Skip to main content

ServiceNow Integration V2 Release Notes

Emily Makroy
Updated

The Global Risk Exchange TPRM V2 Integration is available for the following versions of ServiceNow TPRM. 

Available

  • Xanadu - April 2025
  • Yokohama - July 2025
  • Zurich - Feb 2026

 

In Plan

  • Australia - targeted for Q2 2026

 

V2.4 Release - February 2026

New or Updated Functionality

  • Zurich Compatibility
    • This release verifies all core integration functionality on the Zurich version of ServiceNow TPRM
  • Third-party risk assessment Results: PDF Report
    • Ability to import the PDF Risk Analysis Report for an assessment - set as an integration configuration choice, including which framework to use
  • GRX Assessments
    • New "GRX Assessment" section and table located under the "Global Risk Exchange" module in the navigation. Available for users with the GRX Admin (x_cgrx_cybergrx_ri.GRX_admin) role to associate the GRX Assessment Templates with the necessary request information during setup
      • assessment template: look up field to the OOB ServiceNow assessment templates
      • controls framework id and name: button with live api call to return the list of available frameworks to drive the collection of controls evaluated for Issue import
      • report framework id and name: button with live api call to return the list of available frameworks to drive the format of the Spreadsheet and/or PDF report
      • metrics included: True/False
      • validation included: True/False
      • score basis: Attested / Predictive
    • Lays the groundwork for Live Assessment flexible requesting (not yet implemented - coming soon)
    • Lays the groundwork for Predictive Controls importability (not yet implemented - coming soon)
  • Custom Field Descriptions
    • Added or updated descriptions for all custom fields to help with usability
  • GRX Delete Import Issues
    • New scheduled job to routinely clean up the "Import Issues" working table, which holds the assessment information for processing before it is saved to the ServiceNow Issue records
  • Technical Enhancements
    • Cleaned up legacy or unused code and refactor integration code for maintainability
    • Added and enhanced comments in the code for readability
    • Enhanced logging messages to assist with troubleshooting
    • Replaced references to CyberGRX with GRX or Global Risk Exchange

Resolved Issues

  • Active Request Contacts
    • Previously, all contacts associated with a vendor were being sent to GRX with the "Submit to Third-party" button on the assessment, regardless of their active status
    • Now, only contacts marked as active are included with the assessment request

  • Only Import Requested Controls into the Issues

    • Previously, all 209 controls were being considered for import into the Issues table, based on the configuration selection for High, Medium, Low, etc., even when only requesting critical controls

    • Now, only the controls associated with the selected framework are considered for import. For example, if the Critical Controls framework is selected, only 60 controls are evaluated for issue creation

  • New Third Party Button

    • Previously, the integration had a custom UI action overriding the default "New" button on the All Third Party table. this was left over from earlier versions where the assumption was that users would only have a grx role

    • Now, the "New" button override has been removed and user visiblity and access to the New button on the All Third Party table not is determined by the GRX integration

The functionality in this release and all previous functionality has been verified on the following versions: Xanadu, Yokohama and Zurich

 

V2.3 Release - July 2025

New or Updated Functionality

  • Yokohama Compatibility 
    • This release verifies all core integration functionality on the Yokohama version of ServiceNow TPRM
  • Third-party risk assessment
    • If a Third Party denies an assessment request, Assessment State will be updated to "Canceled" and Assessment Status will be "Closed"

The functionality in this release and all previous functionality has been verified on the following versions: Xanadu and Yokohama

 

V2.2 Release - June 2025

This release comes with a number of enhancements, resolved issues and a tightening of the integration roles and permissions. 

New or Updated Functionality

  • Configurations
    • Consolidated GRX Admin pages in the navigation under the "Global Risk Exchange" header for ease of use
  • Templates
    • Added descriptions to the GRX questionnaire templates
    • Set the Questionnaire "Third-party risk area" to "Cybersecurity risk"
  • Issues
    • Now populating the OOB Issue field "Impact" when creating issues during the Assessment Results scheduled job
    • Added custom fields on the Issue record to hold the GRX Question Prompt, GRX Answer, GRX Score, GRX Score Basis, GRX Validation Status, GRX Evidence Type and populated them with data during the Assessment Results scheduled job
      • previously this information was only available in the "Description" field and not sortable / filterable
  • Roles & Permissions
    • GRX View (x_cgrx_cybergrx_ri.GRX_view)
      • Created new view only role for the integration
      • Users assigned this role can see the “Global Risk Exchange” view and custom integration fields, but not perform any syncing actions

Resolved Issues

  • Configurations
    • Updated how the authentication information is referenced when making any API calls to be more secure
  • "Global Risk Exchange" View
    • Ensured that any custom GRX integration fields are only displayed when a user is in the "Global Risk Exchange" view
  • Roles & Permissions
    • GRX Admin (x_cgrx_cybergrx_ri.GRX_admin)
      • Ensured only the GRX Admin role has access to the GRX scheduled jobs and cleaned up old v1 scheduled job records
      • Limited permissions for the GRX Admin role to only what is necessary for the integration
    • GRX Sync (x_cgrx_cybergrx_ri.GRX_sync)
      • Limited permissions for the GRX Sync role to only what is necessary for the integration.
      • Assumption is that GRX Sync is an add on role to a user with an OOB TPRM role

The functionality in this release and all previous functionality has been verified on the following versions: Xanadu

 

V2.0 Release - April 2025

Upgrade of the Global Risk Exchange ServiceNow Integration to our next gen V2 APIs, allowing for functionality enhancements and increased supportability. 

New or Updated Functionality

  • Company Search & Sync with GRX
    • Addition to the company search results to show the questionnaire attest data for a company if they have an assessment available on the exchange.
    • New Companies are automatically added to the Exchange - no more waiting for manual review and add process. 
    • Users no longer having to input address information if they select a company from the returned results to add to your portfolio.
  • Unsync with GRX
    • "Unsync with GRX" action button now also removes the company from the third party portfolio in GRX. Previously it had only updated the "GRX Sync" field to false and stopped updating the data in ServiceNow. The user had to manually remove the company in the GRX portal.
  • Third Party GRX Profile Data
    • Tags are now managed via ServiceNow - if a tag is added or removed to a third party in ServiceNow, the tags will be updated in GRX to match. No more manual tag updates needed in GRX.
    • GRX Industry is now kept in sync between ServiceNow and GRX.
    • Introduction of the 5 band Inherent Risk.
    • GRX Inherent Risk is now kept in sync between ServiceNow and GRX. This includes both the Auto Inherent Risk and Confirmed Inherent Risk Rating and Score.
    • Automated Residual Risk Score based on the Predictive Assessment is now kept in sync between ServiceNow and GRX.
    • Residual Risk Score based on the Attested Assessment (once an assessment has been completed and authorized) is now kept in sync between ServiceNow and GRX.
    • The Latest Questionnaire Attest Date and Validation Attest Date for a Third Party’s Assessment in Exchange is now kept in sync between ServiceNow and GRX.
    • Refreshed Results to Import is a newly created flag to understand if a newer assessment is available by a third party to be imported into ServiceNow after initial assessment data has been imported.
  • Third-party risk assessment Request
    • Added the ability to request Critical Controls Validated and Critical Controls
    • Added the ability to request a different assessment template on the same third party, for example request Critical Controls first and then Tier 2 later
  • Third-party risk assessment Results
    • Ability to view the assessment scores by Groups or Risk Domains in the Questionnaires table
    • Ability to import the assessment report spreadsheet - set as an integration configuration choice, including which framework to use.
    • Moved to the enhanced Finding Methodology for the Issue Import, including simplification of Tier 1 findings.
    • Additional configuration choices about which findings/issues types to create.
      High, Medium, Low, Minor: Yes answers, Minor: NA answers, Not Validated controls
    • Addition of control level Validation status information in the Issue Description

Resolved Issues

  • Admin Role required for End User Functionality
    • Addressed issue where the admin role was required to perform the end to end user functionality. 
  • New Company Contacts Not Sent to the Exchange
    • Addressed issue where contacts for net new companies or companies without existing assessments were failing to load from ServiceNow to GRX. 
  • Company Search & Sync with GRX Errors
    • Improved error handling and error messages
  • Third-party risk assessment Request Errors
    • Improved error handling on Submit to Vendor

Was this article helpful?

1 out of 1 found this helpful
Return to top

Related articles