Verisq integrates with the GRC, ticketing, identity, and data infrastructure already deployed at most enterprises. Bidirectional where it matters; signed and audit-logged everywhere; configurable per-tenant. The integration surface is the difference between Verisq fitting into your operating model and Verisq fighting it.
ServiceNow — VR (vendor risk), AVR (SBOM CVEs as Application Vulnerable Items), GRC (Issues + Risks), SIR (Security Incidents), ITSM. Bidirectional sync: closing in ServiceNow closes the Verisq finding (with evidence-attachment guard); reopening in Verisq reopens upstream. Drift detection catches divergence in the daily reconciliation view.
Jira (Cloud or Server) — issues with severity-mapped priority and bidirectional state sync. Issue-template per Verisq finding type. Comment-bridge from Verisq remediation notes to Jira issue history.
PagerDuty — critical-severity escalation paged to the on-call rotation. CVSS 9+ with KEV-listed exposure routes here automatically; lower severity batches into the daily digest.
Microsoft Teams — Adaptive Cards via Power Automate Workflow webhook (post-2025 standard). Channel-scoped routing per finding category — TPRM findings to the GRC channel, SBOM CVEs to the security channel, breach alerts to incident response.
GitHub Issues — high-severity findings in engineering's tracker. Particularly relevant for SBOM-driven supply chain findings where remediation is engineering-owned.
Generic HMAC-signed webhooks — SIEM, data lake, or any custom destination. Every payload signed; replay protection via timestamp window and nonce.
For PrivacyOps data discovery, the platform connects to the customer's databases through seven native adapters:
Connector credentials encrypted at rest with tenant-specific keys. The platform discovers schemas and samples values for classification but never persists raw samples as a foundational privacy guarantee. Read-only credentials honoured — Verisq never asks for write access to discover.
For SBOM continuous monitoring, native pull connectors keep SBOMs current without developer involvement:
Azure Active Directory / Entra ID — SAML 2.0 SSO and OIDC. Conditional access supported at the tenant boundary.
SCIM 2.0 — automated user provisioning, deprovisioning, and group-to-role mapping. The right people get the right access automatically; the leavers get deprovisioned the same day they leave.
Public REST API — the same surface the Verisq UI uses. Tenant-scoped API keys with audit-logged access. Documentation available to customers under their tenant agreement.
Microsoft Power Platform connector — programmatic access for Power Automate flows. Twelve operations covering vendor lookup, finding creation, risk register query, and integration status. Suitable for low-code workflow extension within Microsoft tenants.
Every outbound dispatch, every inbound update, every drift event captured in the integration audit log with destination, payload digest, response status, retry count, and final outcome. The integration log is the answer to "did the ServiceNow ticket get created?" without leaving Verisq to check.
Outbound connectors available from RR Core; full bidirectional sync, Power Platform connector, and the SCIM provisioning surface are Enterprise capabilities.