ServiceNow’s Risk Expansion: What the CIMCON Partnership Reveals About the Future of IRM

RSAC 2025 Vendor InsightsServiceNowAutonomous IRM
Written By Ori Wellington

On the final day of the RSA Conference 2025, ServiceNow unveiled a strategic partnership with CIMCON Software. This announcement may appear modest at first glance, but it has profound implications for the future of integrated risk management.

Integrating CIMCON’s technology into ServiceNow’s IRM platform extends its reach into two complex and under-managed domains: End User Computing (EUC) and AI model risk. Both represent decentralized, often undocumented elements of the modern digital enterprise. Historically, these domains have eluded traditional GRC platforms—falling outside structured risk workflows and beyond the reach of legacy tooling.

With this move, ServiceNow is not simply expanding features. It is expanding the definition of what an IRM platform must be.

Ori Wellington

Orion “Ori” Wellington is the lead editor for The RiskTech Journal and The RTJ Bridge, where he helps shape editorial direction, guide strategic narratives, and support media relations across Wheelhouse Advisors. As a digital editorial advisor, Ori synthesizes trends in risk, technology, and governance, drawing from roles modeled on information security, risk analytics, and IT leadership.

Part of Wheelhouse’s AI-augmented research team, Ori works to distill complex signals into actionable intelligence—bridging expertise across domains and elevating the voice of integrated risk thinking.

https://wheelhouseadvisors.com
Sign up to read this post
Join Now
Previous

Diligent’s Cyber Risk Report Brings Real-Time Threat Intelligence to the Boardroom
Next

AuditBoard’s Connected Risk Strategy: Strategic Evolution or History Repeating Itself?