Use Case: Proactively address third-party issues, including ESG It9s widely accepted that third parties are essential for business success, accelerating time to market, enabling innovation, and reducing costs. But these third-party relationships also represent a major business risk due to the massive business disruptions and reputational damage that can result from exposures. As vendor risk management programs have grown, they have typically focused on a limited range of governance issues such as financial viability and cybersecurity, and even with these risks, many organizations struggle to scale vendor risk management due to lack of visibility and time-consuming manual processes. Now, organizations are being asked to expand this scope to environmental, social, and governance (ESG) concerns due to both public pressure and recent regulations such as the EU Corporate Sustainability Reporting Directive (CSRD). For example, enterprises are increasingly expected to have a Net Zero strategy, and yet a significant part of a company9s carbon footprint often comes in the form of Scope 3 emissions from its third-party suppliers. Similarly, organizations are held accountable for the labor and human rights records of their vendors. With vendor risk management programs already under strain, ESG threatens to push these programs past the breaking point. ServiceNow transforms the way you manage third-party risks, including ESG. We provide consistent assessment and remediation processes, create transparency and accountability with an integrated view of risks across all your third parties, and reduce effort by automating key supplier risk management processes. And because these capabilities run on the Now Platform®, they work seamlessly with our broader set of integrated risk management capabilities, letting you holistically manage enterprise risk across your entire internal and external value chain. A third-party risk manager at work I start every morning in my tailored ServiceNow Third-party Risk Management third- party workspace, where I can get a status overview of all of my suppliers. The retailer I work for has many suppliers, so this makes it easy for me to see how we9re doing and identify any issues I need to focus on. I could look at the performance of my third parties in the performance tab, but I9m really here to look at the risk they pose to our business. I notice that one of our primary merchandise suppliers, ToysCo, has a high risk score. The score was calculated based on the vendor risk assessment and engagement assessment I just sent out. Both of these came back high, even though the combined rating the system has calculated based on my risk intelligence feeds from EcoVadis and Interos shows a moderate risk. I could look at ToysCo9s subsidiaries, but I9m here to look at the issues. I see a high- priority issue was generated from the Human Rights vendor risk assessment that indicates ToysCo9s SA8000 certification is no longer current. To get a better understanding of the issue, I click on the details tab. 15