Smart assessments with Third-party Risk Management

  • Release version: Yokohama
  • Updated March 12, 2026
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Smart assessments with Third-party Risk Management

    ServiceNow Third-party Risk Management (TPRM) now integrates the Smart Assessment Engine (SAE) alongside the Classic assessment engine, enabling customers to create and manage internal and external questionnaires through a more advanced, configurable interface within the Vendor Management Workspace. To use SAE, customers must enable theSmart Assessment Engine enabledproperty, which disables the creation of new Classic assessments and templates.

    Show full answer Show less

    Key Features

    • Enhanced Navigation: Improved user interface for easier questionnaire creation and completion.
    • Unified Assessment Support: Conduct internal and external assessments using a single, standardized UI.
    • Extended Questionnaire Templates: TPRM-specific SAE templates include additional attributes like risk area and the option to incorporate previous responses, which are not available in base SAE templates.
    • Organized Question Structure: Group questions into sections and subsections for clarity.
    • Attachments and Reference Information: Attach files directly to questions and add reference content to templates to assist assessors and respondents.
    • Question Filtering and Auto-save: Quickly filter unanswered questions and automatically save progress as questions are answered.
    • Customizable Risk Rating Scales: Override default risk rating scales at the template level for both internal and external assessments.
    • Assessment Duration: Define assessment time limits when creating templates.
    • Combined Assessments: Use the same SAE template to respond to multiple assessments in a streamlined view.
    • Risk Scoring and Normalization: Standardize risk scores with flexible scoring settings for consistent evaluation.
    • Portal Support: Internal assessors use the GRC portal, and external assessors use the third-party portal to complete assessments.

    Limitations

    • New assessments must use SAE templates; Classic engine creation is disabled after enabling SAE.
    • Third-party assessors cannot create issues or comments on individual questions; issue creation must be automated via rules, and comments are limited to the questionnaire level.
    • Signature functionality is not supported in SAE.
    • Automatic attachment of questionnaires to external assessments based on inherent risk questionnaire (IRQ) responses or risk tiers is not supported.
    • Unsupported question types include Percentage, Ranking, Image Scale, and Custom Metric. Customers must convert or recreate these questions in supported formats before or after migration.
    • Templates with empty sections (due to unsupported question types) cannot be published and require editing to add or remove sections.
    • Repeating assessments are not supported; event-driven management rules are recommended instead.
    • When migrating SAE templates between instances, duration data must be manually exported and imported.
    • Legacy management rules tied to Classic templates may not function correctly if templates are not updated to support SAE.
    • TPRM scoring migration only proceeds without errors during template migration; errors prevent scoring migration.

    Practical Considerations for ServiceNow Customers

    ServiceNow customers adopting SAE for TPRM benefit from a modern, flexible questionnaire experience that supports improved risk assessment workflows. However, careful planning is required to address limitations such as unsupported question types, manual data migration steps, and changes in assessor capabilities. Customers should follow provided guidance on migrating templates, creating SAE questionnaires, and configuring scoring to ensure smooth transitions and maintain effective risk evaluation processes.

    With the integration of Smart Assessment Engine (SAE), TPRM now supports both the Classic assessment engine and SAE. You can create questionnaire templates and add instructions, questions, and reference information by creating templates using SAE in the Vendor Management Workspace.

    SAE overview

    The Smart Assessment Engine in Vendor Management Workspace enables you to create both internal and external questionnaires using configurable templates, logical grouping of questions, inline guidance, and automations.

    For more information about the Smart Assessment Engine application, refer to Exploring Smart Assessment Engine.
    Note:
    To use Smart Assessment Engine, you must enable the Smart Assessment Engine enabled [sn_vdr_risk_asmt.sae_enabled] property. After setting this property, you can't create new assessments and questionnaire templates using the Classic assessment engine.

    Benefits of using the Smart Assessment Engine experience

    The new assessment experience offers the following benefits.

    • Enhanced navigation: Use the improved navigation for a better user experience.
    • Assessment support: Conduct assessments for both internal and external parties in one standard UI. TPRM SAE questionnaire templates are extended to include additional attributes such as the risk area and the option to include previous responses, which aren’t available in the base SAE templates. TPRM SAE templates must be created directly within the Vendor Management Workspace to ensure that they include the necessary attributes and can be used for TPRM assessments.
    • Organize questions: Group questions into subsections and sections for better organization.
    • Add attachments: Attach the files directly to the individual questions.
    • Add reference information: Add reference information to a questionnaire template to help ensure that assessors and respondents can access the necessary information they need while completing a questionnaire.
    • Filter questions: Quickly identify and filter unanswered questions.
    • Auto-save for questionnaires: Save your work automatically as you complete each question within a questionnaire.
    • Standardized risk rating scale definition: Override the default risk rating scales at the template level for both internal and external assessments.
    • Assessment duration: Define the duration of an assessment when creating a questionnaire template.
    • Combine assessments: Respond to questionnaires by using the same SAE template in a single, streamlined view.
    • Risk scoring and score normalization: Standardize the risk scores for a consistent evaluation using the more flexible scoring settings available in SAE.
    • Support for the GRC and third-party portals: Internal assessment responders can use the GRC portal to access and complete internal assessments and external assessment responders can use third-party portal to complete external assessments.

    Smart Assessment Engine limitations

    SAE with TPRM has the following limitations.
    • All new assessments must use SAE questionnaire templates.
    • Third-party risk assessors can no longer create issues from the View responses page. Issues generation rules can be used to create issues automatically.
    • Third-party risk assessors can no longer create comments on individual questions. They can only use the comment section at the questionnaire level.
    • The signature feature isn’t supported.
    • Automatic attachment of questionnaires to external assessments based on inherent risk questionnaire (IRQ) responses or IRQ-calculated risk tiers is currently not supported in Smart Assessment Engine.
    • The following question types aren’t supported: Percentage, ranking, image scale, and custom metric aren’t supported. You must either convert these question types to supported formats before migration or create new questions in the template designer after migration.
      Note:
      For the percentage and image scale question types, customers can use the Number type and Radio button type, respectively. Ranking and custom metric question types aren't supported.
    • If a section in the classic template contains only unsupported questions, an empty section is created in the TPRM SAE template. TPRM SAE templates with empty sections can’t be published; therefore, you must either add replacement questions to these sections or delete the empty sections before publishing.

      For more information on migration results, migration limitations, and creating TPRM SAE questionnaires, see Results of migrating a template to a TPRM SAE template and Create a TPRM SAE questionnaire or document request template.

    • Repeating assessments aren’t supported. You can use Event-driven management rules.
    • When transferring TPRM SAE questionnaire templates between instances, the update set won’t include the duration information. Users must export the duration information manually from the sn_smart_asmt_duration table and import it into the target instances.
    • If an assessment template isn’t updated to support SAE assessments, the related tier-based, provider-based, and event-driven management rules won’t run as expected.
    • The TPRM scoring migration proceeds only if there were no errors during the template migration. If there were errors, the TPRM scoring migration doesn’t occur.
    Note:
    For more information on migration results and migration limitations, see Results of migrating a template to a TPRM SAE template.

    What to explore next

    To learn more about configuring and using SAE with Third-party Risk Management, see: