Risk intelligence provider integrations

  • Release version: Yokohama
  • Updated March 12, 2026
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Risk intelligence provider integrations

    The Third-party Risk Management (TPRM) application in ServiceNow supports integration with external risk intelligence providers to request and retrieve Risk Intelligence Reports (RIR) and due diligence data for third parties. This integration enables users with specific roles to request risk scores and reports that are then linked to the relevant third-party records within the platform.

    Show full answer Show less

    Integration Requirements and Process

    • Users with the TPR assessor or TPR manager roles can submit RIR requests through a dedicated form.
    • Before requesting reports, a user with the TPR assessment reviewer role must register the risk intelligence providers and configure provider services and request types within the TPR application.
    • A nightly integration API job monitors RIR requests in the Order pending state and sends these requests to the external providers.
    • The API updates request states through the lifecycle: Order pendingOrder in progressClosed complete or Closed incomplete depending on success.
    • Providers process requests and return data packets that include URLs, scores, ratings, and content, which are used to create risk intelligence score records and attach reports to the respective RIR request.
    • The provider’s scores are mapped to ServiceNow scores via the configured Provider Service records to ensure consistency.

    Risk Intelligence Report Request States

    • Open: Newly created and saved requests awaiting submission.
    • Order pending: Requests submitted to providers; fields become read-only and request date is set.
    • Order in progress: Provider has received the order; score records are generated.
    • Closed complete: Order successfully processed and report returned.
    • Closed incomplete: Order could not be processed and was closed due to errors.
    • Canceled: Requests canceled by authorized users before processing; cannot be edited afterward.

    Limitations

    The integration API does not update existing score records; if a field cannot be populated during creation, a new score record is generated instead. This means repeated API calls may be necessary to associate scores correctly with RIR requests.

    The Third-party Risk Management application includes support for risk intelligence provider integrations. These guidelines can help your organization to develop a risk intelligence provider integration for Risk intelligence report (RIR) requests for third parties and due diligence requests.

    Integration requirements

    The TPRM application enables your organization to integrate with external risk intelligence content providers. If you have the Third-party risk (TPR) assessor [sn_vdr_risk_asmt.vendor_risk_assessor] or TPR manager [sn_vdr_risk_asmt.vendor_risk_manager] role, you can request the scores or reports for third parties by using the risk intelligence request form. After the reports are generated by the provider, the links to the reports are uploaded to the Third-party Risk Management application and associated with the relevant third party.
    Note:
    Before requesting reports and scores, a team member with the TPR assessment reviewer [sn_vdr_risk_asmt.vendor_assessment_reviewer] role must register the providers and set up both the providers and request types in the Third-party Risk Management application. For more information, see Register a risk intelligence provider, Set up a risk intelligence provider service, and Set up a request type for a provider.

    The following diagram shows the RIR request flow states and their relationship with the integration requirements for risk intelligence providers.

    Figure 1. RIR requests integration
    RIR integration flow diagram. For the text description, refer to the text that follows this diagram.

    Integration process:

    1. All RIR requests in the Order pending state are ready to be sent to the risk intelligence provider.
    2. A nightly job is set up by the integration API to check for the report request records that are in the Order pending state.
    3. The integration API updates the RIR request record state to Order in progress,

    4. The integration API sends a packet to the provider that includes the names of the records and their corresponding source tables:

      • rir_sysid [sn_tprm_dd_risk_intel_request]
      • provider_sysid [sn_vdr_risk_asmt_tpss_provider_basic]
      • third_party_sysid [core_company]
      • third_party_name [core_company]
      • request_type_sysid [sn_tprm_dd_risk_intel_request_type]
      • request_type_name [sn_tprm_dd_risk_intel_request_type]
      • provider_service_sysid [sn_vdr_risk_asmt_tpss_provider]
    5. If the packet isn’t sent successfully, the integration API updates the RIR request state to Closed incomplete.
    6. After receiving the RIR request, the risk intelligence provider processes it and gathers information including the URL, score, and content.
    7. The risk intelligence provider returns a packet for upload to the Third-party Risk Management application.

      The packet contains the following names of the records, their corresponding source tables, and content:

      • rir_sysid [sn_tprm_dd_risk_intel_request]
      • provider_sysid [sn_vdr_risk_asmt_tpss_provider_basic]
      • third_party_sysid [core_company]
      • request_type_sysid [sn_tprm_dd_risk_intel_request_type]
      • provider_service_sysid [sn_vdr_risk_asmt_tpss_provider]
      • URL
      • score
      • rating
      • content
      Note:
      The score or rating should be the provider's score or rating. The provider should have set up a mapping to convert the provider's score to a ServiceNow score through a Provider Service record.

    8. Using the packet information, the integration API creates a risk intelligence score record [sn_vdr_risk_asmt_security_score] and populates the URL field. This URL is used to download and attach the reports to the associated RIR request record [sn_tprm_dd_risk_intel_request].

    9. The integration API updates the state of the RIR request from Order in progress to Closed complete or Closed incomplete, depending on whether the risk intelligence provider completes the report or fails to send it and decides to close the order.

    Limitations

    The integration API doesn’t update the score record in the Score table. If the API fails to populate a field when it creates a score record, a new score record is created instead of updating the existing record. For example, if the API didn't associate a score with an RIR request, it has to call the API again to create a new score and associate it with the RIR request.

    Risk intelligence report request states

    The risk intelligence report requests have the following potential states:

    Open
    An RIR request enters this state after the record has been created and saved by the Third-party Risk (TPR) manager, TPR assessor, or contract negotiator that is assigned to the due diligence request. For each risk intelligence request, the system auto-assigns a unique ID number that starts with the text RIR.
    Order pending
    An RIR request enters this state after the record has been submitted by the Third-party Risk (TPR) manager, TPR assessor, or contract negotiator that is assigned to the due diligence request.

    The following changes take place:

    • The order has been submitted to the provider.
    • The Request date field has been populated with the date that this record was submitted on.
    • All fields in the Risk intelligence report request section are read-only.
    Order in progress
    An RIR request enters this state after the order has been received by the provider.

    The following changes take place:

    • The score records are generated with the report request.
    • The Score generated on field is updated.
    Closed incomplete
    An RIR request enters this state after the order was received by the provider but couldn’t be processed due to an error so the order was closed.
    Closed complete
    An RIR request enters this state after the order was received and processed by the provider.
    Canceled
    An RIR request enters this state after a TPR manager, TPR assessor, or contract negotiator cancels the report request. If a TPR manager, TPR assessor, or contract negotiator must cancel a request, it can be done while the request is in the Open or Order pending state. After an RIR request is canceled, that record can't be edited. You must create a record.