TPRM Home page

  • Release version: Washingtondc
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of TPRM Home Page

    The TPRM Home page provides essential risk information and quick access to actions for Third-Party Risk (TPR) managers and assessors. Users can navigate to the page via the Vendor Management workspace and access various functionalities related to third-party risk management.

    Show full answer Show less

    Key Features

    • Third-Party Risk Overview: Click on any number in a box to view associated third parties or engagements. Options to export data or create new engagement requests are available.
    • Quick Actions:
      • Create a Third Party Record: Set up key data and contact information for potential engagements.
      • Define an Engagement: Assess risks associated with third-party services or products, including those from partners or subsidiaries.
      • Create a Tiering Assessment: Classify third parties into risk categories (None, Low, Minor, Moderate, High, Critical) with specific assessment questions.
      • Create an Assessment: Initiate the third-party risk assessment life cycle.
      • Create an Issue: Document and track concerns about a third party or engagement.
      • Create a Task: Ensure responses to concerns regarding documentation during the due diligence process.
    • Third-Party Population Overview: View risk ratings, top risk areas, and issues by priority, allowing for detailed risk management insights.
    • Fourth-Nth Party Overview: Access counts of fourth parties associated with third parties, distinguishing between known and unknown entities.

    Key Outcomes

    By utilizing the TPRM Home page, ServiceNow customers can effectively manage third-party risks, streamline communication regarding risk assessments, and enhance overall compliance with risk management practices. This tool is crucial for maintaining a clear understanding of potential risks associated with third parties and ensuring appropriate actions are taken to mitigate those risks.

    The home page displays reports of important risk information and provides quick access to actions for TPR managers and TPR assessors.

    Accessing the page

    To open the Home page on the Vendor Management workspace, select Workspaces > Vendor Management Workspace. Select Home page icon. and select the Risk tab.

    Reports on the TPRM home page.

    Third-party risk overview

    Select any number in a box to open the associated list of third parties or engagements.

    Reports on the TPRM home page.

    After you open a list, you can select Export to export the data or select New to create a new engagement request.

    Quick actions
    • Create a third party record. Set up the key data and contact information for a third party that your organization will possibly engage. See Create a third party record—Legacy process.
    • Define an engagement. Define an engagement so that you can assess the risks that are associated with the services or products offered by a third party. Engagements can also represent the products or services that are provided to the parent third party, either directly or from departments, partners, or subsidiaries that you can also assess for risk. Define an engagement — Legacy process.
    • Create a tiering assessment. Organizations use risk tiering to classify their third parties into categories of potential risk posed at the time of onboarding. The standard predefined risk tiers are None, Low, Minor, Moderate, High, and Critical. Each risk tier has associated assessment questions and document requests. See Third-party risk tiering assessments — Legacy process.
    • Create an assessment and initiate the third-party risk assessment life cycle. See Create an external assessment — Legacy process.
    • Create an issue to help ensure that your concerns about a third party or engagement are remediated. See Create an issue for a third party or engagement.
    • Create a task to help ensure that a user at your organization or the third-party contact responds to your concerns about questionnaire responses or requested documents during the due diligence process. See Create a task for a third party or engagement.
    Third-party population overview
    • Risk rating by risk tiers: The number of engagements at each risk rating for each third-party risk tier. See Set up risk rating scales for scoring.
    • Top risk areas:

      The average risk score for engagements that are associated with each risk domain that you’ve defined.

      Note:
      Risk domains are called "risk areas" in some platform applications.

      A risk domain defines the type of risk to assess for a third party. For example, you might want to assess a data-management third party in terms of security risk and a bank in terms of financial risk. Security risk and financial risk are risk domains. Some platform applications refer to risk domains as "risk areas." See Define a third-party risk domain.

    Issues by priority
    Count and priority of the highest priority open issues. Select an issue name to view the Risk overview tab of the issue page. See Manage issues.
    Fourth-nth party overview
    Counts of fourth parties and their sub-parties that are associated with third parties or engagements and unknown fourth parties. Select a segment of the corresponding graph to view a list of known or unknown fourth-parties.
    Note:
    Known fourth parties are organizations that have already been utilized as third parties in your risk management program and unknown fourth parties are only categorized as fourth parties and haven’t been utilized or identified as third parties.