Security Performance Management
Continuous Monitoring
Cyber Insurance
National Cybersecurity

Articles in this section

See more

Bitsight for Vendor Risk Management by ServiceNow Integration Guide

Avatar
Ingrid
Follow
  • October 25, 2021: Separated tasks instructions to their own pages.
  • October 6, 2020: Version 1.4.1 now available.

This guide provides instructions for integrating the Bitsight Security Ratings Platform and ServiceNow Vendor Risk Management (VRM) application. This is version 1 of the Bitsight and ServiceNow application integration.

See instructions for the following tasks:

Requirements

  • Must have the ServiceNow Vendor Risk Management Application (Tokyo, San Diego, or Rome).
  • Must have a Bitsight Security Ratings subscription to leverage the integration.

Download and Installation

  1. Download and install the application from the ServiceNow App Store.

    Verterim, a professional services firm that specializes in GRC, also has an integration and app in the ServiceNow App Store. It brings our data into the “Security Scores” table in the ServiceNow Vendor Risk Management application. It triggers assessments (questionnaires) based on changes in the normalized ratings by using “Score Based Submission Rules.”

  2. Assign a Bitsight admin type of role to a user in ServiceNow. See instructions for managing ServiceNow user roles.
  3. Go to the Bitsight “Application Configuration” module in ServiceNow.
    Application Configuration Module
  4. Create or retrieve your API token from the Bitsight platform and then enter your Bitsight API token into the “REST API Token” field.
  5. Set your integration configurations.
Field Description
Insert Bitsight companies that do not match existing company records in ServiceNow
[Boolean]

Determines if companies that do not match existing records should be inserted.

  • If “Yes,” companies that do not match existing vendor (company) records in ServiceNow are inserted (primary domain, name, or Bitsight company GUID).
  • If “No” (unchecked), such unmatched companies are ignored.
Mark all imported companies as Vendors
[Boolean]

Determines if companies that are imported from your Bitsight portfolio are marked as “vendors” in ServiceNow.

If “Yes,” all imported companies are automatically marked as vendors.
Maximum age (days) of alert to trigger issue creation (defaults to 7)
[Integer]		 Set the maximum age of alerts that will create Vendor Risk Issues in ServiceNow. Alerts older than this threshold will be ignored.
Create Vendor Risk Issue on Score Change
[Boolean]

Determines if a Vendor Risk Issue is to be created in ServiceNow on warning alerts.

Set this to “Yes” to automatically create issues for portfolio records whose rating drops beyond the configured threshold value (see “Score Drop Trigger Delta”).
Score Drop Trigger Delta
[Integer]		 If the rating decreases by this value, Vendor Risk Issues will be created in ServiceNow if the “Create Vendor Risk Issue” flag is checked.
Create Vendor Risk Issue on Alerts with "Critical" Severity
[Boolean]		 Set this to “Yes” to automatically create Vendor Risk Issues in ServiceNow for portfolio records when a Critical ([Critical Decrease Icon] critical decrease) Bitsight alert is received.
Create Vendor Risk Issue on Alerts with "Warning" Severity
[Boolean]		 Set this to “Yes” to automatically create Vendor Risk Issues in ServiceNow for portfolio records when a Warning ([Decrease Icon] decrease) Bitsight alert is received.

Related articles