0
21.0.3
Zurich, Yokohama Patch 6, Yokohama Patch 5, Yokohama Patch 2, Yokohama, Xanadu Patch 9, Xanadu Patch 4, Xanadu, Washington DC Patch 7, Washington DC Patch 5, Washington DC Patch 3, Washington DC, Vancouver Patch 9, Vancouver
The ServiceNow® Third-party Risk Management application provides a centralized process for managing your third-party portfolio and completing the third-party assessment and remediation life cycle. Integration with other GRC applications provides additional traceability for compliance with controls and risks.
Note: In version 17.x, Vendor Risk Management was renamed to Third-party Risk Management.
The Third-party Risk Management application includes the following features:
- Third-party portfolio - third-party hierarchy and third-party contacts
- Third-party engagements
- Tiering setup, tiering assessments, and IRQs
- Risk assessment setup, and risk assessments, including risk domains (risk areas)
- Configurable risk calculation
- Automated tiering and risk assessment submission rules
- Security score integration
- Issue management
- Support for third-party scores roll up to risk rating
- Reports and dashboards
- GRC Integration: associate policies and controls to questions in a third-party risk assessment
- GRC Integration: roll-up third-party risk information to an enterprise risk program
- New
- Third-party Risk Management has been updated to work with Smart Assessment Engine.
- Fixed
- An issue where the TPRM code would always create an assessable record for core_company when creating the assessment instances has been addressed.
- The incorrect logic for the computing rating in the case a user responded to all scoring questions as not applicable.
- Unwanted updates caused by the business rule: Display applicable risk scoring rule.
- An info message that was misleading when submitting a risk assessment to a third-party contact.
- An issue with multiple vendor portal widgets bypassing security ACLs has been addressed.
The following applications are automatically installed when the Third-party Risk Management application is activated:
- GRC: Profiles
- GRC: Compliance Assessment
- GRC: Vendor Portal
Permissions and roles:
- Role required to install the app: System admin (admin)