Sofi Architecture and Security

This page provides a high-level overview of the architectural approach employed by the platform.

The Sofi Service Agent Assistant and Virtual Agent modules for ServiceNow provide a set of services that allow ServiceNow to leverage the cognitive ability of the Platform.

Architecture Overview

The platform currently runs entirely out of the Amazon AWS DataCentres. All services are single tenanted, highly available and secure.

All services run within an Amazon Virtual Private Cloud (VPC), with no servers or services being directly routable from the internet.

Client connectivity (from your ServiceNow instance to the services) is subject to extremely strict IP restrictions (i.e. the ServiceNow Sydney and Brisbane DataCentre egress addresses only), and are further protected by AWS Application Gateways.

Management access is strictly controlled and via VPN only.


Servicely High-level Architecture


Sofi servers never call into your ServiceNow system, meaning there are no integration accounts to configure or ServiceNow security credentials to manage.

Communications are always initiated from your ServiceNow instance and tunnelled over HTTPS.

End users communicate exclusively with your ServiceNow instance: meaning no corporate firewall configuration or browser cross-site restrictions.

  • all communications encrypted by HTTPS

  • users communicate only with your ServiceNow instance

  • we never call into your ServiceNow instance

  • no ServiceNow integration accounts to manage

  • no firewalls rules to configure

  • no cross-origin security issues

Client Interaction

Virtual Agent

The Sofi Virtual Agent module for ServiceNow integrates seamlessly with your existing ServiceNow Service Portal (or CMS).

The Virtual Agent interface performs all communication via your ServiceNow instance, allowing ServiceNow to participate in the discussion at all times.

The chat module provides a number of ServiceNow integration points, allowing for complex interactions between the end user, ServiceNow and Sofi.

These integration points can easily be configured to allow ServiceNow and the Sofi chat backend to work seamlessly together, while retaining control of sensitive data and workflows within ServiceNow.


Sofi Virtual Agent Client Interaction

Service Agent Assistant

Email, self-service, call center or integration: end users continue to use your existing channels to interact with ServiceNow.

When requested, the Intelligent routing module will perform a simple HTTPS request to the REST service.

If the client is using the service interactively (i.e. either self-service or agent forms), the request will be relayed and processed by ServiceNow.

For email or integration requests, the ServiceNow module will asynchronously request the routing information using the same REST/HTTPS service.


Sofi Service Agent Assistant Client Interaction Model

  • Clients interact with ServiceNow using the Web interface, sending an email or phoning the call centre
  • The Sofi Intelligent Prediction (Classifier) module for ServiceNow extracts the natural language query from the email/request and issues a request to the classifier service
  • The Sofi Intelligent Prediction (Classifier) service queries the learning engine and returns the results to the ServiceNow instance for processing

Prediction and Search Model Training

Selected information is sent from your ServiceNow instance to the Sofi platform to allow classification, deep analysis, and linking.

The Sofi Intelligent Prediction module provides tools to define which data is used for training and also provides the ability to redact portions of the data before being sent to the Sofi backend for processing.

For deep-analysis and analytics, it is recommended that the training data be stored in its original form. Access to the original text allows for incremental model changes and facilitates analysis of query results.

If only the Intelligent prediction component is used, it is possible to store only the word elements in vector format (i.e. the original text is not retrievable).

We still recommend storing the training data to support incremental model refinements and analysis of query results. Without the stored training data, model adjustments require complete re-training from the ServiceNow data and analysis of query results becomes difficult.

  • Training is initiated by an administrator or business analyst, from the ServiceNow instance.
  • The Sofi module for ServiceNow bundles up the the training records, classifications and historical data from the ServiceNow instance and begins to prepare the data for presentation to the platform.
  • The Sofi module sends the data from the previous step to the Sofi platform.
  • The Sofi platform analyses the data, transforms it, and passes the data to the Machine Learning engine.

Data and Security

Our infrastructure runs on top of Amazon Web Services (AWS). We can deploy our infrastructure to any AWS region which supports Amazon VPC, to keep your data close.

We are currently operating out of the AWS Sydney datacenters.

We understand that security and data sovereignty are critical to your business, and we take protection of your data very seriously.

We adhere to industry best practices to keep your data safe, and welcome more detailed discussions on your specific requirements.

  • all communications encrypted by HTTPS
  • very restrictive IP filters allow access only to trusted networks
  • ServiceNow DataCentre and Management Networks allowed
  • all application services on isolated private networks (Amazon VPC)

Security FAQ

Q: What is the communication between the ServiceNow instance and the Sofi instance?

A: All communication between your ServiceNow instance and the Sofi backend is over secure SSL, using token based authentication. Communication to Sofi is IP Address limited to only accepts request from ServiceNow.

Q: Is the data encrypted at rest?

A: Yes, all customer data is encrypted at rest.

Q: Do you conduct independent 3rd party penetration testing and security assessments?

A: Soapbox performs regular penetration testing by external 3rd party security specialist.

Q: Are you datacentre ISO27001 certified?

A: Yes, we only user IS0270001 certified datacentres.

Q: What ServiceNow data is used by Sofi?

A: Sofi requires historical data to train our predictive natural language classifiers. For Incident records, the data required is typically limited to Short Description, Category, Sub-Category and Assignment group. For Intelligent Search, selected knowledge articles are required. Sofi does not pull any data from your ServiceNow instance. Your ServiceNow Administrator controls which fields (data) you would like to use and initiates the training process. All of this is done via the ServiceNow interface.

Q: Can you redact data like credit card numbers prior to sending to Sofi?

A: Yes, Sofi provides the ability to pre-process using regex prior to synchronising the data.

Q: Do you enforce ServiceNow security when displaying knowledge articles i.e. limit visibility based on security in ServiceNow?

A: Yes, Sofi passes all requests through ServiceNow prior to displaying results. Sofi has been architected to allow ServiceNow to control security permissions. Sofi passes all requests via ServiceNow.

Q: What happens to my data at the end of my trial period?

A: All customer data is deleted at the end of the trial period, this includes any configuration changes that may have been made during the trial. The trial environment is then decommissioned. This does mean if you wish to extend your trial you need to contact us prior to the trial end date and request an extension.