ad
ad

Vendor Risk Management in ServiceNow | Share the ServiceNow Wealth

Education

Introduction

In this article, we will discuss vendor risk management, which is one of the GRC (Governance, Risk, and Compliance) applications in ServiceNow. Vendor risk management focuses on identifying the risks associated with having relationships with vendors and assessing their compliance with applicable areas of concern. It is essential for businesses that work with third parties to address the additional level of risk they bring.

Overview of Vendor Risk Management

Vendor risk management involves four main steps: identification, evaluation, vendor perspective, and risk assessment. First, the risks associated with a vendor relationship are identified, regardless of the type of vendor. This can range from physical security providers to cloud service providers like ServiceNow itself. Once the risks are identified, the internal perspective of the vendor relationship is evaluated by gathering feedback from internal vendor risk managers. Next, the vendor's perspective is sought out, with a focus on their compliance with relevant areas of concern. This evaluation process may include standardized information gathering spreadsheets provided by external organizations like the St. Louis Group. Finally, based on the assessments from both the internal and vendor perspectives, the risk of having a relationship with the vendor is evaluated. This evaluation helps determine if any issues need to be addressed before proceeding with the vendor relationship.

Demo: Using Vendor Risk Management in ServiceNow

In the demo, the vendor risk management process is showcased using the Paris version of ServiceNow. The demo starts with creating a vendor record, in this case, a vendor named Acer. Then, a tiering assessment is conducted to gather the internal perspective on the risk of using Acer as a vendor. Based on the results, a vendor risk assessment is created, which includes questionnaires and document requests for the vendor to complete. The vendor is given a specific timeframe to provide their responses. Both the internal and vendor contacts can collaborate on the assessments through the vendor portal and the frame set within ServiceNow. Any issues identified during the assessment can be addressed collaboratively, with the vendor providing necessary documents or explanations. Once all assessments are completed, the risk level of the vendor can be determined, and any necessary actions can be taken.

Keyword

Vendor risk management, GRC applications, third-party risk, risk assessment, vendor assessment, compliance, relationship evaluation, internal perspective, vendor perspective, standardized information gathering, vendor portal, document requests, collaboration, repeat assessments.

FAQ

Q1: What is vendor risk management in ServiceNow? A1: Vendor risk management in ServiceNow is a GRC application that focuses on identifying and assessing the risks associated with having relationships with vendors. It involves evaluating both the internal perspective and the vendor's perspective to determine the level of risk.

Q2: How does ServiceNow facilitate vendor risk management? A2: ServiceNow provides a platform for conducting vendor risk assessments, including the use of standardized information gathering spreadsheets. It also offers a vendor portal for collaboration and document sharing between the vendor and the company.

Q3: What is the importance of vendor risk management? A3: Vendor risk management helps businesses identify and address the risks associated with their relationships with vendors. It ensures that vendors are compliant with relevant areas of concern and helps mitigate potential risks to the company.

Q4: How can vendor risk assessments be automated in ServiceNow? A4: ServiceNow allows for the automation of vendor risk assessments by setting up repeating assessments. These assessments can be scheduled to occur at regular intervals and can be triggered based on the completion of previous assessments.

Q5: What are the key benefits of using ServiceNow for vendor risk management? A5: ServiceNow provides a centralized platform for vendor risk management, allowing for collaboration, document sharing, and automated assessments. It helps streamline the process, reduce manual efforts, and ensure compliance with risk management practices.