0
22.0.2
Australia, Zurich Patch 7, Zurich Patch 4, Zurich, Yokohama Patch 12, Yokohama Patch 9, Yokohama Patch 6, Yokohama Patch 5, Yokohama Patch 2, Yokohama, Xanadu Patch 9, Xanadu Patch 4, Xanadu
Standalone Application
The ServiceNow® Third-party Risk Management application provides a centralized process for managing your third-party portfolio and completing the third-party assessment and remediation life cycle. Integration with other GRC applications provides additional traceability for compliance with controls and risks.
Note: In version 17.x, Vendor Risk Management was renamed to Third-party Risk Management.
The Third-party Risk Management application includes the following features:
- Third-party portfolio - third-party hierarchy and third-party contacts
- Third-party engagements
- Tiering setup, tiering assessments, and IRQs
- Risk assessment setup, and risk assessments, including risk domains (risk areas)
- Configurable risk calculation
- Automated tiering and risk assessment submission rules
- Security score integration
- Issue management
- Support for third-party scores roll up to risk rating
- Reports and dashboards
- GRC Integration: associate policies and controls to questions in a third-party risk assessment
- GRC Integration: roll-up third-party risk information to an enterprise risk program
- New
- Assessments are now supported on TPRM element records.
- Assessments can be prefilled leveraging AI using the uploaded documents (Innovation lab feature).
- Sample assessment templates are made available through Unified Content Accelerator plugin.
- Fixed
- SAE tiering emails have been corrected to include valid URLs.
- Inactive downstream suppliers not being removed when the SAE fourth‑party template is deleted has been resolved.
- Engagement level risk area widget not populating for Workspace has been resolved.
- Internal assessment's "Questionnaire due reminder" email being sent out with an empty Subject and empty Body has been resolved.
- Removed
- Assessments using entities is no longer supported.
The following applications are automatically installed when the Third-party Risk Management application is activated:
- GRC: Profiles
- GRC: Compliance Assessment
- GRC: Vendor Portal
Permissions and roles:
- Role required to install the app: System admin (admin)
When you upgrade the Third-party Risk Management application, make sure to upgrade the Vendor Risk Management Workspace and any other installed GRC applications to the equivalent release version. For example, Third-party Risk Management version 18.x is certified to work with Vendor Risk Management Workspace version 18.x and other version 18.x GRC applications.