ServiceNow’s Risk Expansion: What the CIMCON Partnership Reveals About the Future of IRM

RSAC 2025 Vendor InsightsServiceNowAutonomous IRM
Written By Ori Wellington

On the final day of the RSA Conference 2025, ServiceNow unveiled a strategic partnership with CIMCON Software. This announcement may appear modest at first glance, but it has profound implications for the future of integrated risk management.

Integrating CIMCON’s technology into ServiceNow’s IRM platform extends its reach into two complex and under-managed domains: End User Computing (EUC) and AI model risk. Both represent decentralized, often undocumented elements of the modern digital enterprise. Historically, these domains have eluded traditional GRC platforms—falling outside structured risk workflows and beyond the reach of legacy tooling.

With this move, ServiceNow is not simply expanding features. It is expanding the definition of what an IRM platform must be.

Ori Wellington

Orion "Ori" Wellington is an integral part of the Wheelhouse Advisors team, bringing extensive expertise in risk management and technology. With a background that includes roles such as Risk Analyst, Information Security Specialist, and IT Project Manager, Ori contributes to helping organizations navigate complex risk and technology challenges.

At Wheelhouse Advisors, Ori focuses on supporting clients in the ever-changing landscape of risk management. This well-rounded experience enhances the success of both clients and the company. Committed to continuous learning, Ori is a valued member of the Wheelhouse Advisors team.

https://wheelhouseadvisors.com
Sign up to read this post
Join Now
Previous

Diligent’s Cyber Risk Report Brings Real-Time Threat Intelligence to the Boardroom
Next

AuditBoard’s Connected Risk Strategy: Strategic Evolution or History Repeating Itself?