TPRM Home page

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of TPRM Home page

    The Third-Party Risk Management (TPRM) Home page in the Vendor Management Workspace provides ServiceNow users with a centralized dashboard to monitor risk data and perform key actions related to third-party risk. It is designed for third-party risk managers and assessors to efficiently view important risk reports and access functions needed to manage third-party engagements and assessments.

    Show full answer Show less

    Accessing the Home page

    To open the TPRM Home page, navigate to Workspaces > Vendor Management Workspace, then select the Risk tab and click the home page icon. This directs you to the main dashboard showing risk summaries and quick action options.

    Key Features

    • Third-party risk overview: Interactive boxes display counts of third parties or engagements by risk categories. Users can click these numbers to view detailed lists, export data, or create new engagement requests.
    • Quick actions: Enables users to create critical records quickly, including:
      • Third party records: Set up key data and contacts for potential third-party relationships.
      • Engagements: Define engagements to assess risks related to third-party services or products, including those provided by subsidiaries or partners.
      • Internal assessments: Conduct due diligence or ongoing risk monitoring assessments that influence questionnaires sent to third parties.
      • External assessments: Initiate the third-party risk assessment lifecycle.
      • Issues and tasks: Create issues to track remediation of concerns and tasks to ensure responses to questionnaire or document requests during due diligence.
    • Third-party population overview: Visualizations include:
      • Risk rating by tiers: Displays the count of engagements categorized by risk ratings across defined risk tiers.
      • Top risk areas: Shows average risk scores by risk domains (e.g., security risk, financial risk) tailored to the type of third party.
      • Issues by priority: Counts open issues by priority, with links to issue details.
    • Fourth-nth party overview: Provides counts and lists of fourth parties and sub-parties associated with third parties or engagements, distinguishing between known and unknown entities to enhance visibility beyond direct vendors.

    Practical Benefits for ServiceNow Customers

    This Home page consolidates critical third-party risk data and management functions in one interface, enabling faster identification of high-risk engagements and streamlined management of assessments, issues, and tasks. It supports proactive risk monitoring and simplifies navigation through complex vendor ecosystems, including fourth and nth parties. As a result, customers can enhance their risk oversight, improve due diligence efficiency, and better ensure remediation of concerns associated with third-party relationships.

    The home page displays reports of important risk information and provides quick access to actions for TPR managers and TPR assessors.

    Accessing the page

    To open the Home page in the Vendor Management Workspace, select Workspaces > Vendor Management Workspace and on the Risk tab select the home page icon .

    Reports on the TPRM home page.

    Third-party risk overview

    Select any number in a box to open the associated list of third parties or engagements.

    Reports on the TPRM home page.

    After you open a list, you can select Export to export the data or select New to create a new engagement request.

    Quick actions
    • Create a third party record. Set up the key data and contact information for a third party that your organization will possibly engage.
    • Create an engagement. Define an engagement so that you can assess the risks that are associated with the services or products offered by a third party. Engagements can also represent the products or services that are provided to the parent third party, either directly or from departments, partners, or subsidiaries that you can also assess for risk.
    • Create an internal assessment. Create an internal assessment as part of a due diligence request or ongoing risk monitoring using Third-party Risk Management. An internal assessment can affect which questionnaires are later sent to the third party or engagement. See Create an internal assessment.
    • Create an assessment and initiate the third-party risk assessment life cycle. See Create an external assessment.
    • Create an issue to help ensure that your concerns about a third party or engagement are remediated. See Create an issue for a third party or engagement.
    • Create a task to help ensure that a user at your organization or the third-party contact responds to your concerns about questionnaire responses or requested documents during the due diligence process. See Create a task for a third party or engagement.
    Third-party population overview
    • Risk rating by risk tiers: The number of engagements at each risk rating for each third-party risk tier. See Set up risk rating scales for scoring.
    • Top risk areas:

      The average risk score for engagements that are associated with each risk domain that you’ve defined.

      Note:
      Risk domains are called "risk areas" in some platform applications.

      A risk domain defines the type of risk to assess for a third party. For example, you might want to assess a data-management third party in terms of security risk and a bank in terms of financial risk. Security risk and financial risk are risk domains. Some platform applications refer to risk domains as "risk areas." See Define a third-party risk domain.

    Issues by priority
    Count and priority of the highest priority open issues. Select an issue name to view the Risk overview tab of the issue page. See Manage issues.
    Fourth-nth party overview
    Counts of fourth parties and their sub-parties that are associated with third parties or engagements and unknown fourth parties. Select a segment of the corresponding graph to view a list of known or unknown fourth-parties.
    Note:
    Known fourth parties are organizations that have already been utilized as third parties in your risk management program and unknown fourth parties are only categorized as fourth parties and haven’t been utilized or identified as third parties.