0
21.1.6
Zurich Patch 4, Zurich, Yokohama Patch 9, Yokohama Patch 6, Yokohama Patch 5, Yokohama Patch 2, Yokohama, Xanadu Patch 9, Xanadu Patch 4, Xanadu, Washington DC Patch 7, Washington DC Patch 5, Washington DC Patch 3, Washington DC, Vancouver Patch 9, Vancouver, Utah, Tokyo, San Diego
The ServiceNow® Third-party Risk Management application provides a centralized process for managing your third-party portfolio and completing the third-party assessment and remediation life cycle. Integration with other GRC applications provides additional traceability for compliance with controls and risks.
Note: In version 17.x, Vendor Risk Management was renamed to Third-party Risk Management.
The Third-party Risk Management application includes the following features:
- Third-party portfolio - third-party hierarchy and third-party contacts
- Third-party engagements
- Tiering setup, tiering assessments, and IRQs
- Risk assessment setup, and risk assessments, including risk domains (risk areas)
- Configurable risk calculation
- Automated tiering and risk assessment submission rules
- Security score integration
- Issue management
- Support for third-party scores roll up to risk rating
- Reports and dashboards
- GRC Integration: associate policies and controls to questions in a third-party risk assessment
- GRC Integration: roll-up third-party risk information to an enterprise risk program
- New
- Risk area support for internal assessments.
- Document Management System integration to manage all vendor documents in one place with the ability to reference them across engagements as needed.
- Changes
- Applicable table fields marked as read-only where updates from client scripts must not occur.
- Fixed
- Issue generation rule was restricting the creation of more than one rule on the same questionnaire template even though different questions were being selected.
- SAE Template Copy Functionality was creating a record in TPRM Table instead of sn_smart_asmt_template.
- Card borders were missing on Overview pages in Coral Dark theme.
- Assessor was not being notified after vendor submits an assessment.
- An issue with not being able to submit SIG detail assessment on the Smart assessment engine.
The following applications are automatically installed when the Third-party Risk Management application is activated:
- GRC: Profiles
- GRC: Compliance Assessment
- GRC: Vendor Portal
Permissions and roles:
- Role required to install the app: System admin (admin)