Share the Wealth: Vendor Risk Management in ServiceNow

Speaker: John Gilaspy

In this Share the Wealth video, John Gilaspy of GlideFast Consulting gives an overview and demonstration of Vendor Risk Management in ServiceNow.

What is Vendor Risk Management?

Vendor Risk Management is the process of:

1. Identifying the risks to the enterprise presented by a relationship with a specific vendor, regardless of the nature of that relationship

2. Evaluating the internal perspective of that relationship and its inherent risks

3. Requesting the vendor’s perspective of that relationship and its level of compliance in applicable areas of concern

4. Evaluating the vendor’s risk position and collaborating with it to address any issues that are discovered

How do we evaluate Vendor Risk?

Vendor Risk is a two-step process. The steps include:

1. Tiering Assessment — Assess the risk of relationship from inside — Send a questionnaire to the individual in charge of the vendor relationship

2. Vendor Risk Assessment — Assess the position of the vendor from the outside — Send questionnaires and document requests to the vendor POC

Security concerns

ServiceNow automatically updates security on the instance when the application is installed in two ways:

1. Application of an internal role to all existing user accounts, “snc_internal” and the creation of an external role for all vendor contacts, “snc_external”

2. Inclusion of a separate, segregated service portal only accessible to vendor contacts

Enhancements to Vendor Risk

ServiceNow provides multiple enhancements to Vendor Risk Management:

1. SIG Integration (2019, 2020)

2. Vendor Engagements

3. Vendor Hierarchies

4. Electronic Signatures

5. Risk Area Categorization

Interested in working with experts like John?

Reach out to us here. We would love to learn more about your ServiceNow challenges and help your organization build better solutions.