Share the Wealth: Vendor Risk Management in ServiceNow
Speaker: John Gilaspy
In this Share the Wealth video, John Gilaspy of GlideFast Consulting gives an overview and demonstration of Vendor Risk Management in ServiceNow.
What is Vendor Risk Management?
Vendor Risk Management is the process of:
Identifying the risks to the enterprise presented by a relationship with a specific vendor, regardless of the nature of that relationship
Evaluating the internal perspective of that relationship and its inherent risks
Requesting the vendor’s perspective of that relationship and its level of compliance in applicable areas of concern
Evaluating the vendor’s risk position and collaborating with it to address any issues that are discovered
How do we evaluate Vendor Risk?
Vendor Risk is a two-step process. The steps include:
Tiering Assessment — Assess the risk of relationship from inside — Send a questionnaire to the individual in charge of the vendor relationship
Vendor Risk Assessment — Assess the position of the vendor from the outside — Send questionnaires and document requests to the vendor POC
Security concerns
ServiceNow automatically updates security on the instance when the application is installed in two ways:
Application of an internal role to all existing user accounts, “snc_internal” and the creation of an external role for all vendor contacts, “snc_external”
Inclusion of a separate, segregated service portal only accessible to vendor contacts
Enhancements to Vendor Risk
ServiceNow provides multiple enhancements to Vendor Risk Management:
SIG Integration (2019, 2020)
Vendor Engagements
Vendor Hierarchies
Electronic Signatures
Risk Area Categorization
Interested in working with experts like John?
Reach out to us here. We would love to learn more about your ServiceNow challenges and help your organization build better solutions.