Security of the Vendor Risk portal

Go to solution
Phil Green
Mega Contributor

‎07-27-2020 10:30 PM

Does anyone know of a 1-page architecture diagram that illustrates the security of the Vendor Risk service portal?

0 Helpfuls
  • 1,757 Views
1 ACCEPTED SOLUTION

Go to solution
Rishabh Jha
Mega Guru

‎07-28-2020 04:14 AM

Hi @Phil Green,

Below is some content that I think would be helpful in understanding the role of vendor portal in Vendor Risk Management, and the security around it, which is mainly by separating the portal with the instance and by utilizing separate external portal roles.

(credit: https://www.streyda.eu/servicenow/vendor-risk-management-in-servicenow/)

Vendor Portal
The vendor assessment portal, commonly referred to as the vendor portal, consolidates all communications between the vendor and the organization.

Assessments are shared via the vendor portal and future assessments can be scheduled so they show up in the vendor portal automatically
The portal allows the vendor to communicate more easily with their different functional groups, while tracking issues, tasks, and attaching evidence
Because Vendor Risk Management is cloud-based, like the rest of the ServiceNow applications, it resides outside an enterprise, which allows for secure communications with vendors without creating any vulnerabilities.

find_real_file.png

 

find_real_file.png


Once the Vendor Risk Management application has been installed, new roles are activated.

Internal users are assigned the role of snc_internal
External users assigned the role of snc_external
When vendor contacts are created, they are automatically assigned the snc_external role, giving them access to resources related to the vendor portal. This process ensures strict division between external and internal users.

find_real_file.png

 

Thanks & Regards,

Rishabh Jha

Aavenir (https://www.aavenir.com/)

 

View solution in original post

Preview file
243 KB
Preview file
335 KB
Preview file
83 KB
4 REPLIES 4

Go to solution
Rishabh Jha
Mega Guru

‎07-28-2020 04:14 AM

Hi @Phil Green,

Below is some content that I think would be helpful in understanding the role of vendor portal in Vendor Risk Management, and the security around it, which is mainly by separating the portal with the instance and by utilizing separate external portal roles.

(credit: https://www.streyda.eu/servicenow/vendor-risk-management-in-servicenow/)

Vendor Portal
The vendor assessment portal, commonly referred to as the vendor portal, consolidates all communications between the vendor and the organization.

Assessments are shared via the vendor portal and future assessments can be scheduled so they show up in the vendor portal automatically
The portal allows the vendor to communicate more easily with their different functional groups, while tracking issues, tasks, and attaching evidence
Because Vendor Risk Management is cloud-based, like the rest of the ServiceNow applications, it resides outside an enterprise, which allows for secure communications with vendors without creating any vulnerabilities.

find_real_file.png

 

find_real_file.png


Once the Vendor Risk Management application has been installed, new roles are activated.

Internal users are assigned the role of snc_internal
External users assigned the role of snc_external
When vendor contacts are created, they are automatically assigned the snc_external role, giving them access to resources related to the vendor portal. This process ensures strict division between external and internal users.

find_real_file.png

 

Thanks & Regards,

Rishabh Jha

Aavenir (https://www.aavenir.com/)

 

Preview file
243 KB
Preview file
335 KB
Preview file
83 KB

Go to solution
Rishabh Jha
Mega Guru

‎07-29-2020 11:55 AM

Hi @Phil Green

Hope you're doing well.

Has your query been resolved? If the answer has helped resolving your query, please mark it as helpful/correct so that other community members can refer to it as a resolved thread.

 

Thanks & Regards,

Rishabh Jha

Aavenir (https://www.aavenir.com/)

0 Helpfuls

Go to solution
Phil Green
Mega Contributor
In response to Rishabh Jha

‎07-30-2020 12:15 AM

Hi Richabh,

 

Thank you for the information provided.  Although very helpful it didn't quite answer my question.  What I'm looking for is something that illustrates how the vendor portal - and this may be more of a platform question in general - is secure (e.g., from cyber attacks) so an organisation can feel confident that allowing a 3rd party to access their instance (its vendor portal) doesn't pose a security risk.

Kind regards,

Phil 

0 Helpfuls

Go to solution
Rishabh Jha
Mega Guru
In response to Phil Green

‎07-30-2020 12:29 AM

Hi Phil,

I don't believe that the security would be any different from the platform's hosted instance, because it is hosted on the same infrastructure, and accessing the same database. The access to the external users is controlled via the ACL/roles.

I'd recommend creating a HI portal case, for a faster response from the ServiceNow team.

 

Thanks & Regards,

Rishabh Jha

Aavenir (https://www.aavenir.com/)