11
2.5.0
Zurich, Yokohama, Xanadu
Integration
SecurityScorecard is the global leader in cybersecurity third-party cyber risk management and security ratings, with more than 12 million companies continuously rated. SecurityScorecard’s patented security ratings technology is used by organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight. Our platform enables enterprises to instantly rate and understand the security risk of companies, non-intrusively and from an outside-in perspective. We use an A-F rating scale. We learned from over 12 million cybersecurity ratings that companies with an F are 13.8 times more likely to be impacted by a breach versus those with an A. Headquartered in New York City, we are funded by top investors like Sequoia Capital, Google Ventures, NGP, Moody’s, Intel, and others. Our mission is to make the world a safer place by transforming the way the world measures and manages cybersecurity risk across the entire digital ecosystem.
SecurityScorecard Key Differentiators:
- Superior Service - After working with other vendors, customers point to SecurityScorecard’s customer service as the number one reason for moving to the platform.
- Platform Performance - Our platform is designed to be transparent and collaborative, enabling security teams and vendors to work together - vendors can access the platform at no cost
- Best-in-class vendor resolution capabilities - we have a team that works directly with vendors to resolve open issues and findings
- The Best Data Available - It’s the intelligence behind the score that matters most. Security ratings are only as good as the data and attribution that support them. 99% of the data we collect is from our own security research team, meaning we can quickly respond to emerging threats and rapidly introduce new signals into the platform
For ServiceNow customers that don't currently have a SecurityScorecard license, SecurityScorecard is offering a Complementary Enterprise License which includes the monitoring of up to 30 companies for 60 days. Sign up for it here: https://securityscorecard.com/servicenow
This app will enable ServiceNow users to:
- Assess vendor cybersecurity by viewing SecurityScorecard ratings (A-F,0-100) for every vendor in a ServiceNow user’s third-party ecosystem
- Establish required minimum SecurityScorecard grades/scores for vendors
- When the vendor's SecurityScorecard scores fall below the minimum threshold set by the ServiceNow user (i.e., Vendor Risk Manager), ServiceNow will automatically create and send ServiceNow assessments (questionnaire + issue) for the vendor to complete
- View Factor Level Grades as well as issue counts for each vendor
- Invited vendors can improve scores by signing up for SecurityScorecard to see issue-level details and remediation guidance
- When vendors suffer from a breach, SecurityScorecard surfaces breach Incident details in ServiceNow for automated breach assessment.
Stability & Reliability
- Improved error handling across all integration points — individual record failures no longer stop the entire sync process
- API call failures are now logged with detailed error information for easier troubleshooting
- Invalid or malformed company domain values are now caught and reported instead of causing silent failures
- Report generation no longer fails when the SecurityScorecard API returns incomplete metadata
Domain Handling
- Custom SecurityScorecard domains (UUID format) are now automatically recognized and completed — no manual formatting required
- Added a new system property (x_sesri_ssc_vrm.allow_any_domain) to support non-standard domain formats when needed; strict validation is enforced by default
- Domains are now consistently normalized (trimmed and lowercased) to prevent duplicate or missed matches
Scorecard Data
- Company scores are now stored as whole numbers, resolving an issue where decimal values appeared in score fields
- Added Risk Intelligence Score Creation for each Factor level score.
- Added Subfactor records for SecurityScorecard Issues
- Added a new system property (x_sesri_ssc_vrm.generate_factor_scores) allow administrators to stop the creation of Factor level Risk Intelligence Scores and Subfactor records to minimize the performance impact.
Reports
- Fixed an issue where Issues reports failed to generate because the SecurityScorecard API did not return a report title — a descriptive title is now automatically generated using the domain, report type, and date
- Fixed an issue where large event reports caused errors due to exceeding system size limits — reports are now capped at a configurable row limit (default: 50,000 rows) with a clear indicator in the filename when data is truncated
- Fixed an issue where CSV event reports could produce corrupted output when field values contained commas or special characters
- Fixed incorrect date calculations in event report generation
Logging & Visibility
- All integration components now produce consistent, structured log entries at error, warning, and info levels
- Sync runs log summary counts of processed records and errors for at-a-glance monitoring
- Report collection runs log counts of processed and skipped (already complete) reports
- User must have IRM: Third Party Risk Management