Third-party Risk Management

  • Release version: Yokohama
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Third-party Risk Management

    The ServiceNow® GRC: Third-party Risk Management (TPRM) application helps organizations proactively identify, assess, and mitigate risks associated with their third-party relationships. It centralizes the management of your third-party portfolio, enabling risk assessment, scoring, and remediation to protect your business from potential third-party risks.

    Show full answer Show less

    Key Features

    • Risk Due Diligence Requests: Initiate requests to evaluate the risk level of third-party engagements and interactions.
    • Risk Assessment and Monitoring: Identify and continuously monitor potential risks linked to third parties throughout the relationship lifecycle.
    • Approval Workflow: Configure approval levels and rules to approve or reject due diligence requests based on questionnaire responses and due diligence outcomes.
    • Contract Risk Management: Manage contract negotiations by embedding specific provisions to address identified risks and protect your organization’s interests.
    • User Interfaces: Use either the modern TPRM interface or the legacy Vendor Risk Management (VRM) classic user interface based on your preference.
    • Digital Resilience Registers: Maintain registers of ICT third-party service provider contracts within the Vendor Management Workspace.
    • Risk Intelligence Integration: Integrate risk scores and reports from external risk intelligence providers to gain insights into third-party trustworthiness and safety.
    • Third-party Portal: Facilitate interaction with third-party contacts by enabling them to respond to questionnaires, provide documentation, and manage tasks and issues.
    • Migration to Smart Assessment Engine: Guidance on transitioning from the Classic Assessment Engine to the Smart Assessment Engine, including feature differences and setup.

    Practical Application for ServiceNow Customers

    ServiceNow customers can activate or upgrade TPRM via the ServiceNow Store, then configure and integrate it with other applications to tailor the solution to their risk management needs. The application supports comprehensive risk lifecycle management—from due diligence to contract negotiation—ensuring a structured approach to mitigating third-party risks.

    Customers benefit from centralized risk data, automated workflows, and enhanced visibility into third-party risks, enabling better decision-making and improved compliance.

    Support and Resources

    • Access detailed references for tables, properties, forms, and roles installed with TPRM.
    • Engage with the GRC community for questions and best practices.
    • Utilize the Known Error Portal for troubleshooting.
    • Explore developer resources for custom app development.
    • Contact Customer Service and Support for assistance.

    The ServiceNow® GRC: Third-party Risk Management (TPRM) application enables you to proactively identify, assess, and mitigate risks that are associated with your third-party relationships. TPRM provides a centralized process for managing your portfolio of third parties, assessing and scoring risk, and performing remediation.

    Get started

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release note information for all released apps, see the ServiceNow Store version history release notes.

    Troubleshoot and get help