Third-party Risk Management release notes

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Third-party Risk Management Release Notes

    The Washington DC release of the ServiceNow® Third-party Risk Management (TPRM) application, updated on February 1, 2024, enhances the management of third-party portfolios, risk assessments, and remediation processes. Key updates focus on automation, reporting, and user roles to streamline risk management activities.

    Show full answer Show less

    Key Features

    • Event-driven Management: Automate the assessment process by configuring rules that generate and send questionnaires and document requests based on defined criteria.
    • Due Diligence Management Dashboard: New reports allow risk managers to track, prioritize, and manage responsibilities effectively.
    • Standardized Information Gathering (SIG): Updated SIG questionnaire content for 2024 enhances the assessment process.
    • New User Roles: Introduction of roles like Due diligence request assigners and vendor risk admins to streamline responsibilities and permissions.
    • Reactivation of Terminated Third Parties: Terminated third parties can now be reactivated for onboarding due diligence requests.
    • Automatic Questionnaire Attachment: Configure assessments to automatically add questionnaires based on calculated risk tiers.

    Key Outcomes

    Implementing the Washington DC release will enable ServiceNow customers to automate and optimize third-party risk assessments, enhance reporting capabilities, and improve user management, ultimately leading to more efficient risk mitigation strategies.

    For customers upgrading from previous versions, it is essential to follow a sequential upgrade process to avoid data inconsistencies and ensure proper functionality.

    The ServiceNow® TPRM application provides a centralized process for managing your portfolio of third parties, assessing and scoring risk, and performing remediation. TPRM was enhanced and updated in the Washington DC release.

    Third-party Risk Management highlights for the Washington DC release

    • Automate assessments with the event-driven management feature.
    • View new reports on the Due diligence management dashboard.
    • Track and verify a managed activity.
    • Use the new Standardized Information Gathering (SIG) questionnaire content available for 2024.
    • Add questionnaires to third-party risk assessments based on the final risk tiers that were calculated at the IRQ assessment or engagement level.

    See Third-party Risk Management for more information.

    Important:
    Third-party Risk Management is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.

    Important information for upgrading Third-party Risk Management to Washington DC

    If you are a VRM user upgrading to TPRM, when upgrading to Vancouver or later from an earlier release, you must run each upgrade sequentially to ensure that fix scripts run correctly. This means upgrading from Utah to Vancouver, Vancouver to Washington DC, and so on. If the scripts do not run in the correct order, it can result in data inconsistencies, broken functionalities, and conflicts.

    For more information on upgrading from VRM to TPRM, see Third-party Risk Management upgrade information.

    New in the Washington DC release

    Event-driven management — automate assessment processes
    Configure the rules that auto-generate and send questionnaires and document requests to engagements and third parties. For engagements and third parties that meet the criteria you define, you specify the schedule, questionnaire, and document request templates. You can automate all assessment types except onboarding.
    New user group: Due diligence request assigners
    Enable each member of the Due diligence request assigners group to receive an email notification of the new requests for due diligence. For requests that are in the New or Unassigned state, you need to specify the owner. Any group member can assign the owner.
    New reports on the Due diligence management dashboard
    Use the Due diligence management dashboard, as a third-party risk manager or assessor, to track, prioritize, and manage your responsibilities.
    Tracking a managed activity
    View managed activities in the usage analytics activities table for tracking and verification purposes in the Third-party Risk Management application.
    New Standardized Information Gathering (SIG) questionnaire content
    Use the updated SIG templates for 2024 after upgrading to version 18.x as part of the Third-party Risk Management application.

    Changed in this release

    Terminated third parties are now available for new DD requests for onboarding
    You can now reactivate a third party that is in the Terminated status. You can select a terminated third party when you’re creating due diligence requests for onboarding new engagements. If such a request is accepted and closed, the third party's status is changed to Active.
    New [sn_svdp.allow_assessor_edit] property of Third-Party Risk Assessor role
    The default setting for the [sn_svdp.allow_assessor_edit] property enables Third-party risk assessors [sn_vdr_risk_asmt.vendor_assessor] to answer questions or modify responses in third-party questionnaires. For instructions on setting this property, see Configure TPRM properties.
    New [sn_vdr_risk_asmt.vendor_risk_admin] role
    The new [sn_vdr_risk_asmt.vendor_risk_admin] role can create and edit questionnaire templates and contains all the permissions of the [vendor_risk _manager] and [assessment_admin] roles. The permissions for creating and editing questionnaire templates have been removed from the [sn_vdr_risk_asmt.vendor_risk_manager]. For more information, see Roles in Third-party Risk Management.
    New Active option
    The new Active option enables Third-party risk managers [sn_vdr_risk_asmt.vendor_risk_manager] to turn a tier-based assessment submission rule on or off. When all rules are turned off, third-party risk assessments aren’t automatically generated by tier changes. For more information, see Create an automated risk assessment when the assigned risk tier changes—Legacy process.
    New configurations automatically attach external questionnaires to assessments
    You can now add questionnaires automatically to third-party risk assessments based on the final risk tiers that are calculated at the IRQ assessment or engagement level. This change is in addition to the existing feature that adds questionnaires to the third-party risk assessments in the due diligence workflow based on the responses from the IRQ questionnaire. The level at which the risk tier is calculated can be configured.
    Vendor Risk dashboard in Next Experience UI Framework
    Starting with version 18.1.3 of the Third-party Risk Management application, the Vendor Risk dashboard is no longer supported as part of the Next Experience UI Framework. The Vendor Risk dashboard is available for existing users that have installed Third-party Risk Management prior to 18.1.3.

    Activation information

    Install TPRM by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Quick start tests for TPRM. After upgrades and deployments of new applications or integrations, run quick start tests to verify that TPRM works as expected. If you customized TPRM, copy the quick start tests and configure them for your customizations.

    Related ServiceNow applications and features

    GRC Risk Management
    Use the Risk Management with the ServiceNow® Advanced Risk application to identify and monitor high-impact risks, improve your risk-based decision-making, and reduce the reaction time from days to minutes.
    GRC Risk Workspace
    The Risk Workspace with the ServiceNow® Advanced Risk application provides a simplified user experience with a single-pane view for all your risk-related activities.