Integrating scores from risk intelligence providers
Summarize
Summary of Integrating Scores from Risk Intelligence Providers
This guide outlines how to integrate risk scores from various risk intelligence providers into your ServiceNow platform. These scores, similar to personal credit scores, help assess the trustworthiness of third parties, enabling organizations to make informed risk management decisions.
Show less
Key Features
- Provider Registration: After registering a risk intelligence provider, you can select their scoring services and map their scores to your organization's TPRM ratings.
- Score Normalization: Add raw scores from providers to the service record for a third party, allowing the system to normalize these values to your TPRM ratings.
- Provider-Based Submission Rules: Create conditions that trigger automated actions, such as sending assessments or notifications when a rating updates from a provider.
- Integration Types: ServiceNow supports various integrations including ISV, content, data, and ESG to enhance your third-party risk management process.
Key Outcomes
By integrating scores from risk intelligence providers, organizations can:
- Enhance risk assessment accuracy through reliable scoring systems.
- Automate risk management processes, improving efficiency and response times.
- Utilize comprehensive integration options to gather and analyze vital data from multiple sources.
For practical implementation, refer to related tasks such as registering a provider and setting up associated services and request types.
Risk intelligence providers generate risk scores for a variety of third-party risk domains. Your organization can purchase services from providers that return data that is analogous to personal credit scores. The scores provide insight on how trustworthy and safe a particular third party can be.
Working with data from risk intelligence providers
- After you register a risk intelligence provider, you specify which of the provider's scoring or rating services you’ll use. You also specify how their scores or ratings map to your TPRM ratings. For more information, see Register a risk intelligence provider, Set up a risk intelligence provider service, and Set up a request type for a provider.
- You add a raw score from a provider to the provider service record for a third party. The system uses the mapping that you specified to normalize the value to the appropriate TPRM rating. For more information, see Add a risk intelligence score to risk data for a third party.
- A provider-based submission rule is a set of conditions and actions. In a rule, you can specify that an update to a rating from a risk intelligence provider is the condition that triggers the action that is specified in the rule. The action might be to create and send a third-party risk assessment, issue, task, or email. For more information, see Automate actions upon risk intelligence updates.
Integration types
Here are some examples of the types of integrations supported by ServiceNow and ServiceNow partners:
-
Independent software vendor (ISV) integration types involve integrating ISV services such as EcoVadis or Black Kite.
-
Content integration types involve integrating external content sources such as regulatory databases or industry standards.
-
Data integration types involve integrating external data sources to gather and analyze relevant data such as data from financial systems, security tools, or vendor management systems.
-
Environmental, social, and governance (ESG) integration types involve incorporating ESG factors into the TPRM process.
Integrations supported by ServiceNow
| Provider | Product name | Content | Service provided | Type |
|---|---|---|---|---|
| Shared Assessments | Standard information-gathering (SIG) questionnaire | Standard assessment | Industry standard questionnaire for use in assessments. | Content |
| EcoVadis | EcoVadis | Sustainability ratings | Sustainability scores in support of assessments and continuous monitoring. | ISV, data, ESG |
Integrations supported by ServiceNow partners
| Provider | Product name | Content | Use case | Type |
|---|---|---|---|---|
| BitSight | BitSight | Cyber risk ratings | Cyber risk scores in support of assessments and continuous third-party risk monitoring. | ISV, data |
| Security Scorecard | Security Scorecard | Cyber risk ratings | Cyber risk scores in support of assessments and continuous third-party risk monitoring. | ISV, data |
| RiskRecon | Risk Recon | Cyber risk ratings | Cyber risk scores in support of assessments and continuous third-party risk monitoring. | ISV, data |
| Upguard | Upguard Vendor Risk | Cyber risk | Cyber risk scores in support of assessments and continuous third-party risk monitoring. | ISV, data |
| Recorded Future | Recorded Future Intelligence | Cyber risk ratings | Cyber risk scores in support of assessments and continuous third-party risk monitoring. | ISV, data |
| Black Kite | Black Kite | Third-party risk management | Technical security, financial risk, ransomware susceptibility index, and compliance scores in addition to overall security ratings. |
ISV |
| Interos | Interos | Supply chain and multiple domain ratings | Cyber, financial, ESG, geopolitical, operations, and restrictions ratings to support risk assessments and monitoring. |
ISV, content |
| TruSight | TruSight | Third-party risk assessments | Access to TruSight-validated third-party risk assessments. |
ISV |
| ISS Corporate Solutions | ISS ESG Cyber Risk Score for Vendor Risk Management | ESG ratings | Access to a comprehensive view of ISS Corporate Solutions' cyber risk management program through cyber risk and supply chain. | ISV |
| Securitybricks | CMMC - NIST-800-171 - Vendor Compliance Assessment | Template | Access to an automated assessment for Federal organizations. | data, content |
| Templarshield | HECVAT-Questionnaire for Higher Education | Content | Access to an automated questionnaire for Higher education organizations. | ISV, content |