Mary Hain
- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on
β07-03-2025
11:10 AM
- edited on
β08-11-2025
12:37 PM
by
Shimoli Gandhi
The Third-Party Portal (formerly the Vendor Portal) is a secure, user-friendly interface that streamlines how third parties, such as vendors, suppliers, and partners, collaborate with your risk teams. It is a major feature of ServiceNow Third-Party Risk Management (TPRM).
Third parties can view and respond to assessments, upload documents, and track tasks or deadlines in the portal. The self-service portal replaces fragmented processes in spreadsheets with a structured, transparent workflow that aligns the information exchanged between risk teams and third parties.
Some of the key features of the portal:
- You can provide a welcome email with secure login, FAQs, and guided tours to help third parties get up to speed quickly on whatβs needed.
- Third parties can delegate tasks, update contact information, and manage notification preferences in the portal, giving them control over the information they submit.
- Third parties can be assigned risk assessments, then complete and upload them offline
- Risk teams gain visibility into issues, due dates, and task status, which ensures smooth communications.
- Data security is improved because you are no longer relying on spreadsheets, documents and email, minimizing security exposures.
πNew in Zurich: Smart Assessment Engine makes it easier to navigate assessments, apply templates, and break down questions into sections. You can now collaborate on third-party assessments and normalize scores for consistent reporting. The third-party portal has also been upgraded to fully support Smart Assessments.
Demos
- Speed Learning β Third-party Portal 101_What You Need to Know (PPT attachment below)
- Introduction to the Third-party Portal
Resources
- TPRM Process Guide
- Product Documentation:
Managing the third-party portal
Setting up third-party contacts
Managing access for your third-party contacts
E-signatures on questionnaires or document requests
Using a Microsoft Excel spreadsheet template for external questionnaires
Third-party contacts β Respond using a Microsoft Excel template
FAQs
What kind of information can a vendor typically access through the Third-Party Portal?
Risk assessments, tasks related to remediation efforts, policies that need acknowledgement, and any issues identified related to their engagement with your organization.
Can I customize the Third-Party Portal to align with my organization's workflows?
You can configure the portal to support your unique requirements and processes.
How do I create and manage third-party contacts in TPRM?
Navigate to All > Third-Party Risk Management > Third Parties > Third-Party Contacts to add or verify contacts. From there, select the desired contact to modify their details and access settings. You can assign roles, enable logins, and manage access permissions.
What roles are assigned to third-party contacts and what do they control?
Third-party contacts are automatically assigned the `vendor_contact` and `snc_external` roles. The `vendor_contact` role grants access to the Third-Party Portal, while `snc_external` restricts access to only the portal, preventing unauthorized entry into the entire instance.
How do third-party users electronically sign questionnaires or document requests?
After completing a questionnaire or document request, users can click "Save and Sign," then either type their name or draw their signature to complete the process.
What is the Explicit Roles plugin, and how does it relate to TPRM?
The Explicit Roles plugin is activated as part of the TPRM plugin. Admins then assign the `snc_internal` and `snc_external` roles to control access levels.
Can third parties respond to questionnaires using Excel templates?
Third parties can download a Microsoft Excel spreadsheet template from the portal, complete it offline, and then import it back into the system. This makes data entry and assessment easier for external users.
How can I enforce multi-factor authentication (MFA) for third-party logins?
When you implement the adaptive authentication / MFA context policy, you add an extra layer of security for third-party access.
Is it possible to assign the same third-party contact to multiple subsidiaries?
You can use the vendor hierarchy feature, which supports centralized contact management across related organizations.
- 1,045 Views
