Third-party Risk Management
Summarize
Summary of Third-party Risk Management
The ServiceNow® GRC: Third-party Risk Management (TPRM) application helps organizations proactively identify, assess, and mitigate risks related to their third-party relationships. It centralizes the management of third-party portfolios, risk assessments, scoring, remediation, and monitoring to protect your organization’s interests.
Show less
Key Features
- Risk Due Diligence Requests: Initiate and manage requests to evaluate the level of risk associated with third parties and their engagements.
- Risk Assessment and Monitoring: Identify, assess, and continuously monitor risks that arise from third-party interactions.
- Approval Workflow: Configure approval levels and rules for due diligence requests, enabling structured review and decision-making based on questionnaire responses and assessment results.
- Contract Risk Management: Incorporate specific contractual provisions to mitigate identified risks during contract negotiations.
- Digital Resilience Registers: Use the Vendor Management Workspace to maintain registers of ICT third-party service providers and their contractual arrangements.
- Risk Intelligence Integration: Manage and request external risk intelligence reports and integrate risk scores from third-party providers to gain insights into vendor trustworthiness and safety.
- Third-party Portal: Facilitate communication by enabling third-party contacts to respond to questionnaires, provide documentation, and address tasks and issues through a dedicated portal.
Configuration and Integration
You can activate or upgrade TPRM by downloading it from the ServiceNow Store and configuring it to suit your organization's needs. The application can be extended through integrations with other ServiceNow applications and external risk intelligence providers. Additionally, migration guidance is available for moving from the Classic Assessment Engine to the Smart Assessment Engine, detailing feature changes and setup requirements.
Important Notes
- The Vendor Management Workspace for ITSM is deprecated as of the Australia release and replaced by the GRC Vendor Management Workspace included with TPRM.
- Reference materials are available detailing tables, forms, properties, and roles installed with the application.
Support and Resources
- Access the GRC community to ask or answer questions.
- Consult the Known Error Portal for troubleshooting guidance.
- Explore developer resources for building custom apps.
- Contact Customer Service and Support for direct assistance.
The ServiceNow® GRC: Third-party Risk Management (TPRM) application enables you to proactively identify, assess, and mitigate risks that are associated with your third-party relationships. TPRM provides a centralized process for managing your portfolio of third parties, assessing and scoring risk, and performing remediation.
Get started
Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release note information for all released apps, see the ServiceNow Store version history release notes.
|
Integrate
|
||
The Vendor Management Workspace for ITSM (sn_itsm_vendor) is deprecated as of the Australia release. It is hidden and no longer available for activation for new customers. References to Vendor Management Workspace throughout this documentation refer to the GRC: Vendor Management Workspace (sn_vrm_ws), which is a separate application included with Third-party Risk Management and is not affected by this deprecation. For details about the ITSM deprecation, see the Deprecation Process [KB0867184] article in the Now Support Knowledge Base.