Risk intelligence provider integrations

  • Release version: Xanadu
  • Updated July 31, 2025
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Risk Intelligence Provider Integrations

    The Third-party Risk Management (TPRM) application supports integrations with external risk intelligence providers to facilitate automated risk intelligence report (RIR) requests and due diligence processes for third parties. This integration enables ServiceNow customers to request, receive, and associate risk scores and reports directly within the TPRM application, improving efficiency in third-party risk assessments.

    Show full answer Show less

    Integration Process and Roles

    • Users with the TPR assessor or TPR manager roles can request risk intelligence reports via the risk intelligence request form.
    • A user with the TPR assessment reviewer role must first register and configure risk intelligence providers and request types within the TPRM application.
    • A nightly integration API job checks for RIR requests in the Order pending state and sends them to the provider, updating the request state to Order in progress.
    • The provider processes the request and returns data including URLs, scores, ratings, and content, which the integration API uses to create risk intelligence score records and attach reports to the corresponding requests.
    • The final RIR request state is updated to either Closed complete or Closed incomplete based on the provider’s response.

    Request States

    • Open: Initial state after request creation by authorized roles.
    • Order pending: After submission to the provider, fields become read-only.
    • Order in progress: Provider has received and is processing the request; score records are generated.
    • Closed complete: Request successfully processed and report received.
    • Closed incomplete: Request closed due to processing errors or failure.
    • Canceled: Request canceled by authorized users before processing; record becomes uneditable.

    Important Considerations and Limitations

    • The integration API creates new score records but does not update existing ones; if a score is missing, a new record must be created.
    • Proper provider registration and request type configuration are prerequisites for using integrations.
    • Report URLs provided by the risk intelligence provider are used to download and attach reports within ServiceNow.

    Practical Benefits for ServiceNow Customers

    This integration streamlines third-party risk intelligence gathering by automating report requests and responses, reducing manual effort, and ensuring risk data is centrally accessible within the Third-party Risk Management application. Customers can efficiently track the status of report requests, manage provider interactions, and maintain a comprehensive audit trail of due diligence activities.

    The Third-party Risk Management application includes support for risk intelligence provider integrations. These guidelines can help your organization to develop a risk intelligence provider integration for Risk intelligence report (RIR) requests for third parties and due diligence requests.

    Integration requirements

    The TPRM application enables your organization to integrate with external risk intelligence content providers. If you have the Third-party risk (TPR) assessor [sn_vdr_risk_asmt.vendor_risk_assessor] or TPR manager [sn_vdr_risk_asmt.vendor_risk_manager] role, you can request the scores or reports for third parties by using the risk intelligence request form. After the reports are generated by the provider, the links to the reports are uploaded to the Third-party Risk Management application and associated with the relevant third party.
    Note:
    Before requesting reports and scores, a team member with the TPR assessment reviewer [sn_vdr_risk_asmt.vendor_assessment_reviewer] role must register the providers and set up both the providers and request types in the Third-party Risk Management application. For more information, see Register a risk intelligence provider, Set up a risk intelligence provider service, and Set up a request type for a provider.

    The following diagram shows the RIR request flow states and their relationship with the integration requirements for risk intelligence providers.

    Figure 1. RIR requests integration
    RIR integration flow diagram. For the text description, refer to the text that follows this diagram.

    Integration process:

    1. All RIR requests in the Order pending state are ready to be sent to the risk intelligence provider.
    2. A nightly job is set up by the integration API to check for the report request records that are in the Order pending state.
    3. The integration API updates the RIR request record state to Order in progress,

    4. The integration API sends a packet to the provider that includes the names of the records and their corresponding source tables:

      • rir_sysid [sn_tprm_dd_risk_intel_request]
      • provider_sysid [sn_vdr_risk_asmt_tpss_provider_basic]
      • third_party_sysid [core_company]
      • third_party_name [core_company]
      • request_type_sysid [sn_tprm_dd_risk_intel_request_type]
      • request_type_name [sn_tprm_dd_risk_intel_request_type]
      • provider_service_sysid [sn_vdr_risk_asmt_tpss_provider]
    5. If the packet isn’t sent successfully, the integration API updates the RIR request state to Closed incomplete.
    6. After receiving the RIR request, the risk intelligence provider processes it and gathers information including the URL, score, and content.
    7. The risk intelligence provider returns a packet for upload to the Third-party Risk Management application.

      The packet contains the following names of the records, their corresponding source tables, and content:

      • rir_sysid [sn_tprm_dd_risk_intel_request]
      • provider_sysid [sn_vdr_risk_asmt_tpss_provider_basic]
      • third_party_sysid [core_company]
      • request_type_sysid [sn_tprm_dd_risk_intel_request_type]
      • provider_service_sysid [sn_vdr_risk_asmt_tpss_provider]
      • URL
      • score
      • rating
      • content
      Note:
      The score or rating should be the provider's score or rating. The provider should have set up a mapping to convert the provider's score to a ServiceNow score through a Provider Service record.

    8. Using the packet information, the integration API creates a risk intelligence score record [sn_vdr_risk_asmt_security_score] and populates the URL field. This URL is used to download and attach the reports to the associated RIR request record [sn_tprm_dd_risk_intel_request].

    9. The integration API updates the state of the RIR request from Order in progress to Closed complete or Closed incomplete, depending on whether the risk intelligence provider completes the report or fails to send it and decides to close the order.

    Limitations

    The integration API doesn’t update the score record in the Score table. If the API fails to populate a field when it creates a score record, a new score record is created instead of updating the existing record. For example, if the API didn't associate a score with an RIR request, it has to call the API again to create a new score and associate it with the RIR request.

    Risk intelligence report request states

    The risk intelligence report requests have the following potential states:

    Open
    An RIR request enters this state after the record has been created and saved by the Third-party Risk (TPR) manager, TPR assessor, or contract negotiator that is assigned to the due diligence request. For each risk intelligence request, the system auto-assigns a unique ID number that starts with the text RIR.
    Order pending
    An RIR request enters this state after the record has been submitted by the Third-party Risk (TPR) manager, TPR assessor, or contract negotiator that is assigned to the due diligence request.

    The following changes take place:

    • The order has been submitted to the provider.
    • The Request date field has been populated with the date that this record was submitted on.
    • All fields in the Risk intelligence report request section are read-only.
    Order in progress
    An RIR request enters this state after the order has been received by the provider.

    The following changes take place:

    • The score records are generated with the report request.
    • The Score generated on field is updated.
    Closed incomplete
    An RIR request enters this state after the order was received by the provider but couldn’t be processed due to an error so the order was closed.
    Closed complete
    An RIR request enters this state after the order was received and processed by the provider.
    Canceled
    An RIR request enters this state after a TPR manager, TPR assessor, or contract negotiator cancels the report request. If a TPR manager, TPR assessor, or contract negotiator must cancel a request, it can be done while the request is in the Open or Order pending state. After an RIR request is canceled, that record can't be edited. You must create a record.