Third-party Risk Management release notes

  • Release version: Xanadu
  • Updated August 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Third-party Risk Management release notes

    The ServiceNow® Third-party Risk Management (TPRM) application centralizes the management of third-party portfolios, engagements, risk assessments, scoring, and remediation. The Xanadu release introduces enhancements to streamline third-party element monitoring, risk intelligence reporting, and compliance with digital resilience standards.

    Show full answer Show less

    Key Features

    • Third-party element collection: Monitor and confirm that third-party elements comply with security and compliance standards within TPRM to better identify and manage associated risks.
    • Risk intelligence report requests: Request and manage risk intelligence reports and scores from external providers directly within TPRM to support informed decision-making regarding third-party engagements.
    • Third-party risk management data model: Access and utilize the TPRM data model to optimize risk assessment, monitoring, and mitigation activities aligned with your risk management program.
    • Digital resilience third-party registers: Create, update, and track records related to digital resilience third-party registers via the Vendor Management Workspace. This includes bulk creation and editing of records for assessments, contracts, functions, supply chains, and more, supporting compliance with the Digital Operational Resilience Act (DORA).
    • UI improvements: The Digital resilience third-party registers module is now accessible in the Vendor Management Workspace List view for easier navigation.
    • Workflow updates: Reminder workflows for tiering questionnaires and external assessments have been deprecated and migrated to Workflow Studio. Custom workflows remain unaffected by this change.
    • Accessibility enhancements: Improved keyboard focus visibility and extended screen reader support in the Third-party portal and Vendor Management Workspace enhance usability and accessibility.

    Important Upgrade Information

    For customers upgrading from the Vendor Risk Management (VRM) application to TPRM, it is critical to perform sequential upgrades through each major release (e.g., Utah to Vancouver to Washington DC) to avoid data inconsistencies and functionality issues. Specific guidance is provided for upgrading to the Xanadu release to ensure fix scripts execute properly.

    Activation and Testing

    TPRM is available for installation via the ServiceNow Store. After deployment or upgrades, run quick start tests to validate that TPRM functions correctly. If your implementation includes customizations, replicate and adjust these tests accordingly.

    Related Applications

    • Operational Resilience: Supports organizations in anticipating, preventing, and recovering from operational disruptions.
    • Operational Resilience Workspace: Provides a unified dashboard for managing resilience tasks and metrics.
    • GRC Risk Management and Risk Workspace: Enables identification, monitoring, and response to risks with streamlined risk-based decision-making.

    The ServiceNow® Third-party Risk Management (TPRM) application provides a centralized process for managing your portfolio of third parties and their engagements, assessing and scoring risk, and performing remediation. TPRM was enhanced and updated in the Xanadu release.

    Third-party Risk Management highlights for the Xanadu release

    • Collect, monitor, and assess third-party elements for engagements.
    • Request risk intelligence reports (RIR) and scores so that you can manage and monitor your RIR requests all within TPRM.
    • View the Third-party Risk Management data model.
    • Use the Digital resilience third-party registers application to create, update, and track records for digital resilience third-party registers.

    See Third-party Risk Management for more information.

    Important:
    Third-party Risk Management is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.

    Important information for upgrading Third-party Risk Management to Xanadu

    If you are a VRM user upgrading to TPRM, when upgrading to Vancouver or later from an earlier release, you must run each upgrade sequentially to ensure that fix scripts run correctly. This means upgrading from Utah to Vancouver, Vancouver to Washington DC, and so on. If the scripts do not run in the correct order, it can result in data inconsistencies, broken functionalities, and conflicts.

    For more information on upgrading from VRM to TPRM, see Third-party Risk Management upgrade information.

    New in the Xanadu release

    Third-party element collection
    Confirm that third-party elements adhere to the same security and compliance standards as an engagement by monitoring them through TPRM. Use this data to help identify, assess, and manage the risks that are related to your engagements that depend on third-party elements.
    Risk intelligence report requests
    Make informed decisions about working with an engagement or third party by requesting and managing risk intelligence reports or scores from external risk intelligence content providers using the Third-party Risk Management application.
    Third-party risk management data model
    Take full advantage of Third-party Risk Management by viewing its data model to see how you can best use it to assess, monitor, and mitigate the risks that are required for your risk management program.
    Digital resilience third-party registers
    Create, update, and track records for digital resilience third-party registers by using the Digital resilience third-party registers application within the Vendor Management Workspace Vendor Management Workspace. You can bulk create or edit individual records for assessments, branches, contracts, functions, legal entities, supply chains, third parties, or third-party engagements using the Excel download/upload requests feature. This application helps you maintain records with information and communication technology (ICT) third-party service providers, helping ensure compliance with the Digital Operational Resilience Act (DORA).

    UI changes

    Using digital resilience third-party registers
    The Digital resilience third-party registers module is now included in the List view of the Vendor Management Workspace.

    Deprecations

    Reminder workflows

    Starting with version 19.1.x of the Third-party Risk Management application, the tiering questionnaire and external assessment reminders workflows are deprecated and migrated to Workflow Studio. If you have customized these workflows, they won’t be deprecated or migrated as part of this change.

    Activation information

    Install Third-party Risk Management by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Quick start tests for TPRM. After upgrades and deployments of new applications or integrations, run quick start tests to verify that TPRM works as expected. If you customized TPRM, copy the quick start tests and configure them for your customizations.

    Accessibility information

    Accessibility improvements for the Third-party Risk Management application include the following updates.
    • Keyboard focus: Improved visual accessibility in the Third-party portal by increasing contrast between the focus border and white background.
    • Screen reader support has been extended to announce the following:
      • Completed status after all questions have been completed in a section of an external questionnaire in the Third-party portal.
      • Correct labels and other relevant information for controls, images, card regions, menu items, and links in the Vendor Management Workspace.

    Related ServiceNow applications and features

    Operational Resilience
    Operational Resilience helps organizations respond to adverse operational events by anticipating, preventing, recovering from, and adapting to such events.
    Operational Resilience Workspace
    Use Operational Resilience Workspace to manage your resilience tasks and monitor resilience metrics from a single dashboard.
    GRC Risk Management
    Use Risk Management with the ServiceNow® Advanced Risk application to identify and monitor high-impact risks, improve your risk-based decision-making, and reduce your reaction time from days to minutes.
    GRC Risk Workspace
    The Risk Workspace in the ServiceNow® Advanced Risk application provides a simplified user experience with a single-pane view for risk-related activities.