ServiceNow Vendor Risk Management: How to do a Tiering Assessment
Updated: Sep 14
Is vendor risk overlooked at your organization? In a recent Bomgar survey, 74% of people surveyed believe that third-party vendor selection overlooks potential key risks. Understanding the risks a vendor can introduce to your organization is critical to conducting a vendor risk program. By performing a tiering assessment of the vendor, organizations can better understand the type of data a vendor will be accessing and how that will impact the organization’s exposure.
Performing a tiering assessment of the vendor enables companies to understand the type of data a vendor will be accessing and how that impacts your company’s exposure.
Centralizing the process
While assessments can be managed in spreadsheets or external interviews, the process can be expedited and centralized in ServiceNow’s Vendor Risk Management application. This approach allows for a single source of truth that the organization can reference across all the vendors in the application. The data can then be sorted in a meaningful way, with automated visualization and reporting of key performance indicators.
| Read More: Centralize Policy Management on ServiceNow Integrated Risk Management
After a vendor is created in ServiceNow, a tiering assessment is performed. Once the assessment is created and linked to the vendor being reviewed, assessors are chosen from within the organization. The assessment is then sent out and completed by the assigned staff and returned. The assessment responses can then be reviewed, and a tiering score can be assigned to the vendor once the tiering assessment is closed.
Tiering assessments can be repeated as needed, based on the requirements of the organization, and different assessments can be created if required.
How it Works
Watch the video for a visual walkthrough of the tiering assessment process, including how to:
Create and open a vendor record
Create and assign a Tiering Assessment
Complete the Tiering Assessment
Review the response
Close the Tiering Assessment and assign a Risk Rating to the vendor
Performing an internal tiering assessment is a core capability within the ServiceNow Vendor Risk Management Application. A completed tiering assessment will result in an initial risk rating being applied to the vendor record giving an easily viewable score to be used when determining how to assess the vendor.
Need help managing vendors in ServiceNow?
No matter where you are on your maturity journey, Cerna Solutions has you covered when it comes to managing policies on the Now Platform. Recognized as a ServiceNow "Elite" partner, we are a team of 100% US-based ServiceNow professionals who specialize in ServiceNow Integrated Risk Management. Our approach to IRM has earned us a repeat customer rate of 90%, and a customer satisfaction score of 4.8/5. Learn more about our Integrated Risk experience or contact us for more information.