Monitoring and assessing enterprise risks during third-party assessments
Integrating Risk Management with Third-party Risk Management consolidates risk scores, and delivers real-time insights through dashboards and external risk intelligence.
Combined benefits of integrating Risk Management with Third-party Risk Management
Use Risk Management and Third-party Risk Management together to:
- Continuously monitor supplier risk with integrated risk intelligence feeds (BitSight, SecurityScorecard, RiskRecon, Interos, EcoVadis) to pre‑screen, validate responses, and trigger reassessments when scores change.
- Aggregate third‑party and engagement risk into executive dashboards and reports for faster, informed decisions.
- Visualize concentration risk across regions to identify hotspots and manage exposure.
- Standardize due diligence from onboarding through periodic reassessments, renewals, and offboarding with guided workflows and playbooks.
- Automate issue generation, tracking, and remediation with clear ownership across internal and external stakeholders.
- Enable secure collaboration via the Third‑party Portal and streamlined internal orchestration in Vendor Management Workspace.
- Connect third‑party risks to enterprise risks, policies, controls, privacy, and BCM for a holistic, auditable risk posture.
| Feature | Risk Management | Third-party Risk Management | All applications together |
|---|---|---|---|
| Third-party risk due diligence, external and internal risk assessment | Limited |  |
|
| Risk intelligence integration |  |
|
|
| Risk scoring and monitoring | Limited | |
|
| Executive dashboards and reports | Limited | |
|
| Concentration risk map | |
|
|
| Issues and remediation workflow | |
|
|
| Lifecycle automation (onboarding → offboarding) | Limited | |
|
Workflow for Risk Management integration with Third-party Risk Management
Using these applications together provides the following benefits:
- Evaluate compliance risk when onboarding third parties and engagements
- Leverage more complete risk scores comprised of compliance and risk assessment data
- Risk Manager defines and manages enterprise risk statements, categories, and scoring models.
- TPR Assessor initiates external risk assessments for third parties and engagements.
- The third party completes the assessments.
- Responses update risk posture and scoring dynamically.
- TPR Assessor evaluates risk based on updated risk scores and other assessment data.
- Risk Manager and TPR Assessor collaborate to mitigate identified risks.
Requirements for integration
Install the following plugins:
- Third-party Risk Management (com.sn_vdr_risk_asmt) from ServiceNow® Store. See Configuring Third-party Risk Management.
- Due diligence request workflow (com.sn_tprm_dd).
- GRC: Policy and Compliance Management (com.sn_compliance) from ServiceNow® Store. See Implement setup checklist for the GRC: Policy and Compliance Management application.
Get started with integration
To integrate Risk Management with Third-party Risk Management, complete these steps:
- Install and activate required applications:
- Third-party Risk Management (com.sn_vdr_risk_asmt)
- Due Diligence Request Workflow (com.sn_tprm_dd)
- Risk Management (com.sn_risk)
- Configure Vendor Management Workspace and Third-party Portal for collaboration.
- Enable risk intelligence integrations (BitSight, SecurityScorecard, RiskRecon, Interos, EcoVadis).
- Define tiering and inherent risk questionnaires (IRQ) for third parties and engagements.
- Create and submit due diligence requests to initiate assessments.
- Send and manage assessments using smart assessment engine or classic engine.
- Link questionnaire metrics to risk statements and scoring models for dynamic risk posture updates.
- Monitor dashboards for risk scores, concentration risk, and issues; collaborate to remediate findings.