ServiceNow VRM Course Final Exam 2023 Solved Correctly
1 view 0 purchase
Course
ServiceNow VRM Course
Institution
ServiceNow VRM Course
ServiceNow VRM Course Final Exam 2023 Solved Correctly
What is VRM (Vendor Risk Management)?
VRM Process of ensuring the use of services and suppliers doesn't create unacceptable levels of risk or negative impact for the business
How does VRM link to the GRC module?
It is the fourth applicati...
servicenow vrm course final exam 2023 solved correctly what is vrm vendor risk management vrm process of ensuring the use of services and suppliers doesnt create unacceptable levels of risk or
Written for
ServiceNow VRM Course
All documents for this subject (4)
Seller
Follow
magdamwikash23
Reviews received
Content preview
ServiceNow VRM Course Final Exam 2023 Solved
Correctly
What is VRM (Vendor Risk Management)?
VRM Process of ensuring the use of services and suppliers doesn't create unacceptable
levels of risk or negative impact for the business
How does VRM link to the GRC module?
It is the fourth application in the GRC suite. It can also be used as a standalone
application
What are the 6 capabilities of VRM?
1. Vendor Portfolio
2. Vendor Tiering
3. Assessment Management
4. Vendor Portal
5. Issue + Remediation
6. GRC Integration
What is Vendor Portfolio?
This is a database of vendors which includes vendor info such as vendor contacts. It
uses the existing company table in ServiceNow.
What is Vendor Tiering?
Assessments that are completed internally to classify vendors into categories of
potential risk and ensure organisations are appropriately assessing their vendors by
deciding which assessments are used going forward for that vendor, based on its tier.
What is Assessment Management?
Companies can create Questionnaire and Doc Request templates to build assessment
templates to use to assess Vendors. Or companies can use the built-in SIG
questionnaire.
What is Vendor Portal?
This is where communication between the company and vendors are done. Vendors
can view their assessments, issues and tasks on this portal.
What is Issue + Remediation?
When Vendor Assessments aren't deemed correct, Issues + Tasks can be
automatically/manually raised by the Company to address the problem.
What is GRC Integration?
Questions within a questionnaire template can be associated with Control Objectives.
This in turn will then change control compliance based on vendor responses.
VRM Benefits?
- Efficiency through automation of processes
- Reduce risk exposure
- Ability to respond to higher risk vendors with constant assessment
- Increased communication with Vendors
What are the Tiering levels?
None, Minor, Low, Moderate, High, Critical
Are tiers maintained internally (company) or externally (vendor)?
Internally
, How does Tiering work?
- Create and complete Tiering assessment
- Tier assigned to vendor
- Tier based submission rule decides what assessment to send to vendor based on it's
newly assigned tier
What is a Tiering Assessment made up of?
Tiering questionnaire template
Is a tiering questionnaire template made of metrics categories and metrics OR
other templates (assessment/doc request)
Metrics categories and metrics
What is a Vendor Risk Assessment made up of?
1. Assessment Template
2. Vendor
What is an Assessment Template made up of?
Metric Types:
1. Questionnaire Template
2. Doc Request Template
What is Vendor Security Score used for?
Allows companies to validate that vendors are maintaining their security posture. This
then allows to prioritize vendor relationships and management, including conducting
assessments if scores change (using score based submission rules)
What is Vendor security score made up of?
1. Network security
2. Hacker chatter
3. Patching cadence
What does the Vendor Portal allow?
1. Assessment Management - respond to assessments on the portal
2. Issues + Tasks - Companies can create issues to remediate problems with
assessments
3. Vendor contact Management - vendor can communicate with different functional
groups. Tasks can be assigned across vendors team
Can a Vendor Risk Assessment be submitted to a vendor without a primary
contact?
No. Primary contact is required.
(Checkbox on vendor contact form)
What is the unique identifier for VRM?
sn_vdr_risk_asmt
3 key INTERNAL roles?
1. vendor risk manager - manages questionnaire, doc request and assessment
templates + below
2. vendor risk assessor - manages, vendors, contacts, assessments + below
3. vendor risk reviewer - view and edit vendor reponses
What table are vendors stored?
core_company
What role is required to manually created Vendors?
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller magdamwikash23. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.49. You're not tied to anything after your purchase.