The ServiceNow® GRC: Third-party Risk Management (TPRM) application enables you to proactively identify, assess, and mitigate risks that are associated with your third-party relationships. TPRM provides a centralized process for managing your portfolio of third parties, assessing and scoring risk, and performing remediation.
Get started
Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release note information for all released apps, see the ServiceNow Store version history release notes.
|
Explore
 Learn about how third-party risk managers, third-party risk users, and third-party risk administrators use the Third-party Risk Management application.
|
Configure
 You can activate or upgrade TPRM, by downloading the applications from the ServiceNow Store and then configuring the settings to meet your needs.
|
Integrate
Extend TPRM capabilities by integrating with other applications.
|
|
Migrate Classic to Smart Assessment Engine
 Learn what changes when you migrate from the Classic Assessment Engine to the Smart Assessment Engine, including feature differences, limitations, and setup requirements.
|
Request third-party risk due diligence
 Request third-party risk due diligence to determine the level of risk for interactions with a third party and their engagement.
|
Assess third-party risk
 Use Third-party Risk Management to identify and assess potential risks that are associated with your third-party relationships.
|
|
Monitor third-party risk
 Use the Third-party Risk Management application to monitor potential risks associated with your third-party relationships.
|
Approve or reject requests for due diligence
 Set up the approval levels and rules for due diligence requests in the Third-party Risk Management application to use while approving or rejecting requests after reviewing questionnaire responses and due diligence process results.
|
Manage the contract risk process
 Protect your organization's interests, as the Third-party risk contract negotiator by incorporating specific contractual provisions so that you can address identified risks.
|
|
Work in the VRM classic user interface
 Use the legacy user interface to perform all Vendor Risk Management tasks.
|
Use Digital resilience third-party registers
 Use the Digital resilience third-party registers application in the Vendor Management Workspace to set up and maintain registers of contractual arrangements with ICT third-party service providers.
|
Use risk intelligence reports  Manage and request risk Intelligence reports or scores from external risk intelligence content providers.
|
|
Integrate scores from risk intelligence providersIntegrate scores from risk intelligence providers. The scores provide insight on how trustworthy and safe a particular third party can be.
|
Use the third-party portal Use the third-party portal to respond to questionnaires, requests for documentation, tasks, and issues. The portal is the point of interaction between third-party contacts and risk
assessors.
|
Reference Reference topics provide detailed descriptions of tables, properties, forms, and roles that are installed with the Third-party Risk Management application.
|
Troubleshoot and get help