Automate actions upon risk intelligence updates

  • Release version: Australia
  • Updated March 12, 2026
  • 3 minutes to read

    • A provider-based submission rule is a set of conditions and actions. In a rule, you can specify that an update to a rating from a risk intelligence provider is the condition that triggers the action that is specified in the rule. The action might be to create and send a third-party risk assessment, issue, task, or email.

    Before you begin

    Role required: sn_vdr_risk_asmt.vendor_assessment_reviewer

    About this task

    When you enter a rating from a risk intelligence provider, the system normalizes the value to convert it to the appropriate TPRM rating. When you enter a score from a risk intelligence provider, the TPRM generates both a normalized rating and a normalized numerical score.

    Follow this procedure to define a rule to perform an action when a provider sends an updated rating or score.

    Procedure

    1. Navigate to All > Third-party Risk Management > Assessment Submission Rules > Provider-based Submission.
    2. Select New and then fill in the form.
      Table 1. Provider-based submission rule form
      Field Description
      Provider service Select the scoring service from the risk intelligence provider that is associated with the rule.
      Order Enter the execution order for the rule. If multiple rules are defined for the same risk intelligence provider, only the rule with the lowest Order value is executed.
      Name Auto-generated name of the rule.
      • Change type
      • Extent of change
      • Normalized percentage/Normalized score/Normalized risk rating
      Select the basis for the external score change that should trigger the rule and the extent of change, as follows:
      • If Change type = Normalized percentage, select Increased risk by or Decreased risk by, and the percentage in the Normalized percentage field.
      • If Change type = Normalized score, select Increased risk by, Decreased risk by, or Threshold, and a score in the Normalized score field.
      • If Change type = Normalized rating, enter a risk rating threshold that will trigger the rule in the Normalized risk rating field.
    3. Select the Apply to third parties tab.
      1. Use the condition builder to define conditions for identifying the third parties to be affected by the rule.
      2. Select Submit.
    4. Select the Rule Actions tab, fill in the fields, and then select Submit.

      Options on the Rule Actions tab.

      Table 2. Provider-based submission rule form — Rule Actions tab
      Field Description
      Create assessment Select this check box to create an assessment for the third parties identified on the Apply to third parties tab. If you also select the Auto submit to third party check box, the assessment is automatically sent to the third parties when the rule is triggered.
      Create issue Select this check box to create an issue for the third parties identified on the Apply to third parties tab. If you also select the Auto submit to third party check box, and you have selected a template from the Issue template field, the issues are auto-generated for the third parties when the rule is triggered.
      Note:
      To enable to auto-generation, you must verify that the following three fields are completed when the issue is created:
      • Vendor
      • Recommendation (on the Recommendations tab)
      • Explanation (on the Recommendations tab)
      Create task

      Select this check box to create a task for the third parties identified on the Apply to third parties tab.

      If you also select the Auto submit to third party check box, and you have selected a template from the Task template field, the tasks are automatically created for the third parties when the rule is triggered.
      Assessment template If you selected the Create assessment check box, select the assessment template to be used to create the assessments.
      Issue template

      If you selected the Create issue check box, you can optionally select an issue template to be used to create an issue for the third parties identified on the Apply to Vendors tab.

      If you also select the Auto submit to third party check box, you must select an issue template in order to automatically create an issue when the rule is triggered.
      Task template

      If you selected the Create task check box, you can optionally select a task template to be used to create a task for the third parties identified on the Apply to Vendors tab.

      If you also select the Auto submit to third party check box, you must select a task template in order to automatically create a task when the rule is triggered.
      Auto submit to third party Automatically submit assessments, issues, and/or tasks to the third parties identified on the Apply to third parties tab as described in the preceding field descriptions.
      Send email/Recipients When the rule is triggered, users with the TPR manager role receive an email notification. Select Send email and specify Recipients to send the email notification to other individuals.