Monitoring and assessing enterprise risks during third-party assessments

Versão de lançamento: Australia

Atualizado 12 de mar. de 2026

2 min. de leitura

Integrating Risk Management with Third-party Risk Management consolidates risk scores, and delivers real-time insights through dashboards and external risk intelligence.

Combined benefits of integrating Risk Management with Third-party Risk Management

Use Risk Management and Third-party Risk Management together to:

Continuously monitor supplier risk with integrated risk intelligence feeds (BitSight, SecurityScorecard, RiskRecon, Interos, EcoVadis) to pre‑screen, validate responses, and trigger reassessments when scores change.
Aggregate third‑party and engagement risk into executive dashboards and reports for faster, informed decisions.
Visualize concentration risk across regions to identify hotspots and manage exposure.
Standardize due diligence from onboarding through periodic reassessments, renewals, and offboarding with guided workflows and playbooks.
Automate issue generation, tracking, and remediation with clear ownership across internal and external stakeholders.
Enable secure collaboration via the Third‑party Portal and streamlined internal orchestration in Vendor Management Workspace.
Connect third‑party risks to enterprise risks, policies, controls, privacy, and BCM for a holistic, auditable risk posture.


Feature	Risk Management	Third-party Risk Management	All applications together
Third-party risk due diligence, external and internal risk assessment	Limited
Risk intelligence integration
Risk scoring and monitoring	Limited
Executive dashboards and reports	Limited
Concentration risk map
Issues and remediation workflow
Lifecycle automation (onboarding → offboarding)	Limited

Workflow for Risk Management integration with Third-party Risk Management

Using these applications together provides the following benefits:

Evaluate compliance risk when onboarding third parties and engagements
Leverage more complete risk scores comprised of compliance and risk assessment data

Risk Manager defines and manages enterprise risk statements, categories, and scoring models.
TPR Assessor initiates external risk assessments for third parties and engagements.
The third party completes the assessments.
Responses update risk posture and scoring dynamically.
TPR Assessor evaluates risk based on updated risk scores and other assessment data.
Risk Manager and TPR Assessor collaborate to mitigate identified risks.

Requirements for integration

Install the following plugins:

Third-party Risk Management (com.sn_vdr_risk_asmt) from ServiceNow® Store. See Configuring Third-party Risk Management.
Due diligence request workflow (com.sn_tprm_dd).
GRC: Policy and Compliance Management (com.sn_compliance) from ServiceNow® Store. See Implement setup checklist for the GRC: Policy and Compliance Management application.

Get started with integration

To integrate Risk Management with Third-party Risk Management, complete these steps:

Install and activate required applications:
- Third-party Risk Management (com.sn_vdr_risk_asmt)
- Due Diligence Request Workflow (com.sn_tprm_dd)
- Risk Management (com.sn_risk)
Configure Vendor Management Workspace and Third-party Portal for collaboration.
Enable risk intelligence integrations (BitSight, SecurityScorecard, RiskRecon, Interos, EcoVadis).
Define tiering and inherent risk questionnaires (IRQ) for third parties and engagements.
Create and submit due diligence requests to initiate assessments.
Send and manage assessments using smart assessment engine or classic engine.
Link questionnaire metrics to risk statements and scoring models for dynamic risk posture updates.
Monitor dashboards for risk scores, concentration risk, and issues; collaborate to remediate findings.