Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

Bitsight for Vendor Risk Management by ServiceNow Integration Guide

Ingrid

This guide provides instructions for integrating the Bitsight Security Ratings Platform and ServiceNow Vendor Risk Management (VRM) application. This is version 1 of the Bitsight and ServiceNow application integration.

See instructions for the following tasks:

Requirements

Download and Installation

  1. Download and install the application from the ServiceNow App Store.

    Verterim, a professional services firm that specializes in GRC, also has an integration and app in the ServiceNow App Store. It brings our data into the “Security Scores” table in the ServiceNow Vendor Risk Management application. It triggers assessments (questionnaires) based on changes in the normalized ratings by using “Score Based Submission Rules.”

  2. Assign a Bitsight admin type of role to a user in ServiceNow. See instructions for managing ServiceNow user roles.
  3. Go to the Bitsight Application Configuration module in ServiceNow.
  4. Create or retrieve your API token from the Bitsight platform and then enter your Bitsight API token into the “REST API Token” field.
  5. Set your integration configurations.
Field Description

Insert Bitsight companies that do not match existing company records in ServiceNow

[Boolean]

Determines if companies that do not match existing records should be inserted.

  • If Yes, companies that do not match existing vendor (company) records in ServiceNow are inserted (primary domain, name, or Bitsight company GUID).
  • If “No” (unchecked), such unmatched companies are ignored.

Mark all imported companies as Vendors

[Boolean]

Determines if companies that are imported from your Bitsight portfolio are marked as “vendors” in ServiceNow.

If “Yes,” all imported companies are automatically marked as vendors.

Maximum age (days) of alert to trigger issue creation (defaults to 7)

[Integer]

 Set the maximum age of alerts that will create Vendor Risk Issues in ServiceNow. Alerts older than this threshold will be ignored.

Create Vendor Risk Issue on Score Change

[Boolean]

Determines if a Vendor Risk Issue is to be created in ServiceNow on warning alerts.

Set this to Yes to automatically create issues for portfolio records whose rating drops beyond the configured threshold value (see Score Drop Trigger Delta).

Score Drop Trigger Delta

[Integer]

 If the rating decreases by this value, Vendor Risk Issues will be created in ServiceNow if the “Create Vendor Risk Issue” flag is checked.

Create Vendor Risk Issue on Alerts with Critical Severity

[Boolean]

 Set this to Yes to automatically create Vendor Risk Issues in ServiceNow for portfolio records when a Critical (change-severity-critical-decrease.png critical decrease) Bitsight alert is received.

Create Vendor Risk Issue on Alerts with "Warning" Severity

[Boolean]

 Set this to Yes to automatically create Vendor Risk Issues in ServiceNow for portfolio records when a Warning (change-severity-decrease.png decrease) Bitsight alert is received.
  • March 13, 2025: Updated store link.
  • October 25, 2021: Separated tasks instructions to their own pages.
  • October 6, 2020: Version 1.4.1 now available.

Related articles

Feedback

0 comments

Please sign in to leave a comment.