Every company, be it big or small, relies on vendor service for its day-to-day functioning. It can range from something as basic as supplying drinking water, cleaning services and meals, to IT services, marketing consultants and electronic goods. No matter what the type of vendor services you are employing at your company, it is imperative to conduct a risk health check every now and then. This helps you avoid any type of security or personal hassle in the future which might bring unacceptable disruption or a negative impact to business performance.
Vendor Risk Management (VRM) is a part of ServiceNow Governance, Risk and Compliance (GRC) portfolio that provides centralized process for managing and monitoring third-party vendor risks, vendor portfolio management and managing vendor risk remediation life cycle.
Following diagram depicts six key capabilities for ServiceNow VRM
Vendor Portfolio - This is the database of Vendor & Vendor information that includes the vendor contacts, the business services that the vendors fulfil along with other general vendor information. The existing company table within ServiceNow can be used to compile vendor data. If an organization already has vendor information in ServiceNow, say from an asset discovery service, it is immediately available to vendor risk management. An organization can also easily integrate VRM with existing supplier management systems.
Vendor Tiering – VRM ensures organizations are effectively assessing vendors with the appropriate assessments at the right time. By leveraging the vendor tiering score, organizations are better positioned to manage the vendor relationships. A vendor tiering assessments is created for a vendor using a tiering questionnaire template. Internal assessors are assigned to complete the tiering assessment questionnaire.
Assessment Management – Companies can create templates for assessments and vary the content and reoccurrence intervals based on the Vendor tiers. they can create proprietary questionnaire using the visual designer. Assessments responses are automatically scored using a robust hierarchal weighted scoring framework that can be tailored to meet customer specific requirements.
Vendor Portal – Here is where the ServiceNow VRM pulls companies out of emails and spreadsheets. All vendor interactions and are centralized in a vendor portal. This provide all vendor stakeholders visibility into what needs to get done, by when, who’s currently assigned, and the status.
Issues & Remediations - Vendors don’t always do what is expected of them. As assessment responses are reviewed, companies can create issues, review them with subject matter experts, design remediation plans, and share them with vendors for closure.
Coforge’s Vendor Risk Management implementation of ServiceNow helps you to eliminate all the problems that riddle a traditional assessment system. Traditional systems require you to access and maintain information manually, making it prone to errors. Such records are also not available to everyone, leaving room for bad decisions due to a lack of source for accessing the available information. Besides, it is also not possible to upgrade such systems, making them inefficient in the long run.
Coforge helps to implement ServiceNow Vendor risk management application, you eliminate all the above risks. You have a central dedicated Vendor Portal where business can manage all interactions with third parties in one single channel. Vendor Portal helps business to easily connect and communicate with all vendors and eliminate the need for multiple emails exchange and calls. Vendor’s Primary contacts can also assign tasks easily to secondary contacts on the Portal. Having said that, Vendor Portal enhanced the visibility to vendors by providing status of all issues, tasks, and assessments.
Coforge has dedicated to making ServiceNow Vendor Risk Management System process simpler for third parties and for Risk Managers as well. Coforge has enabled and enhanced Vendor Management Workspace for several customers as per their requirements which brings all vendors and the possible risks associated with them under one umbrella. Risk Managers can reach out to a vendor, ask it questions, understand its risks, and make an informed decision about continuing with the services, all under one transparent umbrella. You do not need to maintain and access multiple apps and can deliver and receive information quicker in a single pane view.
The Risk Managers then can analyze the information and get back to the vendor with more questions easily and in lesser time.