Third-party Risk Management release notes

  • Release version: Australia
  • Updated May 20, 2026
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Third-party Risk Management release notes Australia

    The ServiceNow® Third-party Risk Management (TPRM) application offers a centralized platform to manage third-party portfolios, assess risks, and perform remediation. The Australia release introduces enhancements focused on automation, AI integration, improved reporting, streamlined workflows, and regulatory compliance. This update supports ServiceNow customers in reducing manual tasks, improving data accuracy, and generating regulator-ready reports.

    Show full answer Show less

    Key Features

    • AI-Assisted Questionnaire Pre-fill: Utilizes AI and Document Management System data to auto-suggest responses for third-party questionnaires, reducing manual data entry.
    • Updated Standardized Information Gathering (SIG) 2026 Questionnaires: Incorporates expanded security and privacy framework coverage in SIG Full, Core, and Lite templates.
    • Software Bill of Materials (SBOM) Integration: Automates SBOM collection and vulnerability correlation via Unified Security Exposure Management (USEM), enhancing regulatory compliance.
    • Smart Assessment Engine (SAE) Enhancements: Enables template version management to ensure in-flight assessments remain consistent, adds question-level comments and follow-ups, and improves UI with hidden skipped questions and continuous scroll layout.
    • DORA Register of Information Improvements: Automatic cascading updates in supply chain data, duplicate record detection, and Legal Entity Identifier (LEI) validation against GLEIF database to enhance data accuracy.
    • Regulatory Reporting Enhancements: Supports currency conversion and third-party expense aggregation for consistent, regulator-ready reports.
    • Unified Content Management: Provides a centralized library of smart assessment templates accessible from the Vendor Management Workspace.
    • Generative AI for Issue Recommendations (Early Availability): AI-generated issue suggestions for reviewer validation improve issue identification and management efficiency.
    • Email and Notification Consolidation: External assessment notifications are consolidated into summary messages with configurable delivery options and multilingual support.
    • Accessibility and Localization: Enhanced accessibility features including keyboard navigation and screen reader compatibility; third-party portal supports multiple languages.

    Upgrade and Activation Guidance

    Upgrading to the Australia release requires sequential upgrades from earlier versions to ensure fix scripts run properly and avoid data inconsistencies. Enabling the Smart Assessment Engine replaces the legacy engine permanently and should be tested first in non-production environments. Role changes require manual review for some users. Migration of the Industry field to tprmindustry in the Company table requires customization updates.

    TPRM must be installed via ServiceNow Store. Customers should review activation instructions and compatibility with related ServiceNow applications such as Operational Resilience, GRC Risk Management, and Smart Assessment Engine for integrated risk processes.

    Practical Benefits for ServiceNow Customers

    • Efficiency: Reduced manual input and faster assessments through AI-driven questionnaire pre-fill and issue recommendations.
    • Accuracy and Compliance: Automated data validation, duplicate detection, and regulatory reporting enhancements ensure higher data integrity and readiness for audits.
    • Flexibility: Template versioning and centralized content management support consistent assessments across teams.
    • User Experience: Improved UI handling, consolidated notifications, and accessibility enhancements provide a smoother workflow for risk managers, assessors, and third-party contacts.
    • Integration: SBOM and DORA reporting integrations align TPRM with broader security and operational resilience strategies.

    The ServiceNow® Third-party Risk Management (TPRM) application provides a centralized process for managing your portfolio of third parties and their engagements, assessing and scoring risk and performing remediation. TPRM was enhanced and updated in the Australia release.

    Third-party Risk Management highlights for the Australia release

    • Enhance DORA Register of Information reporting with optional currency conversion and third‑party expense aggregation to generate consistent, regulator‑ready reports.
    • Review the simplified third‑party elements process in the due diligence workflow.
    • Access the unified content management module in the Vendor Management Workspace to view a centralized library of smart assessment templates.

    Early availability

    Use generative AI to recommend TPRM issues for reviewer validation.

    Australia Patch 1

    Review the updated AI experience with three licensing tiers.

    See Third-party Risk Management for more information.

    Important:
    Third-party Risk Management is available in ServiceNow Store. For details, see the "Activation information" section of these release notes.

    Important information for upgrading Third-party Risk Management to Australia

    If you're a VRM user upgrading to TPRM and upgrading to Australia from an earlier release, you must run each upgrade sequentially to ensure that fix scripts run correctly. For example, you must upgrade from Xanadu to Yokohama, Yokohama to Zurich, and so on. If the scripts don't run in the correct order, you can get data inconsistencies, broken functionalities, and conflicts.

    After upgrading to version 21.0.x, you can enable the Smart Assessment Engine (SAE) by setting the Smart Assessment Engine enabled (sn_vdr_risk_asmt.sae_enabled) property. After setting this property, Smart Assessment Engine (SAE) becomes the default assessment engine and replaces the legacy experience. The transition isn't reversible.
    Warning:

    Set this property in your non-production instances and conduct thorough testing before changing your production instances. Failure to do so may result in unexpected issues.

    For more information on upgrading from VRM to TPRM and the differences between the Smart and Classic Assessment engines, see Third-party Risk Management upgrade information.

    For existing TPRM customers, after upgrading to version 21.0.3, data from the Industry column in the Company [core_company] table is automatically migrated to the tprm_industry column. Migration can take several hours depending on the number of records in the Company [core_company] table. After migration, a system log message confirms that the migration is complete. Review the Company [core_company] table content and update any customizations referencing the Industry field to use tprm_industry. After verifying the migration and updating customizations, you can drop the Industry column.

    New in the Australia release

    Generate aggregate regulatory reports in local currencies
    After upgrading the Digital Resilience Third-party Information Register application to version 22.0.3, third‑party risk (TPR) managers [sn_vdr_risk_asmt.vendor_manager] can standardize annual expense values during Register of Information report generation by enabling currency conversion and third‑party total expense aggregation. To support this process, the generated reporting package includes summary and detail reports that indicate successful conversions, aggregation results, and any skipped providers.
    Centralized repository for TPRM SAE templates

    After upgrading to version 22.0.2 and installing the Unified Content Management application, TPR managers [sn_vdr_risk_asmt.vendor_risk_manager] can help ensure consistent and comprehensive assessments by activating and updating ready‑to‑use Smart Assessment Engine questionnaire templates through a single, managed repository in the Vendor Management Workspace.

    Early availability
    Generate issue recommendations for TPRM
    After upgrading to version 22.0.8 if you have the third‑party assessment reviewer role [sn_vdr_risk_asmt.vendor_assessment_reviewer] and have installed the Now Assist for Third-party Risk Management (TPRM) application, you can use generative AI to automatically identify and recommend issues based on assessment responses. The TPRM issue management recommendation skill recommends issues with rationalized summaries. Recommended issues are presented for review and are created as standard TPRM issues only after user confirmation.

    UI changes

    Fields added to Create New Excel download/upload request form
    After upgrading the Digital Resilience Third-party Information Register application to version 22.0.3, the Enable currency conversion and Enable third‑party total expense aggregation fields are available on the Excel download/upload request page. When creating Excel Master Template or Plain‑CSV Reporting Package requests, you can configure these options directly on the form.
    TPRM Unified content management page
    After upgrading to version 22.0.2 and installing the Unified Content Management application, the unified content management module is available in the Vendor Management Workspace.

    Changed in this release

    Simplified third-party element process
    After upgrading to version 22.0.1, third‑party elements are now linked to a single third party and can no longer be shared across third parties. Scoring rollups calculate results from element‑level assessments rather than entity records.
    Australia Patch 1
    ServiceNow product tiers
    The ServiceNow AI Platform now brings you a new AI experience with three licensing tiers available:
    • Foundation: AI basics to deliver insights
    • Advanced: AI to boost productivity across relevant use cases
    • Prime: Act autonomously with all AI assets and create your own

    Depending on your entitlements, you will have access to certain application features, generative AI skills, agentic workflows, and AI agents.

    Removed in this release

    • Assessments using entities are no longer supported.

    Activation information

    Install Third-party Risk Management by requesting it from ServiceNow Store. Visit the ServiceNow Store to view all the available apps, and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Related ServiceNow applications and features

    Operational Resilience
    Operational Resilience helps organizations respond to adverse operational events by anticipating, preventing, recovering from, and adapting to such events.
    Operational Resilience Workspace
    Use Operational Resilience Workspace to manage your resilience tasks and monitor resilience metrics from a single dashboard.
    GRC Risk Management
    Use Risk Management with the ServiceNow® Advanced Risk application to identify and monitor high-impact risks, improve your risk-based decision-making, and reduce your reaction time from days to minutes.
    GRC Risk Workspace
    The Risk Workspace in the ServiceNow® Advanced Risk application provides a simplified user experience with a single-pane view for risk-related activities.
    Smart Assessment Engine
    The ServiceNow® Smart Assessment Engine (SAE) application helps you to reduce the manual burden and costs of your assessment processes through automation.