Vendor Risk Overview reports — Legacy view

  • Release version: Xanadu
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Vendor Risk Overview reports — Legacy view

    The Vendor Risk Overview page in Third-party Risk Management (TPRM) has been replaced by enhanced third-party risk reports available in the Vendor Management Workspace. This legacy dashboard provides various reports that help you monitor and analyze your third-party risk management program, but it is deprecated starting with TPRM version 18.1.3. If your instance was installed before this version, the dashboard remains accessible.

    Show full answer Show less

    TPRM now uses the Internal Questionnaire (IRQ) process to improve and replace the older tiering assessment method. IRQs offer greater flexibility and scalability by dynamically triggering external questionnaires based on respondents' answers and risk tiers, whereas the legacy tiering method is static and considered legacy but still supported.

    Vendor Risk Overview — Vendor tab

    This tab includes reports focused on vendor-related risk metrics, enabling you to track the status and distribution of your third-party vendors and their risk assessments. Key reports include:

    • Total Vendors: Shows the total number of third parties in your system.
    • Open Tiering and Risk Assessments: Counts of third parties with active assessments.
    • Past Tiering Assessments: Third parties missing timely completion of tiering assessments.
    • Tier-Recommended Risk Assessments: Number of third parties currently undergoing risk assessments based on tiering.
    • Vendor Classification by Tier: Visual donut chart of vendors by risk tier.
    • Open Issues by Priority: Lists all open third-party risk issues sorted by priority.
    • Vendors by Risk Rating: Distribution of vendors according to their risk rating.
    • Upcoming Vendor Risk Assessments: Schedules of upcoming risk assessments.
    • Vendor-related Policy Exceptions: All policy exceptions triggered by third-party risk issues.

    Vendor Risk Overview — Engagement tab

    This tab reports on engagements related to third parties, providing insights into their risk status and assessment progress. Key reports include:

    • Total Engagements: Number of all third-party engagements.
    • Open Tiering and Risk Assessments: Engagements with active assessments open.
    • Past Tiering and Risk Assessments: Engagements that missed assessment deadlines or are actively assessed based on tiering.
    • Engagements Classification by Tier: Donut chart showing engagements by risk tier.
    • Engagements by Type: Breakdown of engagements by type.
    • Open Issues by Priority: Open issues associated with engagements, sorted by priority.
    • Engagements by Risk Rating: Distribution of engagements according to risk rating.

    Practical Implications for ServiceNow Customers

    While the legacy Vendor Risk Overview reports provide valuable insights into your third-party risk landscape, ServiceNow customers are encouraged to transition to the newer third-party risk reports within the Vendor Management Workspace for enhanced functionality and scalability via the IRQ process. The IRQ allows more dynamic risk assessments and better control over questionnaires based on evolving risk factors.

    Maintaining awareness of the deprecation of the legacy dashboard helps ensure you leverage the latest tools and capabilities in TPRM, improving your organization's risk identification and mitigation efforts.

    The Vendor Risk Overview page is replaced by the third-party risk reports on the Vendor Management Workspace.

    Viewing the reports

    To open the Vendor Risk Overview, navigate to All > Third-party Risk Management > Overview. The page displays reports that provide insights into your third-party risk management program. The

    The more complete IRQ process replaces tiering

    In the TPRM application, the IRQ is an internal questionnaire that improves the original tiering assessment process. IRQs enhance internal risk assessments with increased flexibility, control, and scalability. Unlike a tiering assessment where external questionnaires are determined solely by the risk tier, an IRQ can dynamically trigger external questionnaires based on both respondents' answers and risk tier.

    To enable a seamless transition to TPRM, you have the option to duplicate existing tiering assessments and designate them as IRQ internal assessments. Risk tiering is supported as an unchanging legacy process.

    Vendor Risk Overview — Vendor tab


    Vendor Risk Overview showing Vendor reports.
    Table 1. Reports on the Vendor tab
    Report Description
    Total Vendors Total number of third parties.
    Open Tiering Assessments Number of third parties with active tiering assessments open.
    Open Risk Assessments Number of third parties with active risk assessments open.
    Past Tiering Assessments Number of third parties that have not completed the tiering assessment within the assessment time frame.
    Tier-Recommended Risk Assessments Number of third parties performing risk assessments based on tiering.
    Vendor Classification by Tier Donut report showing the number of third parties assigned to each risk tier.
    Vendors Performing Risk Assessment Based on Tiering Number of third parties with active tiering-based risk assessments sorted by third-party risk.
    Open Issues by Priority All third-party risk open issues sorted by priority.
    Vendors by Risk Rating Number of third parties sorted by risk rating.
    Upcoming Vendor Risk Assessments Number of third-party risk assessments scheduled.
    Vendor-related Policy Exceptions All policy exceptions generated from third-party risk issues.

    Vendor Risk Overview — Engagement tab


    Vendor Risk Overview — Engagement tab.
    Table 2. Reports on the Engagement tab
    Report Description
    Total Engagements Total number of engagements.
    Open Tiering Assessments Number of engagements with active tiering assessments open.
    Open Risk Assessments Number of engagements with active risk assessments open.
    Past Tiering Assessments Number of engagements that have not completed the tiering assessment within the assessment time frame.
    Past Risk Assessments Number of engagements with active tiering-based risk assessments.
    Engagements Classification by Tier Donut report showing the number of engagements assigned to each tier.
    Engagements by Type Number of engagements of each type.
    Open Issues by Priority All engagement open issues sorted by priority.
    Engagements by Risk Rating Number of engagements sorted by risk rating.
    Important:
    Starting with version 18.1.3 of Third-party Risk Management the Vendor Risk Overview dashboard is deprecated. If Third-party Risk Management was installed prior to 18.1.3 the Vendor Risk overview dashboard is still available for your use.