Playbook stages and activities when Third-party Risk Due Diligence is installed

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Playbook Stages and Activities When Third-party Risk Due Diligence is Installed

    This document outlines the stages and activities involved in the Perform Risk Assessment playbook when the Third-party Risk Management (TPRM) Due Diligence module is installed. This guide is essential for supplier managers and fulfillers to ensure thorough risk assessment processes are followed effectively.

    Show full answer Show less

    Key Features

    • Review Case: Assigns cases to specific individuals, allowing for updates to descriptions and the option to either save changes or start working on the case.
    • Update Case: Changes the state of the due diligence case to work in progress.
    • Create Request: Validates TPRM installation, checks for duplicate requests, and allows for the creation of new due diligence requests with required fields including third-party and engagement information.
    • Check Status: Monitors the approval status of due diligence requests and initiates the risk process.
    • Assess Risk: Tracks the completion of Initial Risk Questionnaires (IRQ) and the due diligence process, awaiting review and approval.
    • Review Risk Rating: Provides options to accept or reject the risk ratings of suppliers, with actions leading to further stages if rejected.
    • Close Case: Notifies requesters of approval, allows for comments, and updates the case status to closed.

    Key Outcomes

    By following the playbook stages, ServiceNow customers can ensure comprehensive risk assessments for third-party engagements. This structured process helps in managing supplier relationships effectively, ensuring all due diligence steps are documented and tracked, leading to informed decision-making and improved compliance.

    The following table lists the Perform risk assessment playbook stages and activities when Third-party risk Due Diligence is installed.

    Table 1. Perform risk assessment playbook stages and activities
    Stage Activity Activity Details
    Review case Assign case As a supplier manager or fulfiller, you can use this activity to assign the case to a different person or keep the case assigned to you.

    You can do the following:

    • In the Assigned to search field, search for and select the person that you want to assign the case to.
    • In the Short description field, update the description for the case.
    • Select one of the following actions:
      • Select Save to save your changes.
      • Select Start work to start working on the case.
    Update case to work in progress

    Updates the state of the due diligence case to work in progress.
    Create request Check if TPRM is installed Checks if the TPRM plugin is installed.
    Check for duplicate due diligence (risk assessment) requests Reviews existing due diligence requests for this supplier.
    You can do the following:
    • Cancel: If there's an existing due diligence request, you can select this option to cancel this due diligence case.
    • Create new request: Creates a new due diligence request.
    Create due diligence request Do the following:
    • Under Options, select Onboard a new engagement.
    • In the Third party field, select the supplier.
    • Fill in the required fields in the following sections:
      • Third-party information
      • Third-party address
      • Engagement information
      • Engagement address
      • Engagement primary contact
    • Select Submit.
    Check the status of the due diligence request Waits for initial approval on the due diligence request and the risk process to start. Select View record to view the due diligence request.
    Assess risk Waiting on IRQs to be completed Waits for the approval of the IRQs and the due diligence to start.
    Waiting on the due diligence to be completed Waits for the due diligence to be completed and the formal review process to start.
    Waiting on the due diligence to be reviewed and approved Waits for the due diligence request to be reviewed and approved.
    Review risk rating Accept or reject risk ratings Review the risk rating of the supplier and choose to accept or reject the risk rating.

    Available actions:

    • Accept
    • Reject

      If you select Reject, the playbook opens the Rejection stage.
    Close case Notify the requester that the request has been approve Available actions:
    • Send email: Sends an email to the requester, informing them that the case has been approved.
    • Skip: Skips this activity.
    Close case Add closing comments to complete the case.

    In the Close notes field, add your comments and select Close case.

    The state of the due diligence case is updated to Closed completed.