Drivers
- Organisation relies increasingly on third parties, and their sub-contractors (fourth parties)
- Vendor information is currently collected via email and spreadsheet - hard to stay current, information goes missing, how to see full current picture (live dashboard?)
TPRM overview (ServiceNow)
Notes
- Replaces the previous Vendor Risk Management (VRM) module
- Launched with Vancouver release
- TPRM calculated score
- Fourth parties
- Risk intelligence feeds
- Tiering Assessment
- Due Diligence Record (DDR)
- Inherent Assessment (INA)
- Linked to Vendor Management module
- Transform map - set up one time or for recurring integration
Roles
- Third party reader
- Third party editor
- Third party contract negotiator
- Due diligence approver
Key Steps
- Initial onboarding
- AML / Sanctions / other onboarding steps
- Inherent Risk Questionnaire
- Risk assessment
- Issues & Task Management
- Internal assessment
- External assessment
- Approval of responses
- Contract risk
- Due diligence
- Assessment questions and Questionnaires
Further reading
- Third-Party Risk Management - ServiceNow UK
- What you need to know about ServiceNow’s new Third Party Risk Management (TPRM) - AC3
- Case Study on NTT - Implementation of ServiceNow Third-Party Risk Management - Nihilent (PDF)
- Trust but Verify: Streamlining Third-Party Risk with ServiceNow - Infocenter.io - provides good overview of TPRM module, benefits, features, implementation considerations