20x brings it to the future: ⚡ Automates POAM FIIW ⚡ Delivers machine-readable KSMs ⚡ Cuts reporting time by 80% Ready to leave manual ConMon behind? Comment "C1" to request a demo. #FedRAMP #SmartConMon #C1Secure

Just wrapped the ServiceNow AI Summit in Atlanta Proud to sponsor and even prouder of the C1Secure team that makes it easy to showcase how we’re driving AI-powered automation, security, and compliance forward On to what’s next 📈 #ServiceNow #AISummit #AI #Automation #C1Secure

FedRAMP 20x just raised the bar. Spreadsheets won’t cut it anymore. C1 SmartConMon 20x automates ConMon reporting, delivers machine-readable KSMs, and gets you audit-ready in days... not months. Post a reply if you're interested in learning more ⬇️ #FedRAMP #Cybersecurity

Manual compliance reviews take days or even weeks. SmartAttestation Review on @ServiceNow does it in minutes. Lower costs. Eliminate bottlenecks. Focus on high-risk issues. #Compliance #AuditReady #ServiceNow #RiskManagement #ServiceNow #AI #C1Secure

Update sets shouldn’t be a black box. If your team is still manually digging through XML… you're wasting more than time. SmartBuild Studio gives you visibility, automation, and platform intelligence—natively in ServiceNow. Here's how it works: #SmartBuild #ServiceNow #DevOps