- Governance Risk and Compliance (GRC) Solution Overview
- Archer Enterprise & Operational Risk Management
- Archer IT & Security Risk Management
- Archer Regulatory & Corporate Compliance Management
- Archer Audit Management
- Archer Business Resiliency
- Archer Third Party Governance
- Archer Public Sectors Solutions
- Archer GRC Platform
RSA Security and doing business as RSA, is an American computer and network security company since 1982. RSA provides Business-Driven Security solutions for advanced threat detection and cyber incident response, identity and access management, and governance, risk and compliance (GRC).
RSA is most known for its SecurID product that provides two-factor authentication to hundreds of technologies utilizing hardware tokens, software tokens, and one time codes. In 2016, RSA re-branded the SecurID platform as RSA SecurID Access. This release added Single-Sign-On capabilities and cloud authentication for resources using SAML 2.0 and other types of federation. RSA enVision is a security information and event management (SIEM) platform, with centralised log-management service to "enable organisations to simplify compliance process as well as optimise security-incident management as they occur." NetWitness was a packet capture tool aimed at gaining full network visibility to detect security incidents. This tool was re-branded RSA Security Analytics and was a combination of RSA enVIsion and NetWitness as a SIEM tool that did log and packet capture. RSA Archer GRC Platform is a software that supports business-level management of governance, risk management, and compliance (GRC). The Platform allows users to adapt solutions to their requirements, build new applications, and integrate with external systems without touching a single line of code.
E-SPIN and RSA
E-SPIN have partner with RSA and actively in promoting RSA Governance, Risk and Compliance (RGC) full range of products and technologies since 2017 as part of the company Governance, Risk and Compliance (GRC) Management solution portfolio. Follow by RSA Identity and Access Management, Security Analystics for advanced threat detection and cyber incident reponse. E-SPIN is active in provide consulting, supply, training and maintaing RSA products for the enterprise, government and military customers (or distribute and resell as part of the complete package) on the region E-SPIN do busineses. The enterprise range from public listed corporation, multinational corporation, bank-securities-insurance (BSI), federal and state government or government link corporation.
Please feel free to contact E-SPIN for your inquiry and requirement, so we can assist you on the exact requirement in the packaged solutions that you may required for your operation or project needs.
Governance, Risk and Compliance (GRC) Solution Overview
- Recognized by Gartner® and Forrester® as a perennial leader for operational risk management, IT risk management, IT vendor risk management, business continuity management and GRC platform solutions.
- Offers the depth, breadth and adaptability you need to manage risk in multiple domains, combined with the ecosystem and track record to deliver strategic value to your organization.
Address the most critical domains of business risk and evolve your GRC program with a full suite of multi-disciplinary risk management solutions and a single configurable, integrated software platform. RSA Archer can help you mature your organization's GRC program with solutions built on industry standards and best practices.
- Allows organizations to define and enforce accountability for risk and compliance issues.
- Derive efficiencies by automating processes.
- Enhance business performance and make more informed decisions faster.
- Leverage built-in industry standards to quickly implement the processes that give business leaders the visibility they need.
- Includes pre-built integrations with many other technologies, including security tools and business support applications.
- Enables collaboration on risk issues across business lines and organizational boundaries.
- Improve visibility by consolidating data and enabling risk analytics across the organization.
- Solutions built on the most flexible, configurable and powerful GRC platform in the industry.
- Provides a best practices-driven approach so that you can quickly implement effective risk management processes and plan for expansion based on your strategy and investment schedule.
- Tap into a strong network of certified RSA Archer experts who possess the experience and knowledge to lead you on a path to success.
RSA ARCHER® AUDIT MANAGEMENT
Execute your audit plan using a consistent, risk-based approach to drive greater efficiency and gain control of the complete audit lifecycle. Improve governance of audit-related activities, while also providing integration with your risk and control functions. Transform the efficiency of your audit department, complete risk-scoped audits more quickly, and partner with the business to achieve your organization’s goals.
- Automate your audit processes.
- Dynamically adjust risk-based audit plans.
- Tackle risk and compliance issues across teams with one central system.
- Execute internal audit engagements for efficiency
RSA ARCHER® BUSINESS RESILIENCY
Automate business continuity and disaster recovery planning and execution to protect your ongoing operations. Transform the efficiency of your continuity and recovery teams, address the most critical areas of the business quickly, and partner across the business to achieve your organization’s resiliency goals.
- Adapt your resiliency program to align with your business priorities.
- Bring business context to business continuity and IT disaster recovery planning.
- Integrate incident and crisis response.
RSA ARCHER® ENTERPRISE & OPERATIONAL RISK MANAGEMENT
Gain a clear, consolidated view of risk to efficiently address the most critical issues and elevate risk management as a new source of competitive advantage. Bring risk information together across the organization to consistently identify, assess, evaluate, treat, and monitor risks in one central solution.
- Address your most critical operational risk issues by aligning resources and risk management activities with business priorities.
- Address enterprise risk management (ERM) and operational risk management (ORM) consistently across your business, with a common language and standard measurements, controls, rating scales and reporting.
- Deliver an accurate, real-time picture of enterprise and operational risks to your board of directors and executive management team.
- Engage business units as your first line of defense, helping to identify and assess known and emerging risks that may impact their operations and objectives.
- Gain the ability to quickly report on and respond to risks that impede your organization’s objectives as they emerge.
- Reduce the likelihood and impact of negative events, lost opportunities and surprises by gaining a clear, consolidated view of enterprise and operational risks across your business.
RSA ARCHER® IT & SECURITY RISK MANAGEMENT
Bridge business context and process enablement to effectively address the complexity and cascading impact of rapidly changing cybersecurity risks. Adjust and evolve threat and vulnerability management processes to stay ahead of growing threats. Determine which assets are critical to your business, establish and communicate security policies and standards, detect and respond to attacks, identify and remediate security deficiencies, and establish clear IT risk management practices.
- Align IT and security processes and policies with higher-level directional strategies to reduce operational risk and support business growth initiatives.
- Establish and track reliable quantitative and qualitative data to inform a executive-level discussions of cybersecurity and cyber risk.
- Mitigate the financial, operational and reputational impacts of a cyber attack through early detection and accelerated cyber incident response.
- Improve your organization’s overall risk posture by gaining greater visibility into cybersecurity risks across your enterprise.
- Obtain the information and insights needed to effectively manage the organization’s portfolio of cybersecurity and other strategic technology investments.
- Reduce the complexity and cascading impact of rapidly changing cybersecurity risks.
RSA ARCHER® REGULATORY & CORPORATE COMPLIANCE MANAGEMENT
Ensure controls are defined, implemented and measured to meet constantly changing compliance obligations. Establish a sustainable, repeatable, and auditable regulatory compliance program by consolidating information from multiple regulatory bodies and documenting the impact to the business. Reduce the risk of misaligned IT and business practices, exposure to regulatory violations, and operational compliance failures.
- Address compliance consistently: Standardize your policy and compliance management processes across the organization to establish a common taxonomy for developing measurable risk and compliance goals, processes, and controls. Quickly prioritize and manage corporate policies and regulatory compliance initiatives. Eliminate manual, non-scalable compliance activities by implementing a consistent and repeatable process for managing new and changing regulations.
- Meet regulatory and compliance obligations: Minimize the risk of costly, public compliance failures and reputational damage by confidently managing the overall compliance posture of the business at all times. Consolidate disparate regulatory data silos and reduce the costly time burden on critical resources by automating task assignments, report creation and controls assurance testing through a centralized portal. Create exception requests, remediation plans, and findings to correct any issues uncovered during the controls testing process.
- Take control of regulatory requirements: Consolidate regulatory requirements and centralize news feeds from regulatory bodies into one searchable, standardized governance structure for a clear, consolidated view of regulatory intelligence. Document and report on your regulatory impact analyses, supplemented with information from your research and internal requirements. Quickly determine the impact of regulatory changes to the organization and proactively advise management with relevant guidance using interactive persona-based graphical dashboards and reports.
RSA ARCHER® PUBLIC SECTOR SOLUTIONS
Leverage people, process, and technology for an integrated approach to public sector risk management. Purpose-built to meet the unique needs of U.S. federal agencies, for effective information assurance program management and maximizing existing agency infrastructure investments. Improve communication, visibility, and the maturity and efficiency of your security program, and exceed minimum requirements set by FISMA and OMB.
- Harness the power of convergence: Collect and share data in a common environment with a common platform, common taxonomy, and integrations to scanners, sensors, and other security tools. Eliminate the need to constantly import, export, and reformat data, breaking down silos and allowing your stakeholders to share information faster and easier. Provide a broader view for stakeholders to make the right risk decisions to reduce risk and ensure compliance.
- Leverage true agility: Adjust to changes in your internal policies or processes by quickly reconfiguring applications, workflows, and reports and dashboards. Modify the solution to ensure your processes are appropriately aligned with changes to federal guidance or changes to your program.
- Mature your security program: Accommodate a wide spectrum of maturity levels and push your security program forward on its maturity path. Manage more security functions in a more informed, more efficient way. Save labor hours, reduce software license and training costs, increase productivity, and reduce risks and incidents.
RSA ARCHER® THIRD PARTY GOVERNANCE
Manage your third party relationships and engagements while reducing risks and monitoring performance. Fulfill regulatory obligations and implement best practices across the third party management lifecycle. Get an accurate picture of third party risk, quickly allocate resources to those that are most pressing, and make better business decisions.
- Enables consistent identification, assessment, treatment and monitoring of third party supplier risks.
- Enables better monitoring of third party engagements and performance metrics.
- Facilitates fulfillment of regulatory obligations and brings third party risks into a governance, risk and compliance program.
- Makes complex third party governance easier to understand and manage.
RSA ARCHER® PLATFORM
The RSA Archer GRC Platform provides a common foundation to manage policies, controls, risks, assessments and deficiencies across your lines of business. Improve cross-functional collaboration and alignment, with business users across IT, finance, operations and legal domains working together in an integrated framework using common processes and data. Non-technical users can automate processes, streamline workflow, control user access, tailor the user interface, and report in real-time using the point-and-click interface to build and manage business applications.
- As the foundation for all Archer GRC solutions and use cases, the platform eases system complexity, strengthens user adoption and reduces training time.
- Non-technical users can automate processes, streamline workflow, control user access, tailor the user interface and report in real-time using the point-and-click interface to build and manage business applications.
- Improve cross-functional collaboration and alignment, with business users across IT, finance, operations and legal domains working together in an integrated framework using common processes and data.
RSA ARCHER® ENTERPRISE & OPERATIONAL RISK MANAGEMENT
Gain a clear, consolidated view of your organization's risk exposure.
- Repeatedly recognized as a leader in the Gartner® Magic Quadrant for operational risk management (ORM) solutions.
- Assess, monitor and address risks consistently by consolidating risk information from across your organization in one central solution.
What Is Operational Risk Management?
A subset of enterprise risk management, operational risk management (ORM) is a discipline that provides risk professionals with tools and frameworks for identifying, evaluating, monitoring and controlling operational risks. The Risk Management Association defines operational risk as “the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events.” Examples of operational risks include catastrophic events, cyber attacks, fraud and non-compliance. Operational risk does not include strategic, reputational or financial risk, which fall under the broader umbrella of enterprise risk.
RSA ARCHER® RISK CATALOG
Record and track risks across your enterprise and establish accountability for them. Take a top-down, qualitative approach to assessing inherent and residual risk and enable a three-level rollup of risk, from a granular level up through enterprise risk statements.
- Create accountability for the ownership of risks.
- Enforce a consistent approach to risk assessments.
- Obtain a consolidated list of the organization’s risk.
- Prioritize risks for making informed decisions about risk treatment plans.
RSA ARCHER TOP-DOWN RISK ASSESSMENT
Document risks and controls throughout your organization. Perform risk assessments on new products and services, business processes, and mergers and acquisitions. Execute automated risk assessment campaigns using pre-built forms. Manage and report on identified risk issues and remediation progress.
- Create accountability for risk and controls and promote a culture of sound risk taking.
- Compare relative risk on a qualitative and quantitative basis.
- Establish an organized, managed process to escalate, approve, and remediate issues.
- Gain a consolidated view of risks and internal controls within the organization.
- Identify gaps where risks and controls have not been documented.
- Monitor risks against established tolerances and risk appetite.
- Obtain a clear understanding of your organization’s risk and how it rolls up across the enterprise.
- Promote a better understanding of risk throughout the organization by using consistent terminology, risk assessment methodology, risk rating scales, dashboards, notifications, and reporting.
- Prioritize resources and control procedures based upon risk.
- Quickly provide consistent risk and control reports from one system of record.
- Understand how risks are being treated and controlled throughout the organization.
- Understand the likelihood and impact of risks on an inherent and residual basis.
- Understand the business context of risks in relation to your objectives, products and services, and business processes.
RSA ARCHER® LOSS EVENT MANAGEMENT
Track and report on loss events, perform root cause analysis, and establish accountability across your enterprise. Manage the loss event lifecycle to understand where and how your operational risk management (ORM) program needs to be strengthened. Automate the review and analysis workflow for loss events.
- Consolidated view of loss events by frequency amount, type, source and owner.
- Clear understanding of the cause of loss events and the actions being taken to remediate the problems that led to the loss event.
- Greater engagement of business unit managers in the management of losses.
- Reduced frequency and number of loss events.
- Understand whether remediation plans are being executed on time, as planned.
RSA ARCHER® KEY INDICATOR MANAGEMENT
Manage the key indicator lifecycle to monitor and report on insights to business risks. Establish and monitor metrics related to each business unit within the organization. Associate metrics with risks, controls, strategies, objectives, products, services and business processes to monitor quality assurance and performance.
- Greater accountability for monitoring indicators that provide early warning of emerging problems.
- Reduced reaction time for adverse trends at the earliest point identified.
- Visibility to areas in your organization that have not established indicators or collected the data associated with established indicators.
RSA ARCHER® BOTTOM-UP RISK ASSESSMENT
Implement a consistent risk assessment program to more effectively identify operational risks within your business. Document projects and create questionnaires from the extensive library in RSA Archer. Conduct fraud assessments and risk assessments of new products, services, business processes, or M&A targets.
- Capture a full accounting of all findings from targeted risk assessments in one central repository.
- Execute a project risk rating methodology in alignment with your organization’s approach to risk management.
- Implement a consistent approach to project risk assessments, ensuring that all important considerations are evaluated from project to project.
- Reduce audit findings, surprises, loss events and incidents.
- Speed implementation of risk treatments and remediation plans associated with high risk projects.
RSA ARCHER® OPERATIONAL RISK MANAGEMENT
Understand the business context of risk with an aggregated view of operational risks across the business. Engage business managers in using consistent methodologies to identify and manage the risks and controls under their purview.
- Ability to demonstrate design and effectiveness of risk management program.
- Better understanding of risks throughout the organization.
- Improved risk management and risk management culture by engaging the first line of defense to own their risks and controls.
- More efficient, less time consuming operational risk management program administration, allowing second line of defense teams to spend more time on analysis and less time on administration and reporting.
- Quicker detection and management of changes in risk profile
- Reduced time to problem resolution.
- Reduction in audit findings, fewer surprises, loss events, and incidents.
RSA ARCHER® ENTERPRISE RISK MANAGEMENT
Manage risks to strategic business objectives for an edge in today’s competitive market. Consolidate all risks into one view across your enterprise for reporting and analytics, and to help prioritize limited resources. Capture loss events and perform root cause analysis, document and monitor key risk indicators, and perform risk assessments.
- Catalog business hierarchy and business and IT assets toCatalog business hierarchy and business and IT assets to report on risk report on risk.
- Capture loss events and perform root cause analysis, document and monitor key risk indicators, and perform risk assessments.
- Consolidate all risks into one view across your enterprise for reporting and analytics to prioritize limited resources.
- Document risk transfer through insurance to understand the proper balance of risk to limits and premiums.
- Maintain, manage and report upon a centralized repository of management, audit, and regulatory findings and remediation plans.
- Promote individual accountability and desired risk management culture.
Archer IT & Security Risk Management
Reduce the risk of security threats, poorly defined security practices, and operational security compliance failures.
- Recognized as a leader in the Gartner® 2017 Magic Quadrant for IT Risk Management.
- Build your IT and security risk program.
- Establish your IT controls and compliance framework.
1- CONNECT CYBER SECURITY RISKS IN THE CONTEXT OF GRC.
Address the complexity and cascading impact of rapidly changing cybersecurity risks. Connect your security processes and data with risk management and compliance functions across the enterprise. Incorporate the relationship between business risk and IT risk to establish ownership and accountability.
2- BRIDGE BUSINESS CONTEXT AND PROCESS ENABLEMENT.
Keep the business secure by establishing clear alignment between the business and IT to ensure business security priorities are consistently addressed. Bridge the gaps between people and technology through repeatable processes to identify and escalate emerging business risk conditions efficiently and effectively.
3- ADDRESS IT AND SECURITY RISK MANAGEMENT THROUGH MULTIPLE DIMENSIONS.
Organize your security program in such a way that you can manage the full spectrum of IT security risks, from vulnerabilities and advanced attack threats, to corporate governance and IT compliance obligations.
RSA ARCHER® IT & SECURITY POLICY PROGRAM MANAGEMENT
Establish a scalable and flexible system of governance to manage corporate and regulatory policies and to ensure alignment with compliance obligations. Document policies and standards, assign ownership, and map policies to key business areas and objectives.
- Align your policies with benchmark IT and security frameworks from leading publishers including FFIEC, ISO, PCI, NERC, NIST, UCF and many others.
- Establish clear guidance and controls for IT operations and organize scattered IT and security policies, standards and controls in a centralized governance system of record.
- Establish a documented, common taxonomy for IT and security policies and standards. Assign ownership of IT and security controls and map policies and controls to key business areas and objectives.
- Link regulatory requirements to internal controls while decreasing the amount of time it takes to research and identify key control requirements.
- Reduce the time and effort required to create, modify and manage IT and security policies while streamlining IT governance activities.
RSA ARCHER® IT RISK MANAGEMENT
Capture a complete catalog of business and IT assets for IT risk management purposes. Leverage the IT risk register, pre-built risk and threat assessment methodologies, IT control libraries, and more.
- Accelerate processes for researching and understanding key risk and control requirements. Clearly articulate the organization’s IT risk posture to management and regulators.
- Improve your organization’s overall risk posture with a clear view of your IT risk profile and structured processes for continuously monitoring emerging IT risks.
- Improve communication and understanding of IT control requirements to reduce compliance gaps and improve risk mitigation strategies.
- Keep pace with the rapidly changing risk landscape and shifting business requirements using an agile risk management framework.
- Reduce the risk of business disruption due to outages, cyber attacks, improperly configured software, and other IT-related events and issues, whether cloud based or on premise.
- Streamlined IT risk assessments accelerate identification of IT risks and linkages to internal controls.
RSA ARCHER® IT SECURITY VULNERABILITIES PROGRAM
Offers security teams a big data approach to identifying and prioritizing high-risk cyber threats. Proactively manage IT security risks by understanding the criticality of various assets to business operations and by combining those insights with actionable threat intelligence, vulnerability assessment results and comprehensive workflows.
- Improve handoffs between the security organization and IT operations so that important remediation activities don’t fall through the cracks.
- Improve the closure rate for critical security gaps while reducing the cost, time and effort associated with managing and fixing security vulnerabilities.
- Manage the entire vulnerability lifecycle, from detection and verification through remediation and reporting.
- Manage the large volume of security vulnerability data from multiple scanners with structured processes for prioritizing security issues.
- Obtain a clarified view of security vulnerabilities across your enterprise so that you can proactively inform executive management and the board of directors.
RSA ARCHER® SECURITY OPERATIONS & BREACH MANAGEMENT
Implement and manage a security operations center and improve cyber incident response. Centrally catalog IT assets for incident prioritization based on business context. Focus on the highest impact incidents to lower overall security risk and react promptly and appropriately to data breaches.
- Decrease the time it takes security operations center staff to identify and aggregate alerts, assess business impact, initiate breach response and notify all affected parties.
- Reduce your organization’s cyber risk by understanding the impact of cyber incidents on specific IT assets and business processes, and responding accordingly.
- Speed cyber incident response and analysis and increase resolution rates by better allocating the security team’s time and resources.
RSA ARCHER® SECURITY INCIDENT MANAGEMENT
Manage the cyber incident response process and address the flood of security alerts bombarding your security operations center. Implement a structured process for investigating, escalating and resolving cyber incidents.
- Bring focus to cyber incident management and response.
- Decrease the time it takes to escalate and respond to security alerts.
- Document security incidents and workflows for investigations.
- Get accurate, consolidated cyber incident analysis and reporting.
- Improve security analysts’ ability to prioritize cyber incidents based on business requirements.
- Reduce the effort required to triage and remediate cyber incidents.
RSA ARCHER® IT REGULATORY MANAGEMENT
Stay on top of the constantly changing regulatory landscape, meet compliance requirements and reduce risk. Get an accurate, real-time picture of the state of regulatory compliance across your organization, and understand the impact of regulatory changes on your IT assets, IT controls, and related business processes.
- Establish a systematic process for tracking and analyzing changes to relevant regulatory requirements.
- Link regulatory requirements to internal controls, procedures and standards.
- Obtain a clear understanding of the impact of regulatory changes on the business and IT operations. Prioritize your response to regulatory changes.
- Provide management with guidance and insight on IT-related compliance issues to minimize exposure to compliance risks.
- Reduce the time and effort associated with researching control requirements and modifying IT and security policies in response to changing regulations and other business compliance requirements.
- Streamline the internal IT control framework and eliminate duplicate and conflicting IT controls.
RSA ARCHER® PCI MANAGEMENT
Streamline the PCI compliance process, simplify stakeholder participation and decrease overall compliance effort and cost. Reduce the risk of credit card fraud and identity theft by implementing an effective PCI compliance program, and reduce the risk of costly penalties due to non-compliance.
- Automatically consolidate all issues into a combined view.
- Cut the time spent chasing stakeholder responses and evidence.
- Establish complete end-to-end compliance visibility across all cardholder data flows and PCI-relevant assets.
- Increase accuracy, completeness and reporting coverage for controls testing.
- Optimize operational efforts required to comply with PCI-DSS (payment card industry data security standard) and ease compliance costs and gaps.
RSA ARCHER® INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS)
Accelerate the ISO 27001 certification process. Quickly scope your ISMS and document your Statement of Applicability for reporting and verification. Understand relationships between information assets and manage changes to the security infrastructure with a centralized view of your ISMS.
- Create a complete representation of your information security management system.
- Document your Statement of Applicability for reporting and ISO 27001/ISO 27002 certification.
- Improve your understanding of your organization’s security infrastructure, the various assets you need to protect and potential risks to those assets.
- Implement consistent security policies and standards and confirm security issues have been remediated.
- Report on the overall state of your information security management system and streamline reporting.
Archer Regulatory & Corporate Compliance Management
Meet changing regulatory and policy compliance obligations.
- Establish a sustainable, repeatable and auditable corporate compliance program while satisfying industry- and country-specific requirements.
- Reduce the risk of misaligned IT and business practices, regulatory violations and operational compliance failures.
RSA ARCHER® CONTROLS ASSURANCE PROGRAM MANAGEMENT
Document, assess, and report on the performance of controls across your business. Systematically document the control universe and streamline compliance processes and workflows for evaluating performance of controls. Apply clear, accurate controls guidance in support of any compliance objective.
- Faster identification and resolution of potential issues through a centralized portal.
- Increased control testing and reporting accuracy with reduced effort.
- Reduced time spent researching and linking external compliance requirements to internal controls.
RSA ARCHER® CONTROLS MONITORING PROGRAM MANAGEMENT
Manage the full lifecycle of regulatory and corporate compliance. Assess and report on the performance of controls across all levels of enterprise assets. Automate control assessments and ongoing controls performance monitoring.
- Business context embedded into risk and control definitions.
- Centralized system to catalog all business and technology infrastructure assets.
- Control and technical configuration libraries connected to risk and compliance obligations.
- Compliance projects managed in concert with other business activities.
- Integration with testing and assessment technologies.
- Standardized approach to measuring risk and control performance.
RSA ARCHER® CORPORATE OBLIGATIONS MANAGEMENT
Create a centralized repository to gather, track, and respond to regulatory developments. Implement a system of record for organizing regulatory intelligence. Create clear linkages between changes in regulations and internal controls.
- Improved ability to link regulatory requirements to internal controls and demonstrate compliance.
- Less time and effort required to research control requirements.
- Reduction in time to needed to modify policies in response to changing regulations.
RSA ARCHER® POLICY PROGRAM MANAGEMENT
Create, manage, and distribute corporate and regulatory policies, standards, and procedures in a single governance system of record. Ensure alignment of policies with changing business objectives and reduce compliance gaps. Manage linkages between internal controls and laws, regulations, and industry frameworks.
- Automated workflow and change management.
- Build an integrated controls framework through policies and standards.
- Exception management and governance through appropriate risk acceptance and sign-off.
- Establish a common compliance taxonomy across the business.
Archer Audit Management
Gain control of the complete audit lifecycle.
- Improve governance of audit-related activities while integrating your risk and control functions.
- Transform the efficiency of your internal audit department, complete risk-scoped audits more quickly, and partner with the business to achieve your organization’s goals.
RSA ARCHER® ISSUES MANAGEMENT
Coordinate issues generated by audit, risk and compliance processes and by operational groups. Lay the foundation to establish prioritization, workflow, structure and accountability to manage findings, remediation plans and exceptions. Enable faster reaction to mitigate emerging risks, creating a more secure and resilient environment while reducing costs.
- Improved resource utilization for identifying and remediating issues.
- Reduction of overtime/reactive overload for business operations and IT responding to issues.
- Reduced time to resolve management, audit, risk and compliance issues.
- Reduced duplicative, unresolved or repeat audit findings.
- Reduction of overall risk.
RSA ARCHER® AUDIT ENGAGEMENTS & WORKPAPERS
Efficiently perform audit engagements, maintain workpaper documentation and provide consistent and timely reporting on audit results. Complete better-scoped audits more quickly and decrease external audit fees. Track expense reports and manage timesheets to properly staff audit engagements.
- Assign appropriate personnel for audits.
- Ensure audit engagements and workpapers are performed consistently.
- Enable increased focus on risk-based auditing.
- Easily generate audit reports and findings.
- Provide management and the board with the information they need.
- Reduce requests from external auditors by allowing them to self-serve the information they need.
RSA ARCHER® AUDIT PLANNING & QUALITY
Take a risk-based approach to audit planning to ensure timely, prioritized and effective audit plans. Easily identify, define and assess the risk of your auditable entities across the organization. Gain control of the entire audit planning and execution lifecycle for improved governance of audit-related activities and reporting to the board, regulators and external auditors.
- Continuously improve the audit function through the use of IIA standards-driven assessments.
- Demonstrate the proactive and strategic value of internal audit and more efficient use of audit resources.
- Execute on dynamic, risk-driven audit plans that are aligned with the organization’s priorities and focus on the most important risks.
- Easily provide board-level reporting that keeps the audit committee, regulators and external auditors well informed of the status of audit plans, risk and critical findings.
- Reduce external auditor fees by providing them access to self-serve the information they need.
Archer Business Resiliency
Protect your organization's day-to-day operations during unexpected events.
- Recognized as a leader in the Gartner® Magic Quadrant for Business Continuity Management Planning for three consecutive years.
- Improve the effectiveness of your business continuity, IT disaster recovery and crisis management teams.
- Partner across the business to achieve your organization’s resiliency goals.
Bring business context to business continuity and IT disaster recovery planning: A centralized business process and asset repository tied to the supporting IT infrastructure enables management to catalog and understand the organization, assess the criticality of each process and supporting technologies and infrastructure, prioritize the business continuity/disaster recovery planning process based on criticality, and put recovery plans in place.
Adapt your resiliency program to align with your business priorities: Build your resiliency program on the most configurable software in the industry to tailor continuity, recovery and response processes, add new tools, and program new reports while maintaining your workflows and taxonomies. Keep your resiliency program in line with changes within your organization, new and changing regulations, new business and build resiliency into the very processes you perform.
Integrate incident and crisis response: Build operational resiliency by proactively planning and implementing steps to manage everyday incidents as they arise in your organization. This allows you to improve crisis management to and bring crisis events to swift and successful resolution.
RSA ARCHER® BUSINESS IMPACT ANALYSIS
Identify critical business processes and prioritize recovery activities.
- A single approach for completing business impact analyses with workflow, notifications, review and approval processes.
- Catalog business hierarchy and business processes and supporting IT infrastructure, driving consistent criticality information across interdependencies.
- Consolidated system of record to execute and track all business impact analyses across the enterprise, aligning business continuity, IT disaster recovery, risk and compliance teams.
- Easy management of business impact analyses by business continuity management teams, business unit managers and business process managers.
RSA ARCHER® INCIDENT MANAGEMENT
Centralize and streamline tracking, workflow and resolution of day-to-day incidents, whether they be security, cyber, physical or employee-related—before they become business disruptions.
- Centralize incident data and allow end users to report cyber and physical incidents of any type, including theft, harassment, fraud and phishing.
- Control access to incident data to protect the identity of individuals involved and the integrity of your organization’s confidential information.
- Enable whistleblowers to report incidents anonymously.
- Integrate data from other systems, call centers or intrusion detection services through the flexible Archer Web Services API.
- Link incident types to specific remediation and investigative procedures and monitor all resolution and remediation efforts, status and approvals.
- Produce rollup reports to track incidents and identify trends, incident similarities, and relationships to risks, threats, and crisis events.
RSA ARCHER® BUSINESS CONTINUITY & IT DISASTER RECOVERY PLANNING
Implement a coordinated approach to business continuity and IT disaster recovery planning, testing and execution.
- Coordinate information, priorities and objectives among business continuity, IT disaster recovery and crisis teams, and responders, enabling better focus on the right priorities in the event of a disaster.
Ensure plans are aligned with the organization’s priorities and include the most critical processes and company assets.
Improve response to disruptions to reduce the impact on revenue, brand and customer loyalty, and availability of products and services for customers, employees and third parties.
Implement a consistent and coordinated planning process and methodology for the business and IT supported through one central tool.
- Increase trust by senior management, the board, regulators and employees with higher-quality, tested recovery plans.
RSA ARCHER® RESILIENCY MANAGEMENT
Align and activate business continuity and IT disaster recovery plans, and manage and report on crisis events.
- Align efforts with organizational objectives and priorities through integration with enterprise risk management, incident management and third party management.
- Coordinated information, priorities and objectives among business continuity, disaster recovery and crisis teams.
- Detailed and coordinated recovery plans for business processes and IT infrastructure.
- Efficiently activate and manage plans for business continuity and IT disaster recovery.
- Effectively manage crisis events, send emergency notifications and activate business continuity and IT disaster recovery plans to recover disrupted business operations, facilities or IT infrastructure.
Third Party Governance
Manage your third party relationships and engagements while reducing risks and monitoring performance.
- Automate and streamline oversight of vendor and other third party relationships.
- Fulfill regulatory obligations and implement best practices across the third party management lifecycle.
- Get an accurate picture of third party risk, quickly allocate resources to those that are most pressing, and make better business decisions.
1- UNDERSTAND YOUR THIRD PARTY RELATIONSHIPS
Catalog and assess which third parties your organization is using and how much risk they pose. Understand your third party dependencies and associated risk to optimize third party performance and prevent surprises and losses.
2- MONITOR THIRD PARTY RELATIONSHIPS
Stay current with new or updated vendor relationships and monitor material changes occurring in existing third party relationships. Ensure that no material risk with third party relationships exists.
3- MAKE DECISIONS AND TAKE ACTION
Make consistent decisions about third party risks in accordance with the risk appetite and tolerance of your organization. Ensure that risk treatments are implemented where appropriate. Consistently evaluate risk and apply controls and risk transfer techniques within your organization's risk tolerance.
RSA Archer Third Party Catalog
Document all of your organization’s third party relationships and associated contracts, as well as the business units and named individuals in your organization who are responsible for each vendor relationship. Use a single repository to aggregate all third party information, including profiles, third party business hierarchy, contacts, facilities, accountable third party contacts, and more.
- Drive accountability for individual supplier relationships and accelerate identification of relationship owners.
- Gain the ability to track contract terms, including notification of key contract events such as contract obligations and renewal and expiration dates.
- Improve your understanding of all third party relationships throughout the organization.
- Reduce the time associated with identifying third party relationships and contracts.
RSA ARCHER® THIRD PARTY RISK MANAGEMENT
Leverage a series of risk assessment questionnaires to assess third parties’ control environments and collect relevant supporting documentation for further analysis. Factor the results of these questionnaires into a determination of the organization’s residual risk across several risk categories.
- Cuts the cost and time it takes to resolve issues.
- Facilitates faster, more definitive responses to emerging vendor risks.
- Improves management and mitigation of identified third party issues.
- Leads to reduced repeat audit and regulatory findings.
- Provides a methodical and standardized approach for third party risk assessments.
- Reduces the occurrence of third-party related incidents and losses.
RSA ARCHER® THIRD PARTY GOVERNANCE
Perform integrated third party risk and performance management. Document performance metrics and service level agreement metrics for each third party product and service to ascertain whether each engagement is being delivered in accordance with expected performance. Monitor a third party’s overall performance, document any risk and performance issues and establish remediation plans.
- Create and capture performance metrics and associate them with individual product and service engagements on an ongoing basis.
- Demonstrate the effectiveness of your third party performance management program to regulators and executive management.
- Exercise contract remedies due to poor performance more frequently.
- Obtain and report on overall third party performance profiles.
- Spend less time and money on third party performance remediation.
- Uncover deteriorating vendor performance to more quickly resolve third party performance problems.
RSA ARCHER® THIRD PARTY ENGAGEMENT
Gain a holistic understanding of your organization’s dependency on various third parties across all of your business units. Catalog the products and services they deliver to your organization according to each business process and business unit they support. Perform inherent risk assessments across multiple risk categories and more.
- Administer your third party management program more efficiently and allocate scarce resources based on the most significant priorities.
- Better understand the adequacy of each third party’s proof of insurance.
- Gain visibility into where, how and why third parties are being used throughout your organization and who is responsible for each relationship.
- Gain greater transparency into third party relationships using robust reporting and notifications.
- Identify inherently high-risk third party products, services and relationships.
- Incur fewer audit and regulatory findings.
- Provide positive assurance regarding the adequacy of your organization’s third party governance program to senior management, the board and regulators.
Archer Public Sector Solutions
Purpose-built to meet the unique risk management needs of U.S. federal agencies.
- Improve information assurance program management.
- Maximize existing agency infrastructure investments.
- Exceed minimum Assessment & Authorization and Continuous Monitoring requirements set by FISMA and OMB.
RSA Archer Assessment & Authorization
Comply with FISMA while improving security. Enable a system of record for every person, location, component, and tier in your organization. Meet compliance requirements and lay the foundation for a comprehensive information assurance management program. Manage all phases of the NIST RMF, DIACAP, DOD RMF, and FedRAMP.
- More informed decision making and greater assurance in decisions.
- Reduction of overall IT and security risk.
- Savings in labor hours.
RSA ARCHER® CONTINUOUS MONITORING
Prioritize security risk data and automate control assessments. Enhance FISMA and OMB compliance activities by verifying that information systems abide by authorization agreements and operate within acceptable levels of risk. Use reporting and workflow to focus limited resources on remediation efforts that provide the greatest benefit.
- Increased visibility and better decision making.
- Increased confidence based on current data.
- More current risk data.
- Reduced exposure time
RSA ARCHER® PLAN OF ACTION & MILESTONES (POA&M) MANAGEMENT
Lay the foundation for your information assurance program by establishing the organizational structure and assigning accountability for risk and compliance issues. Escalate issues with an organized, managed process to get visibility into known risks and efforts to close and address risks. Create a more secure and resilient environment with faster response to emerging risks.
- Improved staffing management for remediating issues.
- Reduction of overtime/reactive overload for operational staff responding to issues.
- Reduced time to resolution on audit, risk and compliance issues.
- Reduction of overall risk.
- Reduced repeat findings.
Archer GRC Platform
The RSA Archer GRC Platform provides a common foundation for managing policies, controls, risks, assessments and deficiencies across your lines of business.
1- APPLICATION BUILDER
Tailor RSA Archer GRC solutions to your unique methodologies and build on-demand applications through point-and-click configuration. Non-technical users can automate processes, streamline workflow, control user access, tailor the user interface and report in real-time.
2- ADVANCED BUSINESS WORKFLOW
Define and automate business processes for streamlining the management of content, tasks, statuses and approvals. Enable application authors to visually describe business processes as a flowchart, allowing business processes to automatically assign tasks based on specific conditions like assigning ownership, setting priorities or escalating issues.
3- SYSTEM INTEGRATION
Consolidate governance, risk and compliance information of any type. Seamlessly integrate data systems without requiring additional software. Automate movement of data into and out of the platform to support data analysis, process management and reporting.
4- DEPLOYMENT FLEXIBILITY
Balance administrative control, time to value, and cost considerations when planning your implementation with support for on-premises and hosted deployments. Enjoy the freedom to deploy the platform in the most appropriate environment based on your current needs and move applications from one environment to another as your requirements change.
5- SEARCH, REPORTS AND DASHBOARDS
Take advantage of pre-built reports and dashboards and create your own with the user-friendly web interface. Easily review risk and compliance data using extensive search capabilities.
6- ACCESS CONTROL
Enforce who can access specific risk and compliance data at the system, application, record and field levels so users interact only with information relevant to their roles.
Enable customers to support multiple languages within their RSA Archer environment with region or language locale-specific components and multilingual developments designed for use in markets worldwide, including double-byte support.
8- PRE-BUILT INTEGRATIONS
Take advantage of pre-built integrations for the RSA Archer GRC Platform available on the Archer GRC Community on RSA Link. Integrations undergo certification testing to ensure they provide the quality, performance and ease of use required.