Skip navigation
All Places > Products > RSA Archer Suite > Blog
1 2 3 Previous Next

RSA Archer Suite

339 posts

History and heroes? Sounds like tall talk, right? Nope, not at all. The time is now. And the Nashville.


Fifteen years ago the "Archer Summit" was born out of a dream to build a...


Hmmm...wait a second...come to think of it I never heard what the original dream was! Many of us joined the RSA Archer fold long after that fateful gathering. However I do know what came from it -- an amazing product propelled to the top of its industry by the largest GRC family on the planet!


Ever since then we've been regaled with tales about the first ever "Summit" .. the ragtag band of entrepreneurial pioneers .. the oppressive AZ heat .. and most importantly, the famous bar tab rescue (when the party venue's credit card machine stopped working before we could pay for our event!)


So what's the secret behind the magic? What's the common link that makes it all possible?


The answer of course is YOU!!


Without YOU there is no summit. It's that simple. The famous "bar tab rescue? Yep, that heroic effort was in fact customer led; just like the presentations that year and every year since. The RSA Archer Summit has always been about maximizing customer engagement and working together. Always customer first and customer focused.


If you've attended an RSA Archer Summit or RSA Charge event before then I have a question for you. Remember that feeling of being in the audience when your own personal light bulb went off as the presenter described a solution to a similar challenge that your organization was also facing? Seeking answers to that challenge might have even been the very reason that brought you to the summit in the first place.


Remember how fired up and encouraged you were to learn the speaker wasn't a professional trainer, but was actually just like you? A fellow customer sharing their story, educating peers across industries, and energizing you in the process. The RSA Archer Summit is a reflection of our impressive RSA Archer Community following and both are truly unique in our industry. Customers coming together out of an innate desire to learn and help each other as part of something bigger. What a cool concept to embrace.


Well guess what! Now it's your turn to be a hero! The only thing required to rise to the challenge is to simply submit a presentation idea. While the first Archer Summit may have been small and cozy, it was still very impactful. Just look how far we've come since then! Today customers from around the world and all levels of GRC maturity gather each year in growing record numbers to exchange ideas, learn, and get inspired to own risk.


If you've never attended an RSA Archer Summit you might be wondering whether you could also be a presenter. The answer is YES OF COURSE!! Some of our best presentations have come from customers that were not only first-time attendees, but achievement award winners too!


MARK YOUR CALENDARS: The Call for Speakers ENDS FEBRUARY 28, 2018!


The window is closing fast. Don't miss your chance to be one of the next heroes in the RSA Archer Community. The instructions below will guide you on completing your submission. Steve Schlarman's blog post offers several great tips on trending topics and presentation ideas. Additional insights can also be found here and here courtesy of my fellow GRC Strategists at RSA Archer HQ.


The speaker submission process is simple:

  1. Download the form.
  2. Complete the form.
  3. Email the completed form to Include “Speaker Submission” in the subject line.

(Final selections will be communicated to speakers once the selection committee reviews all submissions.)


So that covers the "hero" portion of my post. But what about the "history" part? How does that fit in?


Again, the answer is simple. What better way to celebrate the 15th anniversary of the original summit then to mark the occasion with the return of the RSA Archer-only summit too! While the combined RSA Charge event will continue bi-annually, us GRC folks are a pretty tight-knit group. We couldn't go two whole years between gatherings! We'd miss each other too much! Needless to say all of us here were pretty excited when we heard the news at RSA Charge last year. And we're grateful to our executive leadership for their continued support and confidence in the power of the RSA Archer Community and brand. I did mention we're also a big GRC family after all, right? donating your time and energy, and sharing your unique insights, not only can you walk taller as a recognizable hero in the RSA Archer Community, you can also become an important part of our unique history to boot! Speaking of boots...don't forget we'll be in Nashville this year too! Lots of boots, good music, and in the grand tradition of RSA Archer Summits past, always a great time had by all. General registration is also open now on the RSA Archer Summit website.


See you there partner!

It’s that time again - the third release for the RSA Exchange is here!


We’re introducing a new App-Pack for document request tracking and a new Tool & Utility for user profile and contact synchronization, along with 12 new Integrations.


We’re very pleased that the RSA Exchange has been such a big hit, with more than 40,000 views to-date! Since we kicked off the RSA Exchange in August 2017, we’ve delivered five App-Packs, four Tools & Utilities, and 27 Integrations as offerings via the RSA Exchange.RSA Exchange Offering Types


In case you haven’t heard about or checked out the RSA Exchange yet, it helps you easily access and download best-practice App-Packs, Integrations, and Tools & Utilities. The RSA Exchange features offerings that leverage On-Demand Applications created by RSA and RSA SecurWorld partners, known as App-Packs, via the RSA Link online community. It also highlights RSA Ready certified Integrations that enable you to pass risk data between the RSA Archer Platform and third party software, as well as Tools & Utilities to help administrators manage the Platform.


Let’s get to the good stuff -- here are details for the RSA Exchange Release R3 offerings:

  • App-Pack: RSA Archer Documentation Request Tracking provides an automated governance process for capturing and approving requests for documentation. Internal teams can request official documentation or legal reviews for internal teams, customers or vendors. The app-pack captures requester contact information, request priority, and documents the impacted business units, process, applications, products, and services. Upon request approval, the documentation can be shared by the approver or subject matter expert.   Documentation Request Tracking also helps your organization measure and manage request expected delivery and SLA timeframes.


  • Tools & Utilities: RSA Archer User Profile and Contact Synchronization provides an automated method for connecting and synchronizing the User Profile system data with the Contacts application. This offering uses the RSA Archer RestAPI and a data feed to synchronize key attributes such as first and last name, user name, email address, phone number, language, and more. 



Interested in learning more about these latest offerings? Check out the details on the RSA Exchange and join us for these upcoming Free Friday Tech Huddles:

  • March 9 – RSA Archer Release R3 overview
  • March 23 – Symantec Control Compliance Suite (CCS) integration demonstration

Here we are again, looking forward to another GREAT RSA Archer Summit, this time in Nashville, Tennessee, August 15-17, 2018.  Registration is already open and we would love to have you sign-up to attend but what we would love even more is for you to make a presentation at the conference so other customers can learn from you and your experiences using Archer to improve risk and compliance management.  You see, this is what really makes the RSA Archer Summit successful every year, customers like you who are willing to share proven best practices and techniques using Archer.  Download the form now to make a presentation!


Don’t forget, this is taking place in Nashville, TN!  I had the pleasure of attending a family reunion in Nashville a couple of years ago.  It was a blast.  Besides me vouching for Nashville, here are a few tidbits to further pique your interest:


In Downtown Nashville in 1971, workers excavating the foundation of the First American Bank came across a cave system from the prehistoric era. This cave system had remains of a foreleg from Smilodon Fatalis along with a nine-inch fang.  This is why the Nashville Predators Ice Hockey team’s mascot is a Saber tooth tiger!


The Nashville Visitor website quoted Condé Nast Traveler as saying "There's enough going on [in Nashville] food-wise to warrant a trip solely for eating"   For example, the Pancake Pantry restaurant has a  menu listing more than 20 melt-in-your-mouth pancake selections. 


Lastly, the Nashville Chamber of Commerce states on their website: “With live music of every genre being performed any night of the week, more than 180 recording studios, and some 5,000 working musicians, Nashville is known the world over as Music City.” 


I’m here to tell you, between August 15-17, Nashville is going to be known the world over for something more than Music City.  It’s going to be known as the biggest and best Risk Management & GRC Summit in the world!


Be a part of the best Risk Management & GRC Summit by answering this call for speakers.  By presenting, you receive a complimentary pass to attend the Summit.  Sign-up today – for more info see the RSA Archer Summit 2018 - Call for Speakers is Now Open blog.


If you read Steve Schlarman’s blog from last week (RSA Archer Summit 2018 - Call For Speakers Now Open), you now know a few important facts.  First, RSA Archer Summit is August 15-17 in Nashville this year, and it’s dedicated entirely to Archer customers!  Second, the Summit revolves around our customers, and most of the sessions are presented by our customers, which makes the content fantastic.  And third, it’s time to get your session ideas submitted through our Call For Speakers process - that’s right, we want you to speak at Summit!  The process is simple:

  1. Download the form
  2. Fill out the form completely.
  3. Send the form Include “Speaker Submission” in the subject line.


When you submit a topic to speak at Summit you’re definitely not alone! We will work with you to make sure the presentation topics you submit will add value and then once selected, we work with you on your presentation to help you be successful.  Being a speaker at Archer is like presenting to your friends because Archer customers at all levels of maturity are looking for new connections with good ideas of how Archer can be used.  We want this to be an excellent experience for you, and in turn make the Summit an awesome event, so we work with you along the entire way.


What makes the RSA Archer Summit such a valuable experience are the relationships you build while you’re there.  Relationships with other Archer customers and users; with RSA employees that sell, support and develop Archer for the future; and with our partners, professional services, consultants and more.  When you present a session at the Summit you’re much more visible and definitely have the opportunity to connect with even more contacts there.


This Summit marks our 15th anniversary.  You’ll meet a few folks that have been to each Summit (or Charge), more that have attended a few events, and even more who are new to Summit.  Whether this marks your 15th or 1st Summit, we want to hear from you!  So, submit your presentation ideas via the instructions above and we look forward to seeing you at Summit!


MARK YOUR CALENDARS: The Call for Speakers ENDS FEBRUARY 28, 2018.  

What were you doing 15 years ago? I was working at PricewaterhouseCoopers straddling multiple engagements ranging from helping some companies prepare for SOX (Is it really that long ago?) to developing CISO strategies to working on a little product that was to lead to my current tenure at RSA Archer. 15 years in this industry is a long time. A very long time. In the security world, 15 years ago the L0pht and Cult of the Dead Cow had slowly faded into the distance but information security was taking wild, bold new steps. I still had ToneLoc installed on my laptop for war dialing but we certainly saw huge technology shifts coming our way. GRC was just in its infancy.  Wikipedia says the first scholarly research was in 2007 but some forward leaning companies were already thinking in broader terms of compliance and risk management.

According to legend, a small group of individuals gathered in a hotel conference room - an equal number of Archer Technology employees and customers - to talk about a product just starting its journey. The Archer Summit (as it was called then) was born.  Some of you might have been there or work for companies that were part of that important event. Fast forward a decade and a half, and from that humble beginning, this event is on the cusp of celebrating its 15th Anniversary this August.

Registration for the 15th Annual RSA Archer Summit is open and last week I announced the Call for Speakers. The 2018 RSA Archer Summit, hosted in Nashville this year, is dedicated solely to RSA Archer customers in honor of our big anniversary.  The Summit is a unique opportunity to network and celebrate our vibrant community of professionals in the risk, compliance, GRC, security (and all of the other hats we wear) industry.

This year’s event will continue in the tradition of our user conferences. As with years past, we will have several tracks dedicated to risk, compliance and RSA Archer technical practices along with plenty of social events to learn and share from your colleagues. We will be within walking distance of B.B. King’s Blues Club (a personal highlight for me), the Country Music Hall of Fame and the historic Second Avenue District of Nashville. As always, it will be a great experience to broaden your horizons, dig into what is working for other companies and share your own insights.

The Summit will provide invaluable face-to-face opportunities to discover best practices, hear about the latest product innovations, network with other customers, and meet one-on-one with RSA Archer experts and executives. RSA Archer Summit 2018 is your chance to let us know what product advances you’d like to see in future releases, connect with other leaders in your industry and gain firsthand knowledge that you can’t get at your desk.

In the coming months, we will continue to share more information as the Summit gels together. Keep tuned for updates and get ready to plan your week. Meanwhile, check out some videos from last year’s summit: Rohit Ghai’s keynote on “The RSA Advantage” David Walter’s keynote “The Future Vision of Risk Management”, my keynote on “What the Wild West Taught us about Risk Management” or check out the RSA Charge 2017 materials available on RSA Link.

As we announced last year at RSA Charge, the RSA Archer Summit this year is in Nashville. Registration is now available on the RSA Archer Summit website.

I am pleased to announce this year’s Call for Speakers for the 2018 RSA Archer Summit is open.  Each year we have a wide range of submissions to contemplate as we build the conference agenda. Given the GRC and Risk Management universe is so broad, this year we are simplifying the categories for our education tracks.

There are three topics for speakers to consider:

Business Risk Management in Practice

Sessions should focus on best practices in enterprise and operational risk management, IT risk management and security, operational risks, third party governance, compliance, business continuity risk or audit.  The audience for this track will be risk, security, compliance, audit and continuity professionals tasked with execution of these processes. Content should include best practices, case studies or war stories. Examples include how to identify, assess and monitor risks, risk assessments, security operations, BC/DR planning and compliance processes and how RSA Archer is being used in your organization to support these practices. The presentation should include an explanation of the business problem, desired outcomes, required functionality, solution outcomes and metrics used to measure success.


The RSA Archer Journey

Sessions should focus approaches, strategies and recommendations for the implementation of your business risk management program from an organizational perspective. The audience for this track will be individuals responsible for overall program execution, strategy, project managers, GRC champions or those tasked with getting a program up and running. Content should include case studies and recommendations for assessing maturity, changing organizational culture, building long term strategies or removing organizational barriers or obstacles. Examples include how to achieve consensus, measure value of the program, reporting on return on investments, organization change management or strategic roadmaps.  The presentation should include an explanation of the approach taken (centralized, top-down, decentralized, federated, or some combination), the rationale, the phases of organizational achievement, and the major milestones in risk and compliance maturity.


RSA Archer Technical

Sessions should cover beginner to advanced uses of the platform, custom objects, data feeds, on demand applications, integrations, etc.   The audience for this track is RSA Archer administrators, developers, integrators or those tasked with operational support of the RSA Archer platform. The content must include demonstrations of a business problem that is addressed using the RSA Archer platform. Screen shots, recorded or interactive demonstrations are required. This should be a “How To” presentation to instruct the audience on optimal platform configuration.  Other technical presentations may cover topics such as the administration of the platform, backup/recovery, system architecture, etc.


If you are contemplating submitting a session, know that this is a very rewarding experience. Presenting to your peers can be a bit unnerving but the satisfaction and return is worth it. To teach others is to learn about oneself. Thinking through your experiences, applying your new found knowledge and acknowledging your successes and lessons learned is as much of a benefit as imparting your wisdom to others.

I invite all of you to take a look across your implementation of RSA Archer and pull out those nuggets to share with your peers. The RSA Archer Summit is the perfect venue to help others navigate their own challenges and for you to pass on (and receive) knowledge and experience.

The process is simple:

  1. Download the form.
  2. Fill out the form completely.
  3. Send the form to Include “Speaker Submission” in the subject line.

MARK YOUR CALENDARS: The Call for Speakers ENDS FEBRUARY 28, 2018.  

Selections will be communicated with speakers once the selection committee reviews all submissions.

Upgrade from 5.x to 6.x With RSA Professional Services:

We can all agree that upgrading to 6.x before EOPS for 5.x kicks in on December 31 makes sense. Now it can also make sound fiscal sense too. Now, due to popular demand for the Professional Services upgrade offers, we have extended the date through February 4, 2018.


RSA Professional Services (PS) is offering two special discounts on upgrade services in order to help you make the most of the transition. Why go it alone?


Offer #1: 20% off the RSA readiness assessment and upgrade for up to three environments ($14,800 after discount)


Offer #2: 30% off a bundled purchase of RSA’s readiness assessment and upgrade for a single environment ($8,400 after discount)


Key Benefits of working with RSA PS include:

  • Ensures your environment is optimized for the latest RSA Archer upgrade
  • Work with professionals who have helped others successfully navigate the upgrade process and have insights into potential roadblocks*
  • Successful deployment of the RSA Archer software upgrade into production in a reduced timeframe by following RSA-recommended best practices    Note: May take up to 30 days for Professional Services to staff for committed work order


Read RSA Archer GRC Upgrade Services to learn more; Offer expires February 4, 2018. Contact your local Account Representative for more information about these fixed scope upgrade service offers as well as upgrade services that can be custom scoped for your specific implementation and business requirements.



Upgrading to 6.x Without Professional Services Support:

With EOPS on Dec. 31 for 5.x, the window of opportunity is closing. For those customers who wish to complete the 6.x upgrade journey without PS Support, there are several steps that are required to complete the task:


Step #1: Review the Release 6.1 and Release 6.2 subspaces on RSA Link

Step #2: Complete the Release 6.x pre-upgrade survey

Step #3: RSA Archer will review the survey information, generate, and deliver your new Release 6.x License Key, required for post-upgrade operations

Step #4: Download and install Release 6.x, execute your upgrade plan, and go live

Step #5: Notify RSA Archer that your upgrade is complete


Read RSA Upgrade Process to learn more. Contact your local Account Representative for more information about these fixed scope upgrade service offers as well as upgrade services that can be custom scoped for your specific implementation and business requirements.



Congratulations, your use case is live! You have successfully automated your business process with RSA Archer. After a team high-five and a few moments of contemplation of your team’s shear awesomeness, you hear the “ding” of your email inbox wind up like a month-long holiday radio station. Upon reviewing said inbox, you note a growing list of requests asking:

  • Would you grant access to this great new business process for my whole team?
  • Can I request a data import to speed up the data entry process?
  • I love this report…but could we tweak it to add X value?
  • Can we add another status option to field Y?
  • Can we use RSA Archer to manage Z risks? How about our Friday donut club?
  • Oops! I accidentally added this record. Could you delete it for me?


In the RSA Archer world, a successful risk and compliance program can feel like you’ve climbed the highest peak. And past the peak, that success can overwhelm your team post-implementation with a snowball of requests for enhancements, access requests, and more. Complicating matters, these requests are usually emailed to the GRC team or business process owner and often lack the necessary details needed to adequately define the request’s requirements. Large volumes of these type of requests can overwhelm business process owners and Archer admins who are typically responsible for reviewing the requests, evaluating their impact to the existing business process, and determining their priority to the business. Organizations must establish a governance process to manage and prioritize these requests as their volume increases.


At RSA Charge in October, one of our amazing presenters provided an all too familiar example highlighting the need for a change request program. As their team prepared a business process demonstration for the on-site bank examiners, they noticed a field in their application records suddenly appeared blank. After careful review, it was determined that another team using this “shared” application in RSA Archer decided they weren’t using that particular field…and deleted it.


Unfortunately, this is not an uncommon scenario. But there are two steps that your organization can take to minimize the potential this scenario will happen to you.


Step 1: Institute an RSA Archer Control Board

Business processes require oversight and governance; so does the technology that automates and manages those business processes. A Control Board can ensure that any enhancements or changes to the business process complement or enhance the current risk management process within your organization. An RSA Archer Control Board is responsible for your organization’s RSA Archer roadmap and can review short term minor changes as well as plan for larger projects in the future that may involve more staffing and investment.


The Control Board reviews proposed requests and evaluates the impact the requested change may have to other business processes, applications, questionnaires, calculations, reports, iViews, workspaces, and more. In addition, this team can prioritize the requests based on business need, impact, legal review, effort, and more.


Fortunately, there are many mountain climbers that have forged a successful path ahead and can offer guidance on setting up Archer Control Boards. In fact, several presenters provided their best practices and lessons learned at RSA Charge 2017 and their presentations are available (here and here) on the RSA Archer community. (Please note, these links require access to the RSA Archer Customer/Partner Community.)


Step 2: Automate Your Support Request Process

Managing change requests for your RSA Archer implementation is simply a governance business process. So, why not automate it?


The good news: RSA Archer has done all of the hard work for you! On November 14, we released the RSA Archer Support Request app-pack to capture end user requests for enhancing RSA Archer business processes. Organizations can easily manage their business teams’ ideas including:RSA Archer Support Requests Business Process Owner Dashboard

  • Business process improvements, innovations, or changes;
  • Suggestions for new reports or changes to existing reports;
  • Requests to delete records;
  • Proposals for updating dashboards and iViews;
  • Enhancements application layouts;
  • User access requests, and more.


In addition, the RSA Archer Support Requests app-pack assists business process owners in defining enhancement requirements, level of effort, and prioritizing incoming requests. Once the request has been approved, the RSA Archer Administrator can manage the development status and document progress as the request is being developed and deployed. 


With RSA Archer Support Requests, your Control Board can track, prioritize, and implement requested changes to your RSA Archer implementation allowing your organization to quickly respond to business requests and minimizes disruption to the system and existing business processes.


Interested in learning more about the RSA Archer Support Requests app-pack? Join us for a Free Friday Tech Huddle on December 1, 2017. In addition, a demonstration video is available on the RSA Exchange. Check it out and let us know what you think!


RSA Archer Support Request - Request for Access

RSA Archer Support Request for Access


RSA Archer Support Request - Completed Request for a Report Enhancement

Completed Request for a Report Enhancement

At this year's RSA Charge, it was amazing to me to see so many Compliance, Risk and Security professionals in one place, learning from subject matter experts and each other through technical deep dives and business-driven use cases focused on delivering best practice and lessons learned.  I had the opportunity to speak with so many RSA customers and was inspired by the great work they are doing.    


One of the highlights of the event was that over 100 RSA customers got up on stage during RSA Charge to present their unique use case and the challenges and opportunities they have addressed with the help of RSA solutions.  Thank you for sending us your feedback; it is great to see that overall you felt that the sessions were impactful and of value. 


During RSA Charge you completed evaluations for the sessions that you attended.  These provide us great information, including what sessions you enjoyed the most – you confirmed that one presentation from each RSA Suite clearly stood out as being the BEST! 


Out of 92 outstanding Breakout sessions that took place on Wednesday, October 17 and Thursday, October 18 winners were selected by RSA Charge 2017 attendees for being best overall in:


  • Overall Value
  • Presentation Skills
  • Credibility/Knowledge
  • Engaging/Interactive
  • Avoided Commercialization
  • Relevance


We would like to announce, recognize and sincerely thank the recipients of the RSA CHARGE 2017 Best in Show Award:


            RSA Archer Suite Best in Show Award:

Deanne Dinslage, Sr. Archer Systems Administrator, Assistant Vice President, Bank of the West & Andrea Dollen, Manager, True8 Solutions            

Beyond the Customer - Making RSA Archer Suite Work for YOU! - Tired of hours of documentation for minutes of build?  Let me show you how to use RSA Archer Suite to do this in a few clicks with better results!


RSA Fraud & Risk Intelligence Suite Best in Show Award:

Damon Marracini, Vice President, Citi; Michael O’Connor, eCommerce Principal Product Marketing Manager, RSA; Greg Zaharchuk, Fraud Investigator, Vanguard; Qasim Zaidi, Cyber Process Manager, Capital One; Alma Zohar, Web Threat Detection Product Manager, RSA

Tales from the Trenches: Using Web Threat Detection to Fight Fraud - Learn how RSA Web Threat Detection is helping customers fight real-world cyber fraud.


RSA NetWitness Suite Best in Show Award:

Sean Catlett, SVP, Emerging Services, Optiv

Building a Modern Security Program:  Or… “If I Had to Start Over, What Would I Do?” – Discussion on keys to building your SOC and defending your enterprise using orchestration and automation.


RSA SecurID Suite Best in Show Award:

Michael Duncan, Program/Process Manager, Ameritas Life Insurance Corp; Lisa Ferraro, Developer, Ameritas Life Insurance Corp; Ravi Makam, Principal Consultant, Optiv

Insights and Lessons Learned from Upgrading RSA Identity Governance and Lifecycle and Going Virtual - Ameritas Life Insurance Corporation and Optiv Discuss Upgrading to RSA Identity Governance and Lifecycle Version 7.0.1 and go from a hard appliance to VM's to take advantage of new product capabilities.


Congratulations to all the Best in Show Award winners – RSA Charge 2017 attendees selected these from over 92 sessions!  Great job and thank you!

In regulated industries such as financial services, banking, insurance, and energy, periodic examinations by regulators and auditors are a regular occurrence. They might follow up on a workers compensation complaint; investigate misleading marketing and advertising of products, fraudulent sales practices, or inappropriate underwriting practices; complete a periodic SEC or FINRA exam; or follow up on violations found in a previous exam.


These regulatory examinations can result in costly penalties and fines and unwanted publicity. For example, in 2017 alone, the Financial Industry Regulatory Authority (FINRA) alone has assigned more than $31 million in fines and restitution.


In addition, the process of identifying, locating, and gathering all required documentation for the examiners is a time consuming and often manual process. The data required is owned by a variety of teams across the organization, which requires a great deal of coordination to collect. There are also many systems used to capture necessary evidence and retain records.  Once the exam is complete, tracking the progress and completion of exam findings and remediation actions is executed using email and spreadsheets providing little visibility on findings status and progress.


All of these challenges can be addressed with RSA Archer technology. This week, RSA Archer released the RSA Archer Exam Management app-pack on the RSA Exchange. This new app-pack helps organizations prepare for, document, and manage the processes for conducting a regulatory examination. It provides a centralized process to manage scoping, data collection, collaboration, and the post-analysis phase of an exam. Organizations can:

  • Track the phases of an exam
  • Assign, collect, and track information requests
  • Log hours worked on each phase
  • Maintain visibility into related loss eventsRSA Archer Exam Management - Exam Manager Dashboard


Using RSA Archer Exam Management, organizations benefit with the ability to:

  • Simplify collaboration and the data collection process of evidence for regulatory examinations
  • Reduce the amount of time it takes to prepare for and respond to regulatory examinations
  • Eliminate duplicate requests for information
  • Increase likelihood examiner receives accurate and complete information
  • Efficiently identify and communicate with Information Owners
  • Improve exam finding remediation
  • Enable exam owners analyze past examination results and trends to augment preparation and response to current and future exams
  • Provide visibility into exam and findings status as well as post exam data analysis to identify key trends and patterns
  • Analyze staffing costs to justify required headcount for future exams


Interested in learning more about the RSA Archer Exam Management app-pack?  Join us for a Free Friday Tech Huddle on December 1, 2017. In addition, a demonstration video for this app-pack is available on the RSA Exchange. Check it out and let us know what you think! 


RSA Archer Exam Management - Exam Record

As promised, we’re ready to offer our quarterly release for the RSA Exchange!


If you haven’t heard, the new and improved RSA Exchange helps you easily access and download best-practice ODA App-Packs, Integrations and Tools & Utilities on the RSA Exchangeofferings created by RSA and RSA SecurWorld partners, known as App-Packs, via the RSA Link online community. It also highlights RSA Ready certified Integrations that enable you to pass risk data between the RSA Archer Platform and third party offerings, as well as Tools & Utilities to help administrators manage the Platform.


First, I’d like to welcome two new partners to the RSA Exchange Technology Partner Program. This program enables RSA SecurWorld Partners to develop and offer best practice App-Packs and Tools & Utilities on the RSA Exchange. RSA Exchange Release R2 includes the first offerings from our RSA SecurWorld partners:


I am very excited to bring our partner’s offerings to you and help begin our partner’s journey with the RSA Exchange. Be sure to check out them out on the RSA Exchange.


At RSA Charge 2017 last month, I heard many stories about your risk and compliance successes, as well as the amazing response your organizations have had to GRC programs using RSA Archer technology.  One of the most common questions was “how do you handle the large volume of enhancement and new use case requests?”  Many organizations have created an on-demand application (ODA) to handle these requests.  In addition, RSA Archer has been asked to help provide a more formal process for handling the data collections process for regulatory examinations. To help address these business issues, RSA Exchange Release R2 introduces two new App-Packs:

  • RSA Archer Support Requests captures end user requests and recommendations for enhancing RSA Archer business processes and use cases. Organizations can easily manage their business teams’ ideas for process improvements and innovations by enabling end users to submit business process changes, ideas for new reports, requests to delete records, proposals for updating dashboards and iViews, specifications for enhancing application layouts, requests for user access, and more.
  •  RSA Archer Exam Management  helps organizations prepare for, document, and manage the processes for conducting an audit examination. This offering provides a centralized process to efficiently manage scoping, data collection, collaboration, and the post analysis phase of an exam. Organizations can track the phases of an exam; assign, collect, and track information requests; log hours worked on each phase; and maintain visibility into related loss events.


RSA Exchange Release R2 also highlights several new RSA Ready-certified integrations:


Interested in learning more about these offerings? If you are planning to attend the RSA Archer Summit in London this week, drop by the RSA Exchange demo pod to learn more! We also invite you to join us for a Free Friday Tech Huddle on December 1, 2017 that will highlight these offerings.  And, as always, you can visit the RSA Exchange for all of the details.

Anya Kricsfeld

Launching RSA Ideas

Posted by Anya Kricsfeld Employee Oct 31, 2017

For years RSA has been in business of providing best-in-class security products and services to you, our customers.  I am proud to be surrounded by extremely intelligent and creative coworkers who amaze me with their knowledge, imagination, and ability to make abstract a reality on daily basis.  However, I am even more astounded by the unending well of new ideas I see coming from our customer community every time I interact with or observe an interaction between us and you.  You are the true inspiration and driving force of our innovation.  We build products that solve your problems, we offer services that help you, and everything we do - we do with you and your success in mind.


This is why I am happy to officially introduce you to a new way to harvest and crowdsource our collective ideas together.  This month, we have launched new idea pages on our RSA Link Community:


These destination pages are places for you to show off your creativity and need, to suggest ways that would improve our offerings to help you be more successful.  It is also the place where you can collaborate on your ideas with other like-minded individuals and vote on ideas suggested by others.


We have a great customer community, let’s harness its creative power to see what we can come up with together.


For more information, please check out the following FAQs:


The theme of the latest RSA Archer 6.3 release is “Privacy, Resiliency and Flexibility”.  I can’t think of three better words to describe some of the biggest challenges organizations of all size and shape face today. In this blog I’ll focus on Resiliency.


Resiliency is the ability to quickly bounce back from a crisis, large or small.  Bouncing back implies two aspects: one, not completely breaking upon impact; and two, having the mechanism to quickly recover and resume activity.  Resiliency may entail heroic efforts, but what is more important are the plans, processes and practices that enable organizations to be prepared to quickly bounce back when a crisis hits.


One barrier to building resiliency is lack of coordination.  In any organization, there are siloes - separate departments, processes, systems and information.  Even within a Business Resiliency program, there are siloes – such as separate teams that handle daily incidents, perform business continuity and IT disaster recovery, and that manage crisis events.  This separateness impedes coordination, reduces the ability of the organization to be resilient and forces them to rely on those heroic efforts I mentioned.  Effective coordination is especially crucial in dealing with incidents and crisis events.


Incidents are the day-to-day occurrences that happen in any organization, such as minor employee, physical or IT events.  Most organizations handle enough of these that their processes are very standard so these incidents don’t create much disturbance.  However, where some damage can occur is when these incidents turn into crises, and when incident management teams are not coordinated enough with crisis management management teams to ensure an effective handoff.  Some reasons for the lack of coordination might include:


  • Separate teams. As mentioned in the organization, there are typically separate teams that manage incidents and crisis events. This slows down and often hinders the process of transition the incident to a crisis event, and when dealing with a crisis, minutes often matter.
  • Confusing Communications. Communications surrounding an incident usually involves a small group of individuals directly involved in the incident resolution and it is very prescribed and basic.  However, communication changes drastically during a crisis event, and may very quickly extend to much larger groups like employees and executives, or external parties like regulators, law enforcement and emergency personnel.  It becomes much more complex and ad hoc making the transition difficult.
  • Multiple Systems. Different systems are often used to manage incidents and crisis events.  This may be due to different teams acquiring them or the focus of these point solutions.  This causes a lack of coordination because information is housed in different systems and is not connected to paint the bigger picture, such as what caused the event and its evolution.  This is critical during a crisis event because having the history of the event, those involved and next steps housed in one system helps crisis teams to not miss critical elements and is vital to better managing the event.


Updates to the RSA Archer Incident Management and Crisis Management use cases in the 6.3 release have been added to significantly help with these issues and enable better coordination between incident and crisis teams.  Workflow, discussion forums, event tracking, post-event analysis, and reporting and dashboards have all been developed to enable incident and crisis teams to:


  • Manage the event as one and ensure a more seamless handoff from the incident team to the crisis team
  • Provide a holistic history of the incident and related crisis event so teams can see the bigger picture around the event, make better decisions, and help in planning for subsequent events
  • Reduce confusion between incident and crisis teams with workflow and user roles that help with decision-making, crisis declaration, and transition.


These updates will help disparate resiliency teams improve their management of disruptive events from their inception to closure.  Other departments will also find value in these use cases.  For example, resiliency risk has risen to the Board level in recent years and is also on the radar of most regulators and auditors. As such business risk management teams also have a vested interest in better managing the resiliency of the organization.


Siloes will continue to exist because organizations are complex, however, resiliency can be strengthened by creating more effective and seamless handoffs between siloed areas. These critical updates in the RSA Archer Incident Management and Crisis Management use cases can help reduce resiliency risk to the organization.

On behalf of my co-author, Corey Carpenter, greetings from RSA® Charge in Dallas, TX, the biggest GRC stampede around! We're knee deep in exciting announcements this year, including several new partner interoperability offerings. And of course let's not forget the official launch of RSA Archer® 6.3, with the latest additions to our Regulatory & Corporate Compliance solution domain: RSA Archer Data Governance and RSA Archer Privacy Program Management!


For many years, organizations have wrestled with the daunting task of protecting data in their business operations. The forthcoming European Union (EU) General Data Protection Regulation (GDPR), which takes effect on May 25, 2018, has gathered much attention and is certainly a hot topic of conversation around RSA Charge this week. The EU-GDPR places an increased emphasis on the importance of managing EU resident personal data and the consequences for failing to adequately do so.


The concepts of data governance and protection, while not new, have been pushed to another level under the EU-GDPR as organizations must ensure they clearly understand and adequately protect the EU resident personal data that they collect and use, and retain it appropriately with an increased accountability and transparency to consumers. While this aspect of GDPR may represent a "new normal" for many organizations, to a large extent we believe it merely reinforces what practitioners in the information security and risk domains have known for years. Whether the exercise is driven by regulatory exposure through EU-GDPR, Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), or other similar standards; or simply battling the general risks that information thieves pose to everyone, the concept of data protection has always been critical in managing overall information risk.


As organizations in every market continue to face the ongoing risk of data breaches and the devastating fallout that can occur, in many respects compliance obligations merely underscore an already pressing business need to proactively maintain vigilant operational security processes and due care as critical elements of a sound risk management program. Whether the target is personally identifiable information, or corporate intellectual property, the techniques and approaches are often similar. In today's world of high stakes information thievery and corporate espionage, organizations must protect all types of sensitive data to survive.


Establishing effective controls to protect sensitive information begins with a clear understanding of what those information assets are. Where do they live? How are they used? How does that sensitive data flow into and out of our organization? How are third parties involved? How long should we keep the data? Questions like these may seem simple enough, but they often reveal a complex web of interconnected data siloes that companies struggle to understand and protect.


Enter RSA Archer Data Governance and RSA Archer Privacy Program Management…


RSA Archer Data Governance is designed to help document and understand the flow of key information assets in an organization. What are the entry points for that data? Is it collected through an internal process or third party? Where is it stored, sent, and shared? These types of important details can be documented and tied to the appropriate Notice/Consent statements using RSA Archer Data Governance. As sensitive data is processed and moved from system to system, those critical data flows can be clearly understood and documented, along with relevant data retention and disposal requirements. With a complete picture of the entire data environment, the organization is empowered to demonstrate proper governance and accountability.

RSA Archer Privacy Program Management is designed to help organizations assess the privacy impacts of their data environments and measure the resulting risks. As organizations communicate with regulators to answer questions, respond to inquiries, or even declare a data breach, they can utilize RSA Archer Privacy Program Management to document and manage those communications. For organizations still working through the process of documenting their data environments, this use case also can assist in understanding data inventory scope boundaries through questionnaires to key stakeholders such as application and information processing owners.


Did you know that companies with mature risk management programs are measurably more profitable? How would information like that resonate with your executive management? There's no better place to explore these topics with global experts than right here at RSA Charge, the largest GRC gathering on the planet! Stop by the demo pods in between your learning sessions for a look at the latest and greatest features in RSA Archer 6.3. You can also follow #RSACharge to catch trending conversation topics this week on Twitter.

By now, you may have heard the good news – RSA Archer release 6.3 is now available! RSA Charge 2017 (Oct. 17-19, 2017 in Dallas, TX) is the ideal occasion for us to release our latest software with a bang.

RSA Archer release 6.3 includes two new use cases RSA Archer Data Governance and RSA Archer Privacy Program Management,  platform enhancements, and updates to Business Resiliency, Public Sector and Payment Card Industry (PCI) use casesLook for additional blog posts in the coming days and weeks for a deeper dive into this Release 6.3 functionality.


Use Case Enhancements

Regulatory and Corporate Compliance

Release 6.3 introduces two new use cases as part of the solution, RSA Archer Data Governance and RSA Archer Privacy Program Management. These new use cases will assist companies in managing the requirements set forth by applicable privacy regulations, including the GDPR regulation. PCI Management has also been updated to address the most recent PCI standard release, 3.2.

Business Resiliency

RSA Archer Business Resiliency use cases received a comprehensive upgrade to better help companies manage disruption and crises. Terminology and workflows have been realigned to better support the crisis management process and new out-of-the-box notifications and test plans will help with the velocity of the business continuity management process.

Public Sector

The Public Sector use case updates will improve customer efficiency as well as usability with ICS and SCADA controls. Specifically, the RSA Archer Assessment & Authorization (A&A) use case has improved usability through the use of advanced workflow. This will reduce the time and effort needed to assess information systems, maintain control documentation and manage remediation efforts.

Platform Enhancements

This release has several enhancements to the RSA Archer platform.  Some highlights include:


RSA Archer Administrators will now have access to a new dashboard that will provide insights into system health and activity. They will be able to report on system events such as data feed performance and user activity to improve troubleshooting, system maintenance and operations.


There are also several enhancements that aim to reduce the number of clicks necessary to perform tasks. For instance:

  • ‘Bulk Record Operations’, where a user can now select and update multiple records at once;
  • ‘Direct to Edit’ where a user can open a record in edit mode in one click; and
  • ‘ Save & Close’ where a user can save his work and go back to the previous screen in a single click.

From an appearance perspective, if you want to match your application to your own corporate branding and design, you will have a lot more options to play with and levers to push. RSA Archer 6.3 expands color configuration capability. Administrators can now configure the User Interface to match their corporate branding and design, as well as customize page and field border colors.  

This release contains other improvements as well so check out the release documentation to get the details.  As mentioned early, there will be new posts for a deeper dive into some of these items. Additionally, we invite you to join us for Free Friday Tech Huddles on 6.3 features - Please check back for details.

For more details, read the Press Release or visit the 6.3 Subspace on the RSA Archer community.

Filter Blog

By date: By tag: