Configuring Third-party Risk Management

  • Freigeben Version: Australia
  • Aktualisiert 12. März 2026
  • 3 Minuten Lesedauer

    • You can activate or upgrade TPRM, by downloading the applications from the ServiceNow Store and then configuring the settings to meet your needs.

    Configuration overview

    By performing the tasks in the Setup tasks for TPRM checklist, you can upgrade or install the TPRM application. After you’ve completed the tasks, you can perform additional configuration as described in Classic assessment configuration.

    Hinweis:

    For any custom messages you create, it is your responsibility to generate the corresponding sys_ui_message records. This step is crucial if you want the custom messages to be extracted and translated.

    Initial setup and upgrade checklist for TPRM

    Tabelle : 1. Setup tasks for TPRM
    Task Description
    Activate the Third-party Risk Management app [com.sn_vdr_risk_asmt]. To see the instructions for downloading a GRC application from the ServiceNow® Store, see Download a GRC application from the ServiceNow Store for the first time.
    Wichtig:
    The base system includes many sample questions that you can use in your question bank. To include sample questionnaires, select Load demo data while installing the app.

    Role required: admin
    Activate the Due diligence request workflow application [com.sn_tprm_dd]. To see the instructions for downloading a GRC application from the ServiceNow® Store, see Download a GRC application from the ServiceNow Store for the first time.

    Role required: admin
    Activate the Vendor Risk Management Workspace application [sn_vrm_ws]. To see the instructions for downloading a GRC application from the ServiceNow® Store, see Download a GRC application from the ServiceNow Store for the first time.

    Role required: admin
    Add an authentication policy to enable secure access for external third parties.

    For more information, see Add an authentication policy to enable secure access for external third parties.

    Role required: admin

    Use the platform post-authentication policies to enable third parties to secure access to your instance. For background information on this feature, see Post-authentication context.
    Assign TPRM roles to users and user groups.

    Assign roles to users before you implement or use the Third-party Risk Management application. Assigning roles in a well-organized manner simplifies and improves process management and helps to ensure that users are promptly notified of tasks in their areas of responsibility.

    For more information, see Assign TPRM roles to users and user groups.

    Role required: admin
    Add users to groups based on their responsibilities.

    Assign users to groups before you implement or use the Third-party Risk Management application. Each group contains users with particular roles. Well-organized user groups simplify and improve process management and help to ensure that users are promptly notified of tasks in their areas of responsibility.

    For more information, see Add users to groups based on responsibilities.

    Role required: admin
    Configure TPRM properties.

    Configure property settings for a variety of TPRM operations.

    For more information, see Configure TPRM properties.

    Role required: admin
    Enable the TPRM Risk concentration map.

    This task is optional. For more information, see Enable the TPRM Risk concentration map.

    Role required: admin

    After you install the Risk concentration map feature, you must install a Google license to enable the feature.
    Enable your emails with third-party contacts.

    Configure email communication with third-party contacts to enable email notification of assessments and issues.

    For more information, see Enable email with third-party contacts.

    Role required: admin
    Update header and footer images for email notifications. Update the header and footer images used in email notifications by modifying image records.

    For more information, see Update the header and footer for email notifications.

    Role required: admin
    Import the existing data from other systems.

    This task is optional. Import existing data (third parties, engagements, assessments, questionnaires, issues, and so on) from other systems (like the Aravo platform, the ProcessUnity platform, and so on). You aren’t charged for importing the data.

    For more information, see Import existing data from other systems.

    Role required: admin
    Set up third-party contacts.

    Third-party contacts are external users at the third-party organization. They use the Third-party portal to securely organize, prioritize, and perform tasks like responding to questionnaires for assessments, performing tasks, and communicating with your risk-assessment staff regarding issues. You grant access to the Third-party portal and specify the permissions for third-party contacts.

    For more information, see Set up third-party contacts.

    Role required: admin or sn_vdr_risk_asmt.vendor_risk_manager
    Activate a language.

    This task is optional. The ServiceNow AI Platform uses American English by default. You can configure TPRM to use a different language.

    For more information, see Activate a language.

    Role required: admin
    Run the quick-start tests for third-party risk management.

    This task is optional. Verify that TPRM still works after you make configuration changes such as applying an upgrade or developing an application. Copy and customize the quick-start tests to pass when using your instance-specific data.

    For more information, see Run the Quick Start tests for Third-party Risk Management.