TPRM - Questions Related to Plugins and Sample Questionnaires
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-21-2024 02:01 PM
Per ServiceNow Documentation (https://docs.servicenow.com/bundle/washingtondc-governance-risk-compliance/page/product/grc-vendor-r...) , the list of steps to configure third party risk management "requires" installation of three plugins: Third-party Risk Management app [com.sn_vdr_risk_asmt] , Due diligence request workflow application [com.sn_tprm_dd], and Vendor Risk Management Workspace application [sn_vrm_ws].
My Questions
1. It seems the plugin for Due diligence request workflow application [com.sn_tprm_dd] introduces a workflow that is meant to replace the previous tiering assessment process (legacy tiering assessment), and I get that this is in fact recommended by ServiceNow over the legacy tiering assessment as it provides more flexibility. However, if a client needed to just use the legacy tiering assessment process, can we avoid installing the Due diligence request workflow application [com.sn_tprm_dd], ie. could we just install Third-party Risk Management app [com.sn_vdr_risk_asmt] and Vendor Risk Management Workspace application [sn_vrm_ws] to setup TPRM with legacy tiering assessment process?
2. If it's possible for us to setup TPRM with legacy tiering assessment process without having to install the plugin Due diligence request workflow application [com.sn_tprm_dd], can we still get the sample questionnaires provided demo data is loaded when installing plugin Third-party Risk Management app [com.sn_vdr_risk_asmt]?
3. In the scenario that plugin for Due diligence request workflow application [com.sn_tprm_dd] is installed, is it still possible to use the legacy tiering assessment? Thank for your timely attention to my question.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-23-2024 07:56 PM
Hi @VM7 ,
Whereas it's not recommended to have legacy tiering assessment process , but if you still proceed with it, then you can use the legacy tiering assessment without due diligence.
You should not install the below Plugin:
You just install the below plugin to get the sample questionnaires provided in the demo data:

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-25-2024 05:12 AM
I responded to this question directly in an email - here are my thoughts on the questions asked - would love to hear from others on this topic:
To the first question paragraph:
- You can use the new due diligence process which uses the new internal assessment for some third parties and use the original tiering assessment for others – in other words you don’t have to do all of one or all of the other.
- Tell me why they want to continue doing it that way – I may have more comments.
- You can take an existing tiering assessment and copy it and turn it into an internal assessment.
- There are several benefits of the Due Diligence process – which include
- This allows the process to start by onboarding a third-party. Any user (via the Employee Portal) can request to have a new third-party onboarded.
- There is also an off-boarding process.
- There is also a built-in process to review and approve the internal assessments (by individuals with the TPRM manager role). In the current class we show how that can be extended to other people.
To the second paragraph:
- I’m not sure about this one (using the internal assessments as tiering assessments) – but you could try this…
- Make a copy of the internal assessments and change the type to tiering assessment. I know you can do it the other way – start with a tiering and make it an internal
- Also consider the upgrade ramifications of doing this. Any updates to those assessment will not be realized by the customer.
And to the third paragraph:
- No – not without customization that will probably cause upgrade issues.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-11-2024 06:36 PM
Hi Jan,
I would be very interested to find out more about the below point as we are currently developing the new Due Diligence process, and wanted to use OOB features to review and approve IRQs, however we were not able to find such a feature OOB. Can you let us know where we can find information on how to do this?
'
- There is also a built-in process to review and approve the internal assessments (by individuals with the TPRM manager role). In the current class we show how that can be extended to other people.'
If you could also let us know what you mean by 'In the current class we show how that can be extended to other people', is this referring to a demo that is available in the community for those implementing the new TPRM features? We would really appreciate your help with this as we have struggled to find how to implement the new OOB features that have been showcased in demos/webinars etc.
Many thanks
Jill