Smart assessments with Third-party Risk Management

  • Release version: Australia
  • Updated June 2, 2026
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Smart assessments with Third-party Risk Management

    ServiceNow’s Third-party Risk Management (TPRM) now integrates with the Smart Assessment Engine (SAE), offering an advanced alternative to the Classic assessment engine. This integration enables customers to create and manage internal and external risk questionnaires within the Vendor Management Workspace using configurable, version-controlled templates with enhanced features and automation.

    Show full answer Show less

    To adopt SAE, the property Smart Assessment Engine enabled [snvdrriskasmt.saeenabled] must be activated. Once enabled, new assessments and questionnaire templates can only be created using SAE, not the Classic engine.

    Key Features

    • Enhanced User Experience: Improved navigation and a unified interface support both internal and external assessments.
    • Template Customization: TPRM SAE templates include specific attributes like risk area and previous response inclusion, and must be created in the Vendor Management Workspace to ensure full TPRM compatibility.
    • Question Organization and Guidance: Questions can be grouped into sections and subsections, with inline instructions, attachments, and reference information accessible during assessment completion.
    • Automations and Usability: Features such as auto-save, filtering unanswered questions, and continuous scroll layout improve efficiency and focus during assessments.
    • Risk Scoring and Duration: Flexible risk scoring with normalization and the ability to define assessment duration at the template level support standardized risk evaluation and scheduling.
    • Version Control: Templates support explicit versioning, enabling updates via full copies and retiring old versions while keeping them visible for reference.
    • Collaboration and Comments: Question-level comments, worknotes, and flags facilitate communication among reviewers, assessors, managers, and vendor contacts within role-based access controls.
    • Portal Support: Internal responders use the GRC portal, and external responders use the third-party portal to complete assessments.
    • Conditional Logic: Skip logic hides irrelevant questions and visually de-emphasizes skipped sections, streamlining assessment completion.

    Limitations and Considerations

    • All new assessments must use SAE; Classic engine assessments are no longer supported for new templates.
    • Third-party risk assessors cannot create issues manually from responses; instead, issue creation uses automated rules.
    • Some question types like percentage, ranking, image scale, and custom metric are not supported in SAE and require conversion or redesign.
    • Signature features and automatic questionnaire attachment based on IRQ responses are not supported.
    • Excel export is unavailable for SAE assessments in the third-party portal.
    • Empty sections caused by unsupported question types must be removed or replaced before publishing templates.
    • Repeating assessments are unsupported; event-driven management rules may be used instead.
    • Duration information is not included in update sets and must be manually migrated between instances.
    • If templates are not updated for SAE support, related management rules may not function correctly.
    • TPRM scoring migration depends on error-free template migration.

    Practical Guidance for ServiceNow Customers

    To leverage SAE with TPRM effectively, customers should:

    • Enable the SAE property to transition from Classic to SAE assessments.
    • Create and maintain TPRM-specific SAE questionnaire templates within the Vendor Management Workspace to utilize extended attributes and ensure compatibility.
    • Be mindful of unsupported question types and migrate or redesign them accordingly.
    • Use versioning features to manage template updates safely and maintain historical versions for reference.
    • Apply role-based access controls to facilitate collaboration via comments and worknotes while preserving data security.
    • Plan manual export/import of assessment duration data when moving templates between instances.
    • Consult detailed migration and configuration documentation to ensure a smooth transition and optimal use of SAE capabilities in TPRM.

    With the integration of Smart Assessment Engine (SAE), TPRM now supports both the Classic assessment engine and SAE. You can create questionnaire templates and add instructions, questions, and reference information by creating templates using SAE in the Vendor Management Workspace.

    SAE overview

    The Smart Assessment Engine in Vendor Management Workspace enables you to create both internal and external questionnaires using configurable templates, logical grouping of questions, inline guidance, and automations.

    For more information about the Smart Assessment Engine application, refer to Exploring Smart Assessment Engine.
    Note:
    To use Smart Assessment Engine, you must enable the Smart Assessment Engine enabled [sn_vdr_risk_asmt.sae_enabled] property. After setting this property, you can't create new assessments and questionnaire templates using the Classic assessment engine.

    Benefits of using the Smart Assessment Engine experience

    The new assessment experience offers the following benefits.

    • Enhanced navigation: Use the improved navigation for a better user experience.
    • Assessment support: Conduct assessments for both internal and external parties in one standard UI. TPRM SAE questionnaire templates are extended to include additional attributes such as the risk area and the option to include previous responses, which aren’t available in the base SAE templates. TPRM SAE templates must be created directly within the Vendor Management Workspace to ensure that they include the necessary attributes and can be used for TPRM assessments.
    • Organize questions: Group questions into subsections and sections for better organization.
    • Add attachments: Attach the files directly to the individual questions.
    • Add reference information: Add reference information to a questionnaire template to help ensure that assessors and respondents can access the necessary information they need while completing a questionnaire.
    • Filter questions: Quickly identify and filter unanswered questions.
    • Auto-save for questionnaires: Save your work automatically as you complete each question within a questionnaire.
    • Standardized risk rating scale definition: Override the default risk rating scales at the template level for both internal and external assessments.
    • Assessment duration: Define the duration of an assessment when creating a questionnaire template.
    • Combine assessments: Respond to questionnaires by using the same SAE template in a single, streamlined view.
    • Risk scoring and score normalization: Standardize the risk scores for a consistent evaluation using the more flexible scoring settings available in SAE.
    • Support for the GRC and third-party portals: Internal assessment responders can use the GRC portal to access and complete internal assessments and external assessment responders can use third-party portal to complete external assessments.
    • Question-level comments, worknotes, and flags are available in SAE assessments. Any user with read access to an assessment instance can add and view question-level comments. Worknotes and question flags require a role assigned at the template category level. TPRM reviewers, assessors, and managers have this access in all out-of-the-box TPRM template categories. Vendor contacts can view and respond to question-level comments but cannot access worknotes or set question flags.
    • When a question triggers a skip, downstream conditional questions are hidden and sections containing only skipped questions are visually de-emphasized. Assessments render in a continuous scroll layout, making it easier to focus on relevant questions without scrolling past hidden content.

    Smart Assessment template versioning

    SAE templates in TPRM now support explicit versioning. Each version is a full copy of the template (deep copy). When a new version is published, the previously published version is automatically retired. Retired versions remain visible for reference but cannot be used for new assessments.

    To create a new version of a template, use the Create Version action on the template record in the Vendor Management Workspace. Editing a published template in place is no longer supported — you must create a version instead. Template versions can also be deleted.

    For more information on template versioning in SAE, see Template versioning.

    Templates shipped through the Unified Content Management (UCM) module are also versioning-compatible. For more information about activating and updating templates through UCM, see Activate or update Smart Assessment templates.

    Smart Assessment Engine limitations

    SAE with TPRM has the following limitations.
    • All new assessments must use SAE questionnaire templates.
    • Third-party risk assessors can no longer create issues from the View responses page. Issues generation rules can be used to create issues automatically.
    • The signature feature isn’t supported.
    • Automatic attachment of questionnaires to external assessments based on inherent risk questionnaire (IRQ) responses or IRQ-calculated risk tiers is currently not supported in Smart Assessment Engine.
    • The following question types aren’t supported: Percentage, ranking, image scale, and custom metric aren’t supported. You must either convert these question types to supported formats before migration or create new questions in the template designer after migration.
      Note:
      For the percentage and image scale question types, customers can use the Number type and Radio button type, respectively. Ranking and custom metric question types aren't supported.
    • In the Third‑party portal,the Excel export option available for Classic assessments is not supported for SAE assessments.
    • If a section in the classic template contains only unsupported questions, an empty section is created in the TPRM SAE template. TPRM SAE templates with empty sections can’t be published; therefore, you must either add replacement questions to these sections or delete the empty sections before publishing.

      For more information on migration results, migration limitations, and creating TPRM SAE questionnaires, see Results of migrating a template to a TPRM SAE template and Create a TPRM SAE questionnaire or document request template.

    • Repeating assessments aren’t supported. You can use Event-driven management rules.
    • When transferring TPRM SAE questionnaire templates between instances, the update set won’t include the duration information. Users must export the duration information manually from the sn_smart_asmt_duration table and import it into the target instances.
    • If an assessment template isn’t updated to support SAE assessments, the related tier-based, provider-based, and event-driven management rules won’t run as expected.
    • The TPRM scoring migration proceeds only if there were no errors during the template migration. If there were errors, the TPRM scoring migration doesn’t occur.
    Note:
    For more information on migration results and migration limitations, see Results of migrating a template to a TPRM SAE template.

    What to explore next

    To learn more about configuring and using SAE with Third-party Risk Management, see: