Monitoring your third-party risk

  • Release version: Australia
  • Updated March 12, 2026
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Monitoring your third-party risk

    The Third-party Risk Management (TPRM) application in ServiceNow enables continuous monitoring and assessment of risks associated with third-party relationships. It supports ongoing review of third-party performance and compliance with agreed terms, helping organizations maintain risk oversight and ensure vendor adherence to security and compliance standards.

    Show full answer Show less

    Key Features

    • Vendor Management Workspace: Provides a centralized workspace with a vertical navigation panel for streamlined access to third-party records, assessments, dashboards, and risk reports. Designed for users with roles such as TPR manager, TPR assessor, and third-party assessment reviewer.
    • Risk Reporting and Dashboards: Offers personalized dashboards like the Third-party insights dashboard and TPRM custom analytics dashboard for monitoring assessment data. TPR managers and assessors can create, customize, and share dashboards tailored to their risk programs.
    • Due Diligence Process Monitoring: Tracks the status of due diligence requests, including inherent risk questionnaires, risk assessments, approval, and contract risk processes, accessible via the Due diligence request record page.
    • Management of Fourth-nth Parties: Enables identification and management of risks related to fourth-nth parties—those dependent on primary third-party services—to ensure consistent security and compliance standards.
    • Third-party Element Monitoring: Supports scalable scoring models, relationship analysis, and integration with due diligence workflows to aid in comprehensive risk assessments.
    • Smart Assessment Templates: After upgrading to version 22.0.1 with Unified Content Management installed, TPR managers can access a centralized library of smart assessment templates aligned with global regulations and industry standards, which can be activated and updated within the Vendor Management Workspace.
    • Managed Activity Tracking: Tracks managed activities related to engagements via a read-only Usage analytics activities table, helping verify activity usage and license consumption. Access requires the third-party assessment reviewer role and applicable application licenses.

    Practical Benefits for ServiceNow Customers

    • Enables continuous and structured monitoring of third-party risks to enhance vendor compliance and performance oversight.
    • Improves decision-making through tailored dashboards and risk reports that provide actionable insights at a glance.
    • Supports compliance by monitoring due diligence processes and extending risk management to fourth-nth party relationships.
    • Facilitates efficient risk assessments using smart templates aligned with industry standards and integrated workflows.
    • Ensures transparent tracking of managed activities to optimize license utilization and audit readiness.

    You can monitor the potential risks that are associated with your third-party relationships by using the Third-party Risk Management application. An ongoing monitoring process can help you regularly assess the third party's performance and adherence to the agreed-upon terms.

    Ongoing monitoring and review

    You can monitor and review the performance of your third parties with Vendor Management Workspace. For example, you can regularly assess whether the third party is adhering to the agreed-upon terms.

    Note:
    The Vendor Management Workspace is designed for users with the Third-party risk (TPR) manager [sn_vdr_risk_asmt.vendor_risk_manager], TPR assessor [sn_vdr_risk_asmt.vendor_assessor], and Third-party assessment reviewer [sn_vdr_risk_asmt.vendor_assessment_reviewer] roles.

    Viewing risk reports and other information

    Starting with version 21.1.x, the legacy horizontal tab-based layout in the Vendor Management Workspace has been replaced by a structured vertical navigation panel. This design introduces:
    • Grouped Related Lists: Organizes access to third-party records, assessments, and dashboards into logical sections.
    • Clearer Workflows: Navigation is streamlined to support risk management processes and dependency tracking for third parties and engagements.
    • Consistent Availability: The vertical panel is accessible across all internal user roles, ensuring a unified experience for managing vendor risk and resilience.
    For more information on configuring related lists, see Configure related lists for vertical navigation on record pages.

    You can view the risk reports for all third parties and engagements by navigating to Workspaces > Vendor Management Workspace and then selecting the Risk tab to open the workspace to the home page. For more information, see Viewing third-party risk reports.

    You can also view the status and all current information for a third party or engagement by navigating to Workspaces > Vendor Management Workspace. On the Risk tab, select the home page icon .

    As shown in the following example, you can select any number in the Third-party risk overview section to open a list of third parties or engagements with that risk rating value. You can then select a third party or engagement.
    Figure 1. How to open a third party or engagement page by risk rating
    Sequence showing the selections needed to view a third party or engagement. For the text description, refer to the text that preceded this example.
    For more information, see Get an overview of a third party.

    TPRM personalized dashboards

    Monitor and analyze your assessment data at various levels using the Third-party insights dashboard and TPRM custom analytics dashboard. If you have the TPR manager [sn_vdr_risk_asmt.vendor_risk_manager] or TPR assessor [sn_vdr_risk_asmt.vendor_assessor] role, you can create and share your own dashboards and reports. TPR managers can also customize report layouts, widgets, and data views to prioritize key metrics and workflows that align with your individual roles and risk programs. These dashboards provide you and your team with tailored insights and deliver relevant information at a glance, improving your decision-making process. You can view TPRM personalized dashboards by navigating to Workspaces > Vendor Management Workspace and selecting the dashboard page icon . For more information, see Monitoring assessment data using TPRM dashboards.

    Due diligence processes

    You can view the status of the following due diligence processes from the Due diligence request record page:
    • Request process
    • Inherent Risk Questionnaire (IRQ) process
    • Third-party risk assessment process
    • Approval process
    • Contract risk process
    To access the Due diligence request record page, you can select the DDR number for any due diligence request. For more information about the due diligence process, see Monitoring the due diligence request process.

    Managing fourth-nth parties

    You can use Third-party Risk Management to help identify, understand, and manage risks that are related to third parties dependent on the services of fourth-nth parties. Monitoring fourth-nth parties can help ensure that they adhere to the same security and compliance standards as the primary third party. For more information about fourth-nth parties, see Monitoring your fourth-nth parties.

    Managing third-party elements

    You can monitor third-party elements through scalable scoring models, relationship analysis, and due diligence workflow integration as part of the third-party element collection process. Monitoring third-party elements and leveraging that information can help with conducting more informed risk assessments as part of your third-party risk program. For more information about third-party elements, Monitoring third-party elements.

    Managing Smart assessment templates

    After upgrading to version 22.0.1 and installing the Unified Content Management application, TPR managers [sn_vdr_risk_asmt.vendor_risk_manager] can view a centralized library of smart assessment templates aligned with global regulations and industry standards. From the unified content management module in the Vendor Management Workspace you can activate and update templates. You can access the unified content module by navigating to Workspaces > Vendor Management Workspace, select the unified content management icon and then navigate to Smart assessment templates. For more information, see Managing TPRM SAE templates with Unified Content Management and Sample questionnaires.

    Viewing managed activities

    An engagement only consumes one license, regardless of whether there’s one managed activity or many managed activities per contract year. Managed activity usage is triggered only when an activity is initiated. You can view your managed activities for verification purposes with the Usage analytics activities [sn_vdr_risk_asmt_ua_activity] table. This read-only table stores a record whenever a managed activity occurs. You must have the Third-party assessment reviewer [sn_vdr_risk_asmt.vendor_assessment_reviewer] role to view this table. You can access the Usage analytics activities table by navigating to All > Third Party Risk Management > Administration > Managed Activity Analytics. For more information, see Tracking a managed activity.

    Note:
    The Usage analytics activities [sn_vdr_risk_asmt_ua_activity] table is only available to those users that have purchased the Third-party Risk Management application and have access to the Due diligence management application. To see the instructions for downloading a GRC application from the ServiceNow® Store, see Download a GRC application from the ServiceNow Store for the first time.