The RSA® Archer® GRC Platform supports business-level management of enterprise governance, risk and compliance (GRC). As the foundation for all RSA Archer GRC solutions, the Platform allows you to adapt a broad range of solutions to your requirements, build new applications, and integrate with external systems without touching a single line of code. RSA Archer helps to develop the organization's GRC program with solutions based on industry standards and best practices.
- Audit Management
- Business Resiliency
- IT & Security Risk Management
- Enterprise & Operational Risk Management
- Regulatory & Corporate Compliance Management
- Third Party Governance
- Public Sector
Each solution is designed based on best practices and compliance standards as well as experience in building a corporate class.
RSA Archer platform
The RSA Archer GRC Platform provides a common foundation for managing policies, controls, risks, assessments and deficiencies across your lines of business. This unified approach eases system complexity, strengthens user adoption and reduces training time. The Platform enables cross-functional collaboration and alignment. Business users across IT, finance, operations and legal domains can work together in an integrated framework using common processes and data. Non-technical users can automate processes, streamline workflow, control user access, tailor the user interface and report in real-time using the point-and-click interface to build and manage business applications.
RSA Archer Platform allows you to adapt a broad range of solutions to your requirements – i.a.:
- Application builder
Tailor RSA Archer GRC solutions to your unique methodologies and build on-demand applications through point-and-click configuration. Thanks to that RSA Archer can be customized to the individual and specific requirements of each organization
- Advanced business workflow
Define and automate business processes for streamlining the management of content, tasks, statuses and approvals.
- System integration
Consolidate governance, risk and compliance information of any type. Seamlessly integrate data systems without requiring additional software. Automate movement of data into and out of the platform to support data analysis, process management and reporting.
- Search, reports and dashboards
Take advantage of pre-built reports and dashboards and create your own with the user-friendly web interface. Easily review risk and compliance data using extensive search capabilities.
- Access control
Enforce who can access specific risk and compliance data at the system, application, record and field levels so users interact only with information relevant to their roles.
Enable customers to support multiple languages within their RSA Archer environment with region or language locale-specific components and multilingual developments designed for use in markets worldwide, including double-byte support.
GDPR compliance in RSA Archer
RSA Archer addresses compliance issues for GDPR in four key aspects, perceived as the most valuable steps in the implementation of the GDPR compliance:
- Risk management
- Compliance managemnt
- Data governance
- Management of violations and data leakages
RSA Archer offers several use cases to meet specific GDPR requirements:
RSA Archer Data Governance
RSA Archer Data Governance is designed to provide a framework to help organizations identify, manage, and implement appropriate controls around personal data processing activities.
- Build and maintain an inventory of personal data processing activities and assets utilizing a purpose built taxonomy and data structure
- Track data retention schedules and execute a checklist based on Article 30 requirements as it relates to processing activities.
- Manage activities related to notifications and consents linked to the processing activity inventory.
- Maintain a register to help processing activities in accordance to directives and laws such as the GDPR Article 30 record keeping requirements.
RSA Archer Privacy Program Management
RSA Archer Privacy Program Management is designed to enable organizations to group processing activities for the purposes of performing data protection impact assessments and tracking regulatory and data breach communications with data protection authorities.
- Maintain assessment scopes for personal and sensitive data environments
- Perform privacy impact assessments (PIA) and data protection impact assessments (DPIA)
- Identify operating conditions that may necessitate a DPIA pursuant to Articles 35 and 36 of GDPR
RSA Archer® Audit Management
Many times, the audit team cannot focus on helping the business evaluate new risks and opportunities because they are spending time evaluating past performance of controls. Using RSA Archer Audit Management, you can incorporate more of a risk-based approach and collaborate with risk and compliance business partners. You can integrate the appropriate view of risk into evaluation of the most critical areas and controls, allowing you to focus on strategic business initiatives that show the audit team’s value to the organization.
RSA Archer Audit Management provides a variety of use cases to meet your specific business needs and progress in your GRC maturity journey, including:
RSA Archer Issues Management
Lays the foundation for your GRC program to manage issues generated by audit, risk and compliance processes. The use case includes the Business Hierarchy to establish the corporate structure and accountability for risk and compliance Issues, and applications to manage findings, remediation plans and exceptions to address risks and associated resolutions.
With RSA Archer Issues Management, you can create a consolidated view into known issues. With an organized, managed process to escalate issues, you get visibility into known risks and efforts to close and address risks. Workflow for proper sign-off and approval for issues, remediation plans and exceptions ensures identified issues are managed and mitigated. You will see quicker reaction to emerging risks creating a more secure and resilient environment while reducing costs. You can view the full use case on RSA.
Audit Engagements & Workpapers
Perform audit engagements, maintain workpaper documentation, and report on audit results in a consistent, timely manner.Track expense reports and manage timesheets to staff your audit engagements with the right personnel. RSA Archer Audit Engagements & Workpapers helps transform the efficiency of your audit department, complete better scoped audits more quickly, and decrease external audit fees. You can view the full use case on RSA.
- Ensure audit engagements and workpapers are performed consistently
- Reduce external auditors time and requests by providing allowing them to self-serve the information they need
- Easily generate audit reports and findings
- Place more focus on risk-based auditing
- Provide management and the Board with the information they need
Audit Planning & Quality
Enables internal audit teams to define their audit entities and universe, risk assess them, and plan for audit engagements during the coming year. Since RSA Archer Audit Planning integrates rich management risk and control information, Internal Audit can ensure their audit objectives are aligned with enterprise risk management and other related groups. Audit Planning & Quality puts you in control of the entire audit planning lifecycle, enabling improved governance of audit-related activities while also providing integration with your risk and control functions.
With Audit Planning & Quality, you can:
- Execute on a dynamic, risk-driven audit plan that is aligned with the organization’s priorities and focuses on the most important risks
- Easily provide Board-level reporting that keeps the audit committee well-informed of the status of audit plans, risk and critical findings
- Demonstrate the strategic value of internal audit and more efficient use of audit resources
- Reduce external auditor fees by providing access to self-serve information they need
RSA Archer® Business Resiliency
RSA Archer Business Resiliency provides an automated approach to business continuity and disaster recovery planning and execution, enabling swift response in crisis situations to protect your ongoing operations. With RSA Archer, you can assess the criticality of business processes and supporting technologies, and develop detailed business continuity and disaster recovery plans using an automated workflow for plan testing and approval. Key dashboards and reports provide visibility for your senior management, giving them a better understanding of continuity risks, insight into budget requirements, and a level of confidence that a solid resiliency program is in place if a crisis occurs.
RSA Archer Business Resiliency provides several use cases to meet specific business needs and progress in the business resiliency maturity journey, including the following options.
Use cases of RSA Archer Business Resiliency:
- Business Impact Analysis
- Incident Management
- Business Continuity & IT Disaster Recovery Planning
- Resiliency Management
RSA Archer Security Incident Management
Enables the processes to address the flood of security alerts and implement a managed process to escalate, investiagte and resolve security incidents.
- Centralized catalog of IT assets
- Central repository and taxonomy for security alerts (SIEM integrated)
- Full lifecycle support for Incident Response with multiple layers of workflow and escalation
- Incident Investigation with Incident Journals and tracking of Forensic Analysis
- Incident response procedures
- Issues management for IT operations
RSA Archer® Enterprise & Operational Risk Management
With RSA Archer® Operational Risk Management, you get a consolidated and clear view of risk that allows you to prioritize risks, efficiently deploy resources to address the most critical problems, and elevate risk management as a new source of competitive advantage. ORM provides tools and frameworks for risk specialists to identify, assessment, monitor and control operational risk. RSA Archer Enterprise & Operational Risk Management provides several use cases to meet specific business needs and progress in the audit maturity journey, including the following options.
Use cases of RSA Archer Enterprise & Operational Risk Management:
- Bottom-Up Risk Assessment
- Risk Catalog
- Top-Down Risk Assessment
- Loss Event Management
- Key Indicator Management
- Operational Risk Management
RSA Archer Operational Risk Management
RSA Archer Operational Risk Management enables cataloging business processes and sub-processes, documenting risks associated with business processes, and mitigating controls. By integrating these use cases, risk managers have a comprehensive operational risk management program that reinforces desired accountability and risk management culture throughout the organization, providing necessary transparency through reporting, dashboards and notification alerts.
- Consolidated view into business processes, risks, controls, loss events, key indicators, and outstanding issues and how they are all related
- Support for first line of defense self-assessments and top down and bottom up risk assessments
- Efficient management of self-assessment campaigns by second line of defense stakeholders, including necessary workflow to vet and challenge first line of defense assessments
- Robust key risk and control indicator program management to provide early warning and remediation
- Visibility into operational risk via predefined reports, risk dashboards, workflow and notifications
RSA Archer® IT & Security Risk Management
RSA Archer® IT & Security Risk Management allows you to determine which assets are critical to your business, establish and communicate security policies and standards, detect and respond to attacks, identify and remediate security deficiencies, and establish clear IT risk management best practices.
RSA Archer IT & Security Risk Management provides several use cases to meet your specific business needs as you mature your risk program, including the following options.
Use cases of RSA Archer IT & Security Risk Management:
- IT & Security Policy Program Management
- IT Controls Assurance
- IT Security Vulnerabilities Program
- IT Risk Management
- PCI Management
- Cyber Incident & Breach Response
- Cyber Risk Quantification
- IT Regulatory Management
- Information Security Management System (ISMS)
RSA Archer® Regulatory & Corporate Compliance
RSA Archer® Regulatory & Corporate Compliance Management allows you to consolidate information from multiple regulatory bodies, document their impact to the business, and establish a sustainable, repeatable, and auditable regulatory compliance program. With RSA Archer Regulatory & Corporate Compliance Management, you can obtain a clear view of the organization's state of compliance, enabling you to prioritize activities that address the regulatory requirements having the greatest impact on the business. Limiting overcompensating responses and wasted cycles preserves the ability to direct more resources back to strategic areas of the business.
RSA Archer Regulatory & Corporate Compliance Management provides several use cases to meet your specific business needs as you mature your regulatory and corporate compliance program, including the following options.
- Policy Program Management
- Corporate Obligations Management
- Data Governance
- Privacy Program Management
- Controls Assurance Program Management
- Controls Monitoring Program Management
Records Retention Utility
Records Retention Utility tool is designed to meet Corporate Records Retention Requirements for Archer Customers. With a step by step user interface, users can now select records within any application or questionnaire and export defined records from a Global Report. All records are exported in bulk as their own individual attachment using any of the Archer supported file formats or mail merge template. Fields defined within the Global Report are also selectable within the Utility and exported as meta-data from each record to a user-defined folder location as a CSV or JSON file.
Once all attachments and meta-data have been exported to a folder location, Enterprise Document Management Systems such as EMC Documentum can automatically retrieve the data and apply appropriate records retention policies.