Frequently Asked Questions

OrynIQ is a Platform Health as a Service (PHaaS) platform built specifically for ServiceNow environments. It connects to your ServiceNow instance via OAuth, runs a deep automated health assessment across 450+ checks, and delivers findings, financial impact estimates, and a prioritized remediation roadmap — all from a single platform.

It is used by ServiceNow platform owners and IT leaders to continuously monitor platform health, reduce technical debt, and communicate risk and ROI to business stakeholders.

OrynIQ is built for enterprise organizations running ServiceNow who want a clearer, more actionable picture of their platform's health. Specifically:

• ServiceNow Platform Owners and Architects who need continuous visibility into platform debt, upgrade risk, CMDB quality, and automation health.
• IT Directors and CIOs who want a quantified, business-ready view of platform risk and ROI — without needing to read raw scan output.

ServiceNow's Instance Scan is a useful starting point, but it has several limitations OrynIQ is designed to address:

• No financial context. Instance Scan surfaces findings but doesn't translate them into business impact, cost, or ROI estimates.
• No AI investigation layer. There is no conversational agent to help you interpret findings, cross-reference results, or propose and apply remediations.
• No trend tracking or scoring. OrynIQ maintains historical scan data and computes a domain-weighted health score over time, showing you whether the platform is improving or degrading.
• No deliverable-ready reporting. OrynIQ generates executive PDF reports ready for stakeholder delivery — Instance Scan produces an internal data table.
• External perspective. OrynIQ connects via OAuth from outside the instance, which means it works across multiple instances and doesn't require any installed scoped app.

No. OrynIQ is entirely external. It connects to your ServiceNow instance over HTTPS using the standard Table API — the same API ServiceNow exposes by default. No scoped app, plugin, or update set is required in your instance.

The only setup required on the ServiceNow side is creating an OAuth application registry and a service account with appropriate read (and optionally write) permissions.

OrynIQ is not currently listed on the ServiceNow Store, as Logan Poynter LLC is not a Build partner at this time. However, becoming a fully native ServiceNow application is on the roadmap depending on successful launch and adoption.

In the meantime, OrynIQ connects externally via standard OAuth 2.0 and the Table API — the same APIs available on every ServiceNow instance — so there is no dependency on Store certification to get full value from the platform today.

OrynIQ uses OAuth 2.0 (Authorization Code flow) via ServiceNow's built-in OAuth provider. You create an OAuth application registry in your instance and provide OrynIQ with the Client ID and Client Secret. OrynIQ uses these to request an access token on your behalf, then queries the Table API for health check data.

All credentials are encrypted at rest using AES-256-GCM and are decrypted only in memory at the moment of an API call. They are never logged or exposed in plaintext.

For read-only scanning and health checks, OrynIQ needs a service account with read access to the tables it analyzes — primarily CMDB, ITSM, user/role, schema, and script tables. The exact table list is provided during onboarding.

For AI-assisted remediation write-back (an optional feature), the service account also needs write permission to specific fields. Write-back access can be scoped to only the tables your team approves, and every proposed change requires explicit human approval in the OrynIQ UI before any write is executed.

Yes. OrynIQ supports multiple ServiceNow connections per engagement. You can connect a production instance, sub-production (dev/test/staging) instances, and run multi-instance scans that compare health across environments side by side.

Each plan includes one production instance and up to three sub-production instances. If you have larger volume requirements, reach out to discuss options.

OrynIQ uses refresh tokens to maintain a live session without requiring you to re-authenticate for every scan. If a refresh token expires or credentials are rotated, the connection will show as inactive in the dashboard. You can update credentials at any time through the Connections settings page — the update takes effect immediately without requiring a re-scan setup.

OrynIQ runs 450+ checks across five health dimensions:

• CMDB & Asset Health — CI completeness, relationship accuracy, CSDM alignment, asset coverage, and data quality
• ITSM Data Quality — Incident, change, problem, and request data completeness and process adherence
• Platform Hygiene — Script quality, customization density, upgrade risk, schema health, and baseline deviation
• License & Role Governance — Licensed role assignment patterns, direct vs. group assignment hygiene, inactive user exposure
• Automation & Workflow Health — Legacy workflow adoption ratio, stale workflows, Flow Designer coverage, and orphaned automation context

OrynIQ includes 450+ automated checks — 432 scan-level checks plus 39 AI-powered investigation playbooks. Scan checks run automatically on every scan. Playbooks are triggered during AI investigation sessions to perform deeper, multi-step analysis of specific problem areas.

A full scan typically completes in 3–8 minutes depending on instance size and the volume of records in tables being queried. Scans run asynchronously — you can navigate away from the scan page and return when it's complete. Results are available immediately when the scan finishes.

There are two distinct types of runs and they have different limits:

• Scans — the 450+ check diagnostic scan against your ServiceNow instance. Scans can be run on demand at any time with no monthly quota. They are fast, automated, and do not involve the AI.
• AI Full Audits — the agentic analysis that interprets scan results, runs live compound analyzers, and generates findings with narrative context. These are limited to 2 per month on Foundation and 4 per month on Professional, because each audit makes many sequential AI API calls and is a more resource-intensive operation.

In practice: run scans as frequently as makes sense for your environment (after a release, on a schedule, before an upgrade). Trigger AI audits when you need deep interpretation or a full narrative report.

Yes. OrynIQ supports finding suppression at the individual finding level. A suppressed finding is excluded from the health score and reporting but is retained in the audit trail with the suppression reason and the user who suppressed it. Suppressions can be reviewed and reversed at any time.

The OrynIQ Health Score is a domain-weighted composite score from 0 to 100. Each health dimension (CMDB, ITSM, Hygiene, Licensing, Automation) carries a configurable weight. Within each dimension, findings are scored by severity — Critical, High, Medium, and Low — and the dimension score is calculated based on the ratio of passed checks to total checks, weighted by severity.

The composite score is tracked over time so you can see whether platform health is improving or deteriorating between scan runs.

The Oryn AI agent is a conversational assistant that can investigate your ServiceNow platform health in depth. It has two modes:

• Chat mode — Ask natural-language questions about your scan findings, maturity scores, action plans, or historical data. The agent answers using your actual engagement data stored in OrynIQ.
• Full Audit mode — Triggers an autonomous deep audit that runs 24 compound analyzers against your live ServiceNow instance, synthesizes findings, and generates a full narrative report ready for stakeholder delivery.

The agent can also log investigation discoveries, propose remediation actions, and draft executive summaries.

No — and write-back access is tightly role-gated. The AI can propose remediation actions — field-level changes, record updates, or configuration corrections — but every proposal sits in a review queue and requires an explicit approval before any write is executed.

Only users with the Customer Admin role can approve, deny, or roll back write-back proposals. Standard users and read-only viewers have no access to the remediation queue and cannot trigger writes to your instance.

The Oryn agent is powered by Anthropic's Claude API. We use the latest available Claude model to maximize reasoning quality for complex multi-step platform health analysis.

Yes — but only aggregated, structural data. When the AI agent runs a tool, the results are included in the context sent to Anthropic's API so the model can reason about them. It is important to understand what that data looks like in practice:

• What is sent: aggregated counts, summaries, and structural observations — for example, "there are 47 CIs missing a managed-by group" or "23 business services have no linked service offerings." This is platform health signal, not personal data.
• What is not sent: individual user records, email addresses, personal identifiable information, or incident/request content. The agent's tools are designed to return counts and structural metadata, not row-level personal data from your instance.

Anthropic does not use API inputs or outputs to train its models under their commercial API terms. Token usage (not content) is logged locally for internal cost tracking. AI features can be disabled per customer if required by your security policy.

When the AI agent identifies a fixable issue in your ServiceNow instance, it can use an allowlisted propose_remediation tool to generate a specific field-level change proposal. For example: "Set the Managed by group field on CI record X to Y."

The proposal appears in the Remediation tab for review. Authorized users can:

• Approve — write-back is executed immediately against the target ServiceNow instance
• Deny — proposal is rejected and archived with the reason
• Rollback — reverses an approved write-back if the original value was captured

Every action is permanently logged. Only check types on an approved allowlist can generate proposals — arbitrary table/field combinations are not permitted.

No — there is no training layer in OrynIQ. The platform does not fine-tune, retrain, or update any AI model based on your data, your queries, or your scan results. OrynIQ is a consumer of Anthropic's Claude API, not a model trainer.

Anthropic does not use API inputs or outputs to train its models under their commercial API terms. Your ServiceNow data is used only to generate responses within a session — it does not flow into any learning pipeline, feedback loop, or model improvement process, at OrynIQ or at Anthropic.

Each AI conversation session is stateless — when a new chat session starts, there is no memory of previous conversations or prior chat interactions.

However, the agent does have structured awareness of your engagement history through its tools. It can query your stored scan results, historical findings, health score trends, and any discoveries logged from past sessions. In that sense, it "knows" what scans have been run, how findings have changed over time, and what your platform looked like in prior assessments — because that data lives in OrynIQ's database, not in the AI's memory.

The distinction: the AI doesn't remember what you said last week, but it can look up what your platform showed last week. Explicit discoveries and observations surfaced within a session can be saved to your workspace by your team — the agent does not automatically persist anything between sessions on its own.

The agent operates under a fixed system prompt that defines its role, scope, and behavior. This prompt is set by OrynIQ at the platform level — it instructs the agent to focus on ServiceNow platform health, use only its defined tools, and never take actions outside its permitted scope.

End users cannot modify the system prompt. The agent will decline to act outside its defined boundaries regardless of how a question is phrased — it cannot be instructed to ignore its scope, access systems it hasn't been given tools for, or behave as a general-purpose assistant.

The agent operates through a defined, constrained set of tools. It cannot make arbitrary API calls or access anything not explicitly built into those tools. The boundaries are:

• Read access is scoped to your connected instance only — via the OAuth credentials you provided, limited to the tables those credentials can reach
• Write access requires explicit allowlist approval — only specific check types can generate remediation proposals; arbitrary field/table combinations are blocked at the platform level
• Every write requires human approval — no changes to your ServiceNow instance occur without a deliberate approval action by an authorized user
• No cross-customer data access — the agent's tools are scoped to the authenticated customer's data; it has no mechanism to query another customer's environment
• No external internet access — the agent cannot browse the web, call external APIs, or access any system beyond the OrynIQ platform tools provided to it

Not currently, and never without explicit opt-in. Today, AI session data is used only to generate your responses within that session. It is not reviewed, retained for training, or used to improve any model.

A future opt-in program is planned that would allow customers who choose to participate to contribute anonymized session data — agent findings, remediation signals, and Q&A patterns — toward improving OrynIQ's AI capabilities for ServiceNow environments specifically. The goal is an intelligence layer that gets better at identifying platform health patterns the more engagements it sees.

If and when that program launches, participation will be:

• Explicit opt-in only — off by default, enabled by a deliberate choice from a customer admin
• Clearly scoped — you will know exactly what categories of data are included before opting in
• Covered by an updated DPA — training use requires separate consent to meet GDPR requirements; deletion from trained model weights is technically infeasible once incorporated, and this will be stated plainly

Customers in regulated industries who require a hard guarantee that their data is never used for any purpose beyond their own engagement can request a contractual assurance to that effect. Reach out to discuss.

OrynIQ generates several report types:

• Executive Health Report — A business-facing PDF with health scores, financial impact estimates, top findings, and a prioritized action plan. Designed to be handed directly to a CIO, IT Director, or ServiceNow Platform Owner.
• Technical Findings Report — A detailed breakdown of all scan findings, severities, affected records, and recommended remediation steps for the technical team.
• AI Narrative Report — An AI-generated prose summary of the full audit, written as a professional deliverable. Editable before you share it.
• Delta Report — A comparison between two scan runs showing what improved, what regressed, and what is new since the last assessment.

OrynIQ maps platform health findings to financial impact categories — upgrade risk cost, productivity loss from poor CMDB accuracy, license waste, and technical debt remediation cost. These estimates are based on configurable inputs including your instance's license spend, headcount, and average hourly cost rates.

The financial model produces a projected 3-year ROI of addressing the identified findings, giving stakeholders a quantified business case for remediation investment. Values can be adjusted to match your organization's specific context before presenting to stakeholders.

Yes. Reports can be exported as PDF for stakeholder delivery. Raw finding data is exportable as CSV or Excel for technical teams. All exports include a timestamp and the scan run they reference.

OrynIQ reports are built for two audiences simultaneously. The executive-facing report and AI narrative are written for CIOs, IT Directors, and business stakeholders who need a clear picture of platform risk and ROI without technical detail. The technical findings report is designed for ServiceNow architects and developers who need specifics to remediate issues.

This dual-layer approach means a single scan produces both a boardroom-ready deliverable for leadership and a hands-on remediation backlog for your technical team.

OrynIQ is hosted on Microsoft Azure in the United States. The application runs on Azure infrastructure with a PostgreSQL database that is not exposed to the public internet. All traffic passes through Cloudflare for SSL termination, DDoS protection, and WAF filtering.

Azure is a natural fit for enterprise ServiceNow customers — the same infrastructure many organizations already rely on for their own workloads.

OAuth Client ID, Client Secret, Access Token, and Refresh Token are all encrypted at rest using AES-256-GCM. The encryption key is stored separately from the database. Credentials are decrypted only in memory at the moment of an outbound API call to your ServiceNow instance and are never written to logs in any form.

SOC 2 Type I is targeted for 2026. In the meantime, OrynIQ is designed with the SOC 2 Trust Services Criteria in mind — immutable audit logs, role-based access control, encrypted credentials, and a principle-of-least-privilege service account model.

A Data Processing Agreement (DPA) is available on request for customers who require it for procurement or compliance purposes.

Yes. OrynIQ supports GDPR and CCPA requirements:

• Full data deletion on request — all records associated with your customer account (engagements, scan results, findings, AI sessions, users) are permanently deleted within 30 days of a confirmed written request. Deletion is a targeted removal of all records scoped to your customer ID from the shared database.
• Customer admins can self-serve — users and engagement data can be deleted directly through the admin interface without contacting support
• Your data is never sold — OrynIQ does not sell, license, or share customer data with any third party
• No service delivery sharing — data is not shared with subcontractors or external parties as part of delivering the service; there are no third-party processors with access to customer data beyond Anthropic's API (which receives only the aggregated tool output described in the AI & Security section)
• A DPA is available on request

See the full Privacy & Data Handling page for complete detail.

OrynIQ is operated by Logan Poynter LLC. There are no employees, contractors, or third parties with access to customer data.

Access to customer data only occurs when required to resolve a support issue that has been explicitly requested by the customer, and only for the duration necessary to resolve it. Any such access uses the global admin role and is recorded in the same immutable audit log visible to customers — there is no privileged backdoor outside the platform's own access controls.

All customer data is isolated at the application and database query level by customer_id — no customer can access another customer's data through the platform.

OrynIQ is available in two distinct ways, and both are offered upfront — not as add-ons:

• Platform (Self-Serve) — Your team gets full access to OrynIQ and runs everything independently. You connect your ServiceNow instance, trigger scans, investigate findings with the AI agent, and produce reports on your own schedule. Ideal if you have internal ServiceNow expertise and want continuous visibility without outside involvement.
• Managed PHaaS — A hands-on engagement where a seasoned ServiceNow architect from Logan Poynter LLC embeds with your team for the duration of the engagement. This isn't a feature tier or a managed scan service — it's an active recovery partnership. You get a structured 90-day roadmap built around your platform's specific findings, guided execution of remediation priorities, and direct access to an architect who knows your environment. After the initial engagement, that resource stays available as an ongoing reference point. Ideal if you're heading into a transformation, upgrade, or governance reset and want expert ownership of the platform health work — not just a tool to run it yourself.

Managed PHaaS is not an upgrade from self-serve — it's a different kind of engagement for a different situation. If you're unsure which fits, reach out and we'll talk through it honestly.

Two plans are available for self-serve platform access. These plans apply to customers running OrynIQ independently — they are not tiers of the managed PHaaS engagement.

• Foundation — 2 AI full audits/month, 10 seats (up to 2 admins), 1 production instance + 3 sub-production instances
• Professional — 4 AI full audits/month, 20 seats (up to 5 admins), 1 production instance + 3 sub-production instances

Scans (the automated diagnostic runs) are unlimited on both plans — audit quotas apply only to the AI-powered full audit sessions. If you have volume requirements beyond these limits, reach out to discuss options.

Platform (self-serve) is plan-based — a fixed monthly or annual fee that includes a defined seat count, audit quota, and instance limit. Costs are predictable regardless of how heavily the platform is used within plan limits. Monthly and annual billing are both available; annual billing includes 2 months free (you pay for 10 months, you get 12).

Managed PHaaS is priced as an annual professional services engagement. The platform is included, but the pricing reflects the architect's time — not additional platform features. There is no "unlimited audits" or feature advantage over self-serve; the value is active expert involvement. Because the engagement requires upfront scoping, roadmap work, and ongoing delivery commitment, a 12-month minimum is required.

Specific pricing for both tracks is shared during the demo conversation. Request a demo to get the details.

During the early access phase, we offer a guided demo using your own ServiceNow instance (or a PDI) so you can see real findings from your actual environment before committing. This isn't a self-serve trial — it's a live walkthrough of what OrynIQ surfaces on your platform, with time to ask questions.

For managed PHaaS prospects, the demo also covers what the ongoing delivery cadence looks like so you know exactly what to expect before signing anything.

Request a demo to get started.

Yes. Some customers start on the platform to get familiar with the tooling and then bring in managed delivery once they understand what they want to prioritize. Others come in for managed from day one because they don't have the internal bandwidth.

Either path works — the platform is the same either way, and there is no penalty for switching tracks. If you're unsure which fits best, the demo conversation is the right place to talk through it.

It depends on the billing track:

• Self-serve monthly — No minimum term, but the first month is billed in full at signup before access is provisioned. Access is activated immediately on payment confirmation and continues through the end of that billing period. There is no net-30 on monthly self-serve.
• Self-serve annual — 10 months billed in full, net-30, upon a signed agreement. You get 12 months of access — 2 months free. The annual term is the minimum commitment.
• Managed PHaaS — Requires a 12-month signed Statement of Work. Invoiced net-30 after the SOW is countersigned. Delivery does not begin until the agreement is in place.

Most customers complete setup and run their first scan within one business day of account provisioning. The ServiceNow side requires creating an OAuth application registry and a service account — this typically takes 20–30 minutes for a ServiceNow administrator. OrynIQ provides step-by-step instructions for this setup.

The ServiceNow setup involves two steps:

• OAuth Application Registry — Create an OAuth 2.0 provider entry in ServiceNow (System OAuth → Application Registry). No redirect URL is required for OrynIQ's flow. You'll receive a Client ID and Client Secret to enter in OrynIQ.
• Service Account — Create a dedicated service account user with read access to the tables OrynIQ scans. We provide the recommended role/table list. For write-back (remediation), additional write permissions can be scoped per table.

No scoped app installation, update sets, or ServiceNow admin involvement beyond these two items is required.

A typical onboarding follows five steps:

• 1. Account provisioning — Your OrynIQ account is created and your team is invited
• 2. Workspace setup — Configure your organization profile and create an assessment workspace for your ServiceNow environment
• 3. ServiceNow connection — Set up the OAuth registry and service account; enter credentials in OrynIQ
• 4. First scan — Trigger a full audit and review the initial findings together
• 5. Reporting & AI walkthrough — Review the report output, financial model, and AI agent capabilities for your specific environment

All plans include direct email support with a target response time of one business day for standard inquiries and two business days for security-related matters. During the early access phase, customers also get direct access to the OrynIQ team for product questions, onboarding help, and feedback sessions.

Reach us at hello@loganpoynter.dev for any support or product questions.

You can cancel self-serve access at any time. When you cancel:

• Access continues through the end of your current paid period — no cutoff at cancellation date. There are no partial-period refunds.
• Export your data before your period ends — findings, scan history, reports, and action plans are all exportable. After account closure, data is retained for 30 days in case you need to recover anything, then permanently deleted.
• Managed PHaaS cancellation — governed by the terms of your signed Statement of Work. Early termination outside those terms is not available, as delivery work and resource allocation begin at signing.

You can request immediate data deletion at any time by emailing hello@loganpoynter.dev.