In this article:
This page shows release updates for Security Scorecard's ServiceNow for Vendor Risk Management integration.
Available January 19, 2022
This app is now certified with Rome, Quebec and Paris versions of ServiceNow.
- Manual Sync Now button on SecurityScorecard Summary tab
- Support for multiple vendor records with the same SecurityScorecard domain
- Support for syncing with subdomains
- Cleanup of data when a user disables syncing for a vendor
- Required website and domain entry fields
- Optional creation of vendor records on import
- Minor look and feel improvements
- Improved logging
- General stability improvements
- Uninterrupted syncing for domains when one domain fails to sync
Available July 6, 2021
An added SecurityScorecard header enables API usage tracking for the app.
You can now add two-digit domain names to company domain records, so that these records can be synced.
A domain is no longer required when you use an alternate field for the app.
Vendor records are no longer removed from a portfolio when the sync job runs for all vendors with Synchronize with SecurityScoreCard disabled.
Duplicate Factor Details and Summary tabs no longer appear on a vendor record.
The legacy Populate Portfolio button has been removed.
Available June 2, 2021
This version of the app is certified for ServiceNow's Quebec version.
Portfolio enhancements provide more vendor data points that are available in the SecurityScorecard platform:
The Summary view is clearer and includes a numeric score.
- A new tab shows vendor issues.
- A new tab shows the mapping of compliance framework questions to vendor issues found by SecurityScorecard.
- A new tab shows the breakdown of vendor issues into security factors.
Configuration improvements include the following:
Portfolio ID and API token are configured in application.properties. You no longer have to import portfolios and select a primary one. You can bidirectionally sync companies based on the sync flag in ServiceNow.
Syncing is based on core_company.website by default. Also, you can can specify any alternative VRM field to sync vendor records.
- Data storage has been simplified, and the integration is more efficient with the removal of the following Application and Import tables:
Smart domain mapping simplifies the vendor list sync with the SecurityScoreCard portfolio. You can set an in-app properties rule based on which domain fields should be auto-populated. The rule in the screenshot attempts to look up the domain from the Website field in the same vendor record. If not successful, it attempts to look up a matching record in another ServiceNow table, such as Address Book, until it is successful.
- You can download SecurityScorecard vendor reports from within ServiceNow Vendor records:
- Summary Report in PDF
- Issues Report in PDF
- Detailed Report in PDF
- Last 1 month issues in CSV
You can manage all downloaded SecurityScorecard reports in a new Reports.
Learn more about SecurityScorecard's ServiceNow for VRM integration: