Bitsight for Third-party Risk Management by ServiceNow Integration Guide Ingrid This guide provides instructions for integrating the Bitsight Security Ratings Platform and ServiceNow Third-party Risk Management (VRM) application. This is version 1 of the Bitsight and ServiceNow application integration.See instructions for the following tasks: Importing Your Portfolio and Alerts Adding Bitsight Data to Vendor Risk Management Alerts Requirements A supported version of ServiceNow. The Bitsight for Third-party Risk Management solution. Download and Installation Download and install the application from the ServiceNow App Store. Verterim, a professional services firm that specializes in GRC, also has an integration and app in the ServiceNow App Store. It brings our data into the “Security Scores” table in the ServiceNow Third-party Risk Management application. It triggers assessments (questionnaires) based on changes in the normalized ratings by using “Score Based Submission Rules.” Assign a Bitsight admin type of role to a user in ServiceNow. See instructions for managing ServiceNow user roles. Go to the Bitsight Application Configuration module in ServiceNow. Create or retrieve your API token from the Bitsight platform and then enter your Bitsight API token into the “REST API Token” field. Set your integration configurations. Field Description Insert Bitsight companies that do not match existing company records in ServiceNow [Boolean] Determines if companies that do not match existing records should be inserted. If Yes, companies that do not match existing vendor (company) records in ServiceNow are inserted (primary domain, name, or Bitsight company GUID). If “No” (unchecked), such unmatched companies are ignored. Mark all imported companies as Vendors [Boolean] Determines if companies that are imported from your Bitsight portfolio are marked as “vendors” in ServiceNow. If “Yes,” all imported companies are automatically marked as vendors. Maximum age (days) of alert to trigger issue creation (defaults to 7) [Integer] Set the maximum age of alerts that will create Vendor Risk Issues in ServiceNow. Alerts older than this threshold will be ignored. Create Vendor Risk Issue on Score Change [Boolean] Determines if a Vendor Risk Issue is to be created in ServiceNow on warning alerts. Set this to Yes to automatically create issues for portfolio records whose rating drops beyond the configured threshold value (see Score Drop Trigger Delta). Score Drop Trigger Delta [Integer] If the rating decreases by this value, Vendor Risk Issues will be created in ServiceNow if the “Create Vendor Risk Issue” flag is checked. Create Vendor Risk Issue on Alerts with Critical Severity [Boolean] Set this to Yes to automatically create Vendor Risk Issues in ServiceNow for portfolio records when a Critical ( critical decrease) Bitsight alert is received. Create Vendor Risk Issue on Alerts with "Warning" Severity [Boolean] Set this to Yes to automatically create Vendor Risk Issues in ServiceNow for portfolio records when a Warning ( decrease) Bitsight alert is received. November 26, 2025: ServiceNow VRM is now ServiceNow TPRM March 13, 2025: Updated store link. October 25, 2021: Separated tasks instructions to their own pages. October 6, 2020: Version 1.4.1 now available. Related articles Bitsight Continuous Monitoring for Third-party Risk Management (TPRM) by ServiceNow API Token Management Bitsight for ServiceNow Third-party Risk Management: Importing Your Portfolio and Alerts Bitsight for Vendor Risk Management by ServiceNow: Adding Bitsight Data Bitsight for ServiceNow Third-party Risk Management: Setting Up Alerts Feedback 0 comments Please sign in to leave a comment.