...

• When creating a custom table always name it in a singular fashion (u_application_role instead of u_application_roles). ServiceNow will always append a 'u_' before any custom created fields or tables, except when creating a custom application.

List Layout

• Use the record number or other unique information as the first column.
• When designing a list, avoid using reference fields in the first column. If possible, use the string field that defines the list, for example, the item number, name, or ID. If the record does not have a string field, consider using a date field, such as the date the record was created or updated.
• Avoid displaying fields with long values in list views, including HTML, large text, and journal fields. Some fields, such as work notes, take up more vertical and horizontal space in the list without providing the most essential information.
• Avoid displaying too many field in list views. To save space, limit the number of columns to avoid horizontal scrolling. To enhance the user experience, include only the columns that most users really need to see. Users can personalize their own view of the list without affecting others if they want to add other columns.
• Review the list controls and list UI actions to understand user access: If your list includes list controls or UI actions, review these elements to understand what they do, and who has access to them and under what conditions. By clicking this menu icon or right-clicking the list header, you can personalize the list controls to specify which roles are able to perform these actions.
• Limit the number of records that a list can show per page: Users can specify the number of records listed per page from the menu icon in the title bar. It is best to stick with the base system maximum of 100 rows per page and not make larger numbers available. The more items displayed per page, the longer it takes the system to query the database and render the list. This is especially true if some fields must be calculated, or there are related lists on a form with many records. This results in better performance, and users can still view all items by paging through the list.

...

• Avoid GlideRecord queries in ACL Rules.
• Leverage Data Policy to enforce consistency. Data policies increase the security of UI policies by ensuring that data meets certain requirements regardless of whether the data comes from the UI form or another source, such as a web service, import set, or incoming mail. For example, use a data policy to ensure that incident records always have a short description and category even when the data comes from an integration. Data policies also prevent users from bypassing client-side policies.
• Limit the number of users with the Admin role. Limiting the number of users with the admin role is consistent with the principle of least privilege and helps ensure separation of duties.
• Create Multiple accounts for Administrators. Administrators should have both elevated privileges, and normal ITIL access. This maintains security and minimizes risk of accidental changes (particularly in production instances).
• Frequently Audit the role 'admin' to ensure only the proper people maintain this role. In addition, audit the 'CPP Consultant' group to maintain an up-to-date list of employees engaged in the project.
• *https://hi.service-now.com/kb_view.do?sysparm_article=KB0536146*

Additional Resources

...