Third-party Risk Management

  • Release version: Zurich
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Third-party Risk Management

    The ServiceNow® GRC: Third-party Risk Management (TPRM) application enables organizations to proactively identify, assess, and mitigate risks associated with their third-party relationships. It centralizes the management of third-party portfolios, risk assessment and scoring, and remediation processes, helping customers maintain control and visibility over vendor-related risks.

    Show full answer Show less

    Key Features

    • Risk Due Diligence Requests: Initiate requests to determine risk levels related to third-party interactions and engagements.
    • Risk Assessment and Monitoring: Identify, assess, and continuously monitor potential risks from third-party relationships.
    • Approval Workflow: Configure approval levels and rules to accept or reject due diligence requests based on questionnaire responses and due diligence outcomes.
    • Contract Risk Management: Incorporate specific contractual provisions during negotiations to address identified risks and protect organizational interests.
    • Digital Resilience Third-party Registers: Maintain registers of contractual arrangements with ICT third-party service providers within the Vendor Management Workspace.
    • Risk Intelligence Integration: Manage and request risk intelligence reports or scores from external providers and integrate these scores to gain insights into the trustworthiness and safety of third parties.
    • Third-party Portal: Facilitate direct interaction between third-party contacts and risk assessors through questionnaire responses, documentation requests, and issue/task management.
    • Migration Support: Guidance for migrating from the Classic Assessment Engine to the Smart Assessment Engine, including setup requirements and feature differences.

    Implementation and Support

    • Activation and Configuration: Customers can download TPRM from the ServiceNow Store and configure it according to their organizational needs.
    • Integration: Extend TPRM capabilities by integrating with other ServiceNow applications and external risk intelligence providers.
    • Reference and Troubleshooting: Access detailed documentation on application components such as tables, forms, roles, and properties. Utilize the GRC community, Known Error Portal, developer site, and Customer Service and Support for assistance.

    Benefits for ServiceNow Customers

    By using the TPRM application, organizations can streamline third-party risk management processes, improve risk visibility and control, enforce risk-based decision-making, and safeguard contractual and operational interests. This comprehensive approach helps mitigate third-party risks effectively, ensuring better compliance and resilience.

    The ServiceNow® GRC: Third-party Risk Management (TPRM) application enables you to proactively identify, assess, and mitigate risks that are associated with your third-party relationships. TPRM provides a centralized process for managing your portfolio of third parties, assessing and scoring risk, and performing remediation.

    Get started

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release note information for all released apps, see the ServiceNow Store version history release notes.

    Troubleshoot and get help