Managing the Third-party portal

  • Release version: Washingtondc
  • Updated January 30, 2025
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Managing the Third-party portal

    The Third-party portal facilitates interaction between third-party contacts and your organization's risk assessment team. Third-party contacts can respond to questionnaires, manage tasks, and address issues directly within the portal. Each third party must have at least one primary contact who manages the response process and can delegate tasks to secondary contacts.

    Show full answer Show less

    Key Features

    • Contact Management: Primary contacts can create and manage other third-party contacts, ensuring efficient communication.
    • Role Assignments: Contacts are automatically assigned roles that provide restricted access to the Third-party portal, preventing unauthorized access to the ServiceNow AI Platform.
    • Task Delegation: Primary contacts can delegate questionnaires, tasks, and issues to other contacts, view and update information, and manage notification preferences.
    • Progress Tracking: The portal tracks the state of requests (New, In Progress, Completed) to monitor assessment progress.
    • Excel and SIG Integrations: Third-party contacts can respond using Microsoft Excel templates or the Shared Assessments SIG questionnaire, allowing flexibility in how they provide information.
    • Portal Access: Contacts can easily launch the portal and access FAQs for common queries about using the platform.

    Key Outcomes

    By utilizing the Third-party portal, organizations can streamline their third-party risk assessments, enhance communication with external contacts, and ensure efficient management of assessments and responses. This results in improved risk management processes and better compliance with organizational standards.

    Third-party contacts respond to questionnaires, requests for documentation, tasks, and issues on the Third-party portal. The portal is the point of interaction between third parties and risk assessors.

    Third-party contacts

    Third-party contacts are the individuals that represent the third party. By using the third-party portal, they can respond to questionnaires, work on tasks, and address issues that your third-party risk assessment team raises. Third-party contacts are either primary or secondary contacts. The primary contact is the assigned individual who receives the assessment questionnaires. Each third party must have at least one primary contact. The Third-party editor [vendor_editor], Third-party Risk (TPR) manager [sn_vdr_risk_asmt.vendor_risk_manager], TPR assessor [sn_vdr_risk_asmt.vendor_assessor], or the primary contact can create third-party contacts.

    You assign the primary contact responsibility to the third-party contact who can directly answer assessment questions or assign another contact at the third party to answer the questions. Primary contacts can manage other contacts for the third party.

    Third-party contacts are automatically assigned two roles: vendor_contact and snc_external. The vendor_contact role provides third-party contacts with access to the Third-party portal, while the snc_external role is a safeguard that restricts access only to the portal. The snc_external role helps prevent any unauthorized entry into your instance. For more information, see Set up third-party contacts.

    Note:
    Third-party contacts see your organization's name in all references on the Third-party portal. You specify the name in the sn_vdr_risk_asmt.company.name property setting. See Configure TPRM properties.

    Tasks for third-party contacts

    The primary third-party contact can perform the following tasks:

    • Delegate questionnaires, tasks, and issues to other third-party contacts.
    • View and update the third-party contact information.
    • Update the notification preferences.

    Secondary third-party contacts can use the portal to perform the following tasks:

    • View and respond to "assigned to me" assessments.
    • Change a password or request a new password.
    Important:
    The third-party contact role should be used only for external contacts. The role prohibits access to the ServiceNow AI Platform and grants access only to the Third-party portal.

    Third-party contacts see the portal as shown in the following example.

    Figure 1. Third-party portal example
    Third-party portal as seen by a third-party contact.

    Questionnaire and document request states

    Progress is tracked in assessment requests and the progress is indicated by the state of the requests within the questionnaires and document requests. Here are the possible states for requests.

    New
    After questionnaires and document requests are sent out, they are in the New state.
    In progress
    After the third-party or engagement contact has started providing responses in a questionnaire or document request, the requests is in the In progress state.
    Completed
    After the third-party or engagement contact has provided responses for all questions in a questionnaire or document request and saved, the request is in the Completed state.
    Note:
    After all requests have entered the Completed state, you must return to the assessment page and submit the assessment.

    Responding to questionnaires using a Microsoft Excel template

    Third-party contacts can use a Microsoft Excel template to respond to questionnaires by downloading the template, completing it, and importing the final version into the Third-party portal. The Microsoft Excel questionnaire template contains instructions for filling out the template. This enables third-party contacts to provide information outside the third-party portal, streamlining the due diligence process. For more information, see Using a Microsoft Excel spreadsheet template for external questionnaires and Third-party contacts — Respond using a Microsoft Excel template.

    Responding to assessments using a SIG questionnaire

    Third parties can use the Shared Assessments Standardized Information Gathering questionnaire (SIG) to provide assessment documentation in the Third-party Risk Management application. The third-party contact can upload the pre-filled SIG spreadsheet or respond to a form-based questionnaire that is imported to the instance. For more information, see Using the SIG questionnaire for a risk assessment and Third-party contacts — Respond using the SIG.

    Launching the portal

    Third-party contacts launch the portal by using [your instance URL]/svdp).

    Learning to use the portal—the FAQ page

    Third-party contacts can select FAQ to view answers to common questions, such as how to invite additional users to the portal and how to assign primary contacts to third-party or engagement records.

    Managing third-party contacts

    Users in your organization with the TPR assessor role [sn_vdr_risk_asmt.vendor_assessor] use TPRM to manage the following third-party contact activities:
    • Create a login for a new third-party contact.
    • Enable or disable a third-party contact login.
    • Reset a password for a third-party contact.
    • Assign a user role to a third-party contact.
    • Assign a third-party contact to an assessment.
    • View and update the customer contact information.
    • Access the completed assessments.

    For more information, see Set up third-party contacts and Manage the access for your third-party contacts.

    Note:
    If necessary, you can respond on behalf of third parties or engagements to questionnaires. See Respond to a questionnaire for a third party or engagement for more information.

    The Allow assessors to answer/edit questionnaires for third-party contacts property (sn_svdp.allow_assessor_edit) must be active. For more information on configuring this property, see Configure TPRM properties.