Set up a risk intelligence provider service

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read

    • After you register a risk intelligence provider, you specify which of the provider's scoring or rating services you’ll use. You also specify how their scores or ratings map to your TPRM ratings.

    Before you begin

    Role required: sn_vdr_risk_asmt.vendor_assessment_reviewer

    Procedure

    1. Navigate to All > Third-party Risk Management > Risk Intelligence Provider Setup > Provider Services.

      Current risk intelligence provider services appear in the Third-party Provider Services related list.

      Note:
      The list of provider services also appears as a related list while you’re registering a provider. The system auto-generates a unique name for the service by concatenating the Provider name and Score type.
      List of risk intelligence provider services.
    2. Select New and then fill in the fields on the form.
      Table 1. Risk Intelligence Provider Service form
      Field Description
      Provider

      Name of the risk intelligence provider for this scoring service.
      Score type

      Each service offered by the provider returns a particular type of risk rating or score, for example, Financial risk or Security risk.

      For each provider, you define at least two services.
      • Define a service that returns the overall risk score for the third party.
      • Define a service for each additional type of score that the provider can return.
      Important:
      • The Is multi-factor setting for a provider indicates that the provider can return multiple different score types. For providers that you configure as multi-factor, you must define a service with Score type = Overall Score before you can create other services for the provider. When the provider returns an overall score, you add the data. The normalized value appears as the "Overall" value on the provider's card on the Risk intelligence scores tab.
      • For providers that you configure as not multi-factor, you specify only one score type. The score or rating returned by the provider is converted to the normalized TPRM score. The normalized value is also displayed as the "Overall" value on the provider's card on the Risk intelligence scores tab.
      Name

      Name of the provider service being set up.

      The system auto-generates a unique name for the service by concatenating the Provider name and Score type.
      Risk area

      Select the third-party risk domain associated with the score type.

      For more information, see Define a third-party risk domain.

      Note:
      Risk domains are called "risk areas" in some platform applications.
      Copy mapping from If applicable, specify an existing service with this provider that uses identical mapping as the service that you’re configuring.
      • The mappings are copied to the current record.
      • The mappings become read-only.
    3. Scroll to the Mapping area and perform one of the following actions.
      • To map the provider ratings to the ratings used by TPRM, select the Is rating check box and then enter each provider rating next to its corresponding platform rating.
      • To associate a range of provider scores with each TPRM rating, don’t select Is rating. Each row identifies the lowest and highest values in a rating. Enter the lowest value in the from column and the highest value in the to column.

      You must fill in at least three rows.

      • All rows must be either ratings or ranges. A mix of the two types isn’t allowed.
      • If there are more returned values than rows, group values in the appropriate row and separate with commas.
      Mapping a range of scores to each platform rating.
    4. Select Submit.

      You can now specify the types of requests that you might later request from the provider.

      A request type is the name of the report available for the provider. For more information, Set up a request type for a provider.