Resilience metrics

Release version: Australia

Updated March 12, 2026

3 minutes to read

Summarize

Summarized using AI

Summary of Resilience Metrics

The Operational Resilience Workspace landing page provides key resilience metrics for services, business services, and organizational pillars. It offers a centralized view of the operational status, completed activities, red flags, and improvement suggestions to help you monitor and enhance your organization’s resilience posture.

Show full answer Show less

Key Features

Tabs on the Landing Page:
- Services Overview Tab: Displays resilience metrics and status for services configured via the Service (CMDB) Main node. Typically used by existing customers.
- Business Services Overview Tab: Shows resilience metrics for business services using the OpRes with CSDM header Main node configuration, preferred by new customers.
- Pillars Overview Tab: Presents metrics and status related to organizational pillars.
Customization: Administrators can control the visibility of Services and Business Services overview tabs in the workspace to align with organizational needs.
Third-party Risk Management (TPRM) Integration: Starting with release 21.0.x, TPRM risk assessments with Very High risk ratings and valid states are integrated as red flags in Operational Resilience reports. TPRM data is accessible directly from Operational Resilience and linked to the Vendor Management Workspace.
User Role Management for Viewing Red Flags:
- If TPRM is not installed, users need IRM roles to view risk red flags.
- If TPRM is installed, users assigned the TPRM viewer role can access risk and TPRM red flags without requiring IRM roles.
Role-Based Report Access: The workspace displays tailored reports for BCM (Business Continuity Management) and IRM (Integrated Risk Management) professionals. Roles are structured to define user capabilities for creating, managing, or participating in resilience, BCM, and IRM activities.

Practical Implications for ServiceNow Customers

Use the appropriate tab on the Operational Resilience Workspace landing page to monitor the resilience status of your services, business services, or pillars effectively.
Work with your administrator to configure which overview tabs are displayed to align with your organization’s operational model.
Leverage TPRM integration to identify and manage third-party risks as part of your resilience strategy, ensuring visibility into critical risk assessments.
Ensure users have the correct roles—such as BCM or IRM roles—to access relevant reports and participate in resilience activities based on their responsibilities.

You can view resilience metrics for services or business services, and pillars on the landing page of the Operational Resilience Workspace.

Services, Business services, and Pillars overview

The landing page displays a summary of the resilience metrics for the services or business services and pillars.

The landing page of the Operational Resilience Workspace displays the following tabs:

Services overview tab—Displays an overview of the status of the services in your organization. The Service (CMDB) Main node configuration fetches service-related data. Resilience metrics for the services, including their operational status, completed activities, red flags, and suggestions for improvements, are displayed on this tab. For information on the resilience metric displayed on the Services overview tab, see Services overview tab.
Business services overview tab—Displays the status of the business services in your organization. The Opres with CSDM header Main node configuration sets up the business services-related data. Resilience metrics for the business services, including their operational status, completed activities, red flags, and suggestions for improvements, are displayed on this tab. For information on the resilience metric displayed on the Business services overview tab, see Business services overview tab.
Pillars overview tab—Displays the status and metrics of the pillars in your organization. For information on the resilience metric displayed on the Pillars overview tab, see Pillars overview tab.

Existing customers typically use the Service (CMDB) Main node configuration, while new customers use the OpRes with CSDM header Main node configuration. Depending on the setup done by your administrator, either the Services overview or the Business services overview tab, is shown on the landing page.

Administrators or UI Builder administrators can show or hide these tabs from the Workspace view based on organizational needs. For information on how to display or hide either the Services overview or Business services overview tab, see Show Business services overview tab in Workspace view.

Third-party Risk Management (TPRM) integration

Starting with Operational Resilience, release 21.0.x, you can track third-party risk assessments as red flags in the Operational Resilience reports and the overview pages for business services, service offerings, and business processes.

TPRM risk assessments are integrated into Operational Resilience if they meet the following conditions:

The risk rating is Very High (using the overridden risk rating if applicable).
The risk rating is valid beyond the current date.
The state is one of the following: Generating observations, Responses received, or Finalizing with third party.
The risk assessment applies to either the Company or an engagement.

Opening a third-party risk assessment from Operational Resilience displays the same view as when accessed directly from the Vendor Management Workspace.

To view Related lists and Red flags data in the Operational Resilience Workspace, you must have appropriate user roles as explained in this section.

TPRM is not installed: If TPRM is not installed, Operational Resilience users cannot access risk red flags without the IRM roles.
TPRM is installed: However, if TPRM is installed, Operational Resilience users can access both risk red flags and Third-party Risk Management red flags because they are assigned the TPRM viewer role. The TPRM viewer role includes risk viewer capabilities, thus eliminating the need for IRM roles.

For information on the roles required to view the related lists and red flags data, see the "Roles to view related lists and Red flags data" table in the Create Service form page.

Displaying reports for different user roles

Separate reports are displayed in the Operational Resilience Workspace landing page for BCM Professional and IRM Professional users.

Enhanced roles for accessing the reports

The roles installed with Operational Resilience now contain the relationship for BCM Professional and IRM Professional users.

All Operational Resilience users can access general reports on the landing page.

The roles required to access the BCM and IRM reports in the Operational Resilience Workspace are explained in the following table.

Table 1. Roles to access the reports
Type of reports	Required roles	Information	Contains
BCM reports	sn_oper_res.bcm_opres_admin	Users with this role can create and delete both operational resilience activities and BCM activities.	sn_oper_res.admin sn_bcm.bcm_opres_manager
	sn_oper_res.bcm_opres_manager	Users with this role can create both operational resilience activities and BCM activities.	sn_oper_res.manager sn_bcm.bcm_opres_user
	sn_oper_res.bcm_opres_user	Users with this role can participate in both operational resilience activities and BCM activities.	sn_oper_res.user sn_bcm.viewer
IRM reports	sn_oper_res.irm_opres_admin	Users with this role can create and delete both operational resilience activities and IRM activities.	sn_oper_res.admin sn_bcm.irm_opres_manager
	sn_oper_res.irm_opres_manager	Users with this role can create both operational resilience activities and IRM activities.	sn_oper_res.manager sn_bcm.irm_opres_user
	sn_oper_res.irm_opres_user	Users with this role can participate in both operational resilience activities and IRM activities.	sn_oper_res.user sn_compliance.reader sn_risk.reader

IRM reports.