TPRM Due Diligence

Prashanth Velam · ‎02-21-2024

Hi,

We are trying to move into the new TPRM functionality that ServiceNow had introduced in Vancouver - Due Diligence request process.

My questions is mainly around the the Workflow for Due Diligence request - In our current process, the Third Party Risk Manager will answer all the required questions and then send out the Vendor Risk Assessments to the Third Parties. But in the new workflow, we have multiple roles like Due Diligence Creator (any one in the organisation), Due Diligence Responder (Third Party Risk manager), Due Diligence Approver (Also Third Party Risk Manager?) - Is there any way in the new Due Diligence process where all this process is skipped and only the Third Party Manager creates the Due Diligence and responds to the IRQ so that the Vendor Risk Assessments are sent to the Vendors?

Is that possible to configure the DD process in such a manner?

Thanks,

Prash

Jan Spurlin · ‎02-21-2024

Need a little clarification on your question.

When you say " In our current process, the Third Party Risk Manager will answer all the required questions..." - are you referring to the internal tiering questionnaires? In your org doe the TPRM Manager do all the work on internal assessments prior to an assessment being sent to a third-party?

It is possible to manually create a DDR record without having it created via the record producer.

If you want to totally skip the IRQ process, then you are talking about customization.

Prashanth Velam · ‎02-21-2024

@Jan Spurlin Yes, I am talking about the Internal Tiering Questions. All the work on the internal assessments prior to an assessment is done by the business owner who is engaging the third party. TPRM Manager will come into the picture only when the business owner has issues etc with the internal assessments.

We want to be close to the OOTB process as such but want to know if the business owner can create the DD request and answer the IRQ before submitting it to the third party.

Thanks!