Skip navigation
All Places > Products > RSA Archer Suite > Blog
1 2 3 Previous Next

RSA Archer Suite

467 posts

As one of the first offerings available on the Archer Exchange, the Archer Project Management app-pack  helps you to ensure projects within Archer are delivered on time and within budget. 

In updating this app-pack, we interviewed several of customers and made some updates based on their feedback.  

  

First , this offering has been updated to support Archer Platform version 6.9 and contains many features since the app-pack was initially released. We've updated the dashboards to give you quick visibility into your projects and status. Records have been updated to utilize report objects to summarize information regarding project milestones, project financials, and project status reports. We’ve also added a new tab for project status reports where you can easily upload your status reports for the project and track risks. 

  

We have also reduced the number of required on-demand applications (ODAs) for this app-pack.  Initially, six on-demand applications were required. However, we reviewed the architecture and the use case and have broken the use case into smaller processes to fit your business needs. You can start with two ODAs if you would like to track only the projects and milestones. If you'd like to further expand your use case to track project hours, expenses or budgeting, you can do so by implementing the additional on-demand applications. 

  

The Archer Project Management app-pack provides organizations with a way to: 

  

  • Manage and monitor a portfolio of projects simultaneously 
  • Define project scope, milestones, schedule, staffing, and expenses 
  • Assign project staff based on availability across all projects 
  • Manage all project documentation 
  • Leverage real-time dashboards and reports to identify project status, budget, milestone status, and more 

  

  

This offering enables you to: 

 

  • Gain insight into a variety project risks and costs that influence project quality and delivery 
  • Document project milestones and track their completion 
  • Access a real-time view of stakeholders and resources, timelines, project activities and artifacts 
  • Identify and manage issues that may impact project success, and quickly react to changes in project scope or resource availability 
  • Build project delivery confidence through real-time reports to key stakeholders 

  

  

Interested in learning more about the Archer Project Management App-Pack? Register and join us for a Free Friday Tech Huddle on Friday, February 26, for an overview and live demo. Free Friday Tech Huddles are only available to Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at www.archerirm.com. 

Overview

The Evalto Inactive User Reporting app-pack enables you to proactively monitor records to ensure assignment of active users to key business processes across all applications and questionnaires in Archer. When any type of inactive user is identified in open/active/incomplete records, designated Report Owner(s) for the target application receive an email and report with the necessary information to replace inactive users with active users.

 

 

What are the types of "Inactive Users”?

Inactive users are caused by several common scenarios, including:

  • Staff Turnover - Layoffs, attrition, temporary workers
  • Organizational/Access Changes - Staff moving between teams/jobs (users no longer in a group)
  • Locked accounts - Too many invalid login attempts
  • Automatic Account Deactivation - After X days of inactivity (Security Parameter setting)
  • LDAP Sync Inactivation - Intentional or unintentional account deactivation

 

How did inactive users get in my active/open records?

Even when using the “Exclude Inactive Users” feature in record permission fields, users listed in records can become inactive over time based on any of the scenarios outlined above. The question is, will you be able to identify inactive users and reassign tasks before the due dates?

 

What is the problem if I have inactive users in records?

Put simply: inactive users do not complete tasks. It can also increase risks and costs. When incomplete/open records are assigned to inactive users (example “Assigned to” user in Findings), those tasks cannot be completed because notifications are not sent to inactive users, the inactive user cannot login to complete their task, the task/record is stuck in the workflow, and ultimately the task becomes past due.

 

Organizations implement Archer to identify, monitor, and reduce various risks. Failing to identify and remediate inactive users in open/incomplete records increases the very risks you want to reduce.

 

Key Features

  • Easily create reporting configurations per application or questionnaire to find inactive, locked and/or users no longer in groups.
  • Filter/limit reporting to specific records (such as active, open, published).
  • Customize report frequency per configuration (daily, weekly, monthly, and custom).
  • Email notification sent to separate Report Owners per configuration if inactive users are found.
  • Easily open the impacted record and update the record with an active user.
  • Optionally use a .CSV file attachment for tracking updates or data imports.
  • Utilize a review workflow for tracking and influencing dashboard reporting.

 

Key Benefits

  • Eliminate regulatory fines, legal fees, opportunity costs, realized risks, and wasted time from the risks of inactive users responsible for risk and compliance tasks.
  • Simple and elegant solution to proactively identify inactive users responsible for key tasks or activities.
  • Reports of inactive users are sent to specific Report Owners who can remediate the issue (does not have to be system admins).
  • Ensure key risk/compliance tasks and processes are completed on time.
  • Proactively address problems long before campaigns are created, emails are sent, and records are past due.


What's new in Version 2.0 of the Evalto Inactive User Reporting app-pack?

Originally released on the Archer Exchange in August 2020, Evalto Inactive User Reporting V2.0 takes a leap forward in ease of configuration, the addition of reporting users who are no longer in access groups, added support for SaaS and Hosted customers, and many other requested enhancements.

 

  1. Ease of Config Setup: A new setup button automatically pulls a list of applications and questionnaires. After selecting an app/questionnaire, all record permission and user/group fields are available for selection, as well as any numeric fields for filtering. Optionally, Report Owners without system administrator access can manage the config easily.

  2. Users No Longer in Access Groups: This eliminates the pain point when users move between teams within your organization and lose access to records in process. While these users are not technically inactive, they cannot complete tasks or receive emails once access is removed.

  3. Support for SaaS and Hosted Customers: This feature allows Archer SaaS or hosted customers to execute inactive user reporting logic to identify inactive users and produce reports outside of a JavaScript Transporter Data Feed using an enterprise job scheduler or Windows Task Scheduler. On-premises Archer customers can also use this implementation for increased performance and detailed error logging.

  4. Additional Updates:
    1. Increased number of monitored fields to 10 per app/questionnaire
    2. Added additional information to reports
      1. Reason/status of user: inactive, locked, and/or not in group
      2. User’s last login date
    3. Added new scheduling option: Last Day of Month
    4. Increased flexibility of backend configuration of URLs/paths for various web server configurations

 

How to use the Evalto Inactive User Reporting app-pack

Step 1: Create an Inactive User Config Record

Quickly and easily setup an Inactive User Config record in Archer by selecting which application/questionnaire to monitor, report frequency, Report Owners to receive reports, which record permission (or user/group) fields to monitor, and criteria for open records. All the IDs in the image below are automatically populated using the Setup functionality making the creation of a config record a simple and quick one-time task.

 

 

Step 2: Automated Processing Creates Reports when Inactive Users are Found

Data Feeds (or Scheduled Jobs for SaaS customers) use the configuration settings in Step 1 above to automatically identify target records with inactive users and generate reports. The reports are saved as Archer records and an email is sent to the Report Owners specific to that application/questionnaire to remediate.

 

Step 3: Report Owners Remediate Records

The Report Owner who is most knowledgeable about the target application reviews the report. The report includes details on which records have inactive users, the field with the inactive user, and the inactive user’s name/account information. The Report Owner can then start the remediation process of identifying and replacing the inactive user with an active user.

 

 

Interested in learning more about the Evalto Inactive User Reporting app-pack?

Register and join us for a Free Friday Tech Huddle on Friday, February 26, for an overview and live demo. Free Friday Tech Huddles are only available to Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at http://www.rsa.com.

 

Visit the Evalto website to learn more about the Evalto Inactive User Reporting Solution and license pricing & options. If you have any questions or feedback, please get in touch via the Evalto Contact Page.

 

About the author(s):

 

Douglas Campbell

President - Evalto, Inc.
Doug has a strong history of innovative experience in application development, software and infrastructure architecture, IT Security, IT Auditing, and 11 years of dedicated development, administration, and consulting on Archer. Those skills culminate to bring you outstanding results for your risk programs.

 

Doug is wildly passionate about automating Governance, Risk, and Compliance (GRC) activities using the Archer platform so organizations can spend less time on managing risk/compliance and more time on growing their business. At Evalto, Inc. he provides consulting services and builds tools and utilities to help administrators, developers, and power users to save time and money managing the Archer platform to get the most return on their investment.


Gloria Higley

Product Manager - Archer

Gloria is a Product Manager focused on providing useful and relevant product offerings for customers and partners with the Archer Exchange. Offered online through RSA Link, the Archer Exchange provides access to pre-built App-Packs, RSA Ready-certified Integrations, Tools & Utilities, and Content that complement and enhance out-of-the-box capabilities of Archer use cases.

Welcome to 2021! Feel free to join me in expressing a collective sigh of relief!  The Archer Exchange team and our partners are excited to start the year off with new offerings for you, along with updates to some of your favorite existing offerings.

 

Through the Archer Exchange, we strive to provide you with capabilities that address specific needs for your industry, geographic location, and more.  I am very excited to share that Archer Exchange Technology Partners are now sharing Content offerings --pre-mapped collection of best-practice policies, control standards, legal and regulatory requirements, industry standards, and assessments -- via the Archer Exchange. Cogris is the first to provide region-specific content, with the addition of the Turkish Regulation on Banks' Information Systems and Electronic Banking Services authoritative source to the Archer Exchange content library.  We look forward to bringing you new, regional and localized content in future announcements for the Archer Exchange via our Archer Exchange Technology Partners! 

 

This quarterly announcement highlights a total of 33 new and updated offerings to the Archer Exchange, including:

 

 

  • Tools & Utilities: Archer is excited to introduce a new favorite tool & utility – Archer Data Feed Initiator. The Archer Professional Services team developed this offering to enable execution of a data feed on-demand within the Archer interface.

 

 

 

With 33 new and updated Archer Exchange offerings this quarter, we know that is a lot to take in at one time. Not to worry! The Archer Exchange team will be hosting several Free Friday Tech Huddles over the next month to highlight new and updated offerings and provide additional details and demonstrations.  Please join us to learn more! 

 

Note:  Free Friday Tech Huddles are available to existing Archer customers. If you are not yet a customer but interested in learning more, please contact your local representative or authorized reseller.

As we continue to navigate this changing world, one thing has become abundantly clear: the Archer global community is more connected than ever!

 

While we missed seeing you in person at Archer Summit 2020, we were thrilled to be able to bring together global risk changemakers and business leaders for our first virtual Archer Summit experience. We hope the virtual experience delivered the same energy you’ve come to expect at our live events - inspirational speakers, shared best practices and the experience of celebrating you, our Archer community.

 

If you couldn’t join us for Archer Summit 2020 live or if would like to view a session you missed, you can now catch it in the Archer Summit On-Demand Library on RSA Link. Check out the keynotes, breakouts, keynotes, and event resources – it’s the next best thing to being there!


We can’t wait to safely welcome you to Archer Summit 2021, September 13-16, 2021 in Orlando, Florida for the educational, networking and inspirational experience that you have come to expect.

We invite you to share below a favorite memory of past Archer Summit or RSA Charge events or what you are looking forward to experiencing at Archer Summit 2021. Be sure to keep an eye out for #ArcherSummit2021 posts.

Addressing real world challenges for Archer administrators

The role and responsibilities of Archer administrators can quickly become complex when working to ensure a dependable and healthy environment for end users. Increasing amounts of data, interdependencies between use cases, and issues in the environment’s infrastructure are important considerations for Archer administrators when operating their risk and compliance solution.

 

NTT designed the NTT Platform Monitoring and Operations Tool & Utility to provide Archer administrators with a comprehensive approach to monitoring and analyzing the operations of their Archer use cases. NTT Platform Monitoring and Operations enables organizations to closely monitor the health of their Archer environment and proactively identify issues that could impact system integrity or availability.

 

How does it work?

The NTT Platform Monitoring and Operations offering is comprised of two distinct capabilities, Platform Monitoring and Deep Dive Analysis, that each address key components of an Archer administrator's operational needs.

 

With the Platform Monitoring capability, organizations can track over 20 individual parameters within their Archer environment such as data feeds, schedules, system jobs, advanced workflow, search index, and calculations. Administrators can receive automated alerts when issues are detected and view all open issues and trends on the Operations Dashboard. Administrators can easily configure the Platform Monitoring capabilities using the Configuration Dashboard.

 

NTT Platform Monitoring and Operations App-Pack Operations Dashboard

 

NTT Platform Monitoring and Operations Dashboard

 

The Deep Dive Analysis capability enables administrators to analyze many issues that are reported through Platform Monitoring or by end-users in real-time, with no end-user database access required.

 

NTT Platform Monitoring and Operations App-Pack Deep Dive Analysis Dashboard

 

Deep Dive Analysis contains 25 pre-configured scripts to analyze the health of an Archer environment.
The example above shows metrics related to the Job Engine.

 

What are the benefits?

The NTT Platform Monitoring and Operations Tool & Utility enables organizations to:

  • Closely monitor the health of their Archer environment.
  • Proactively identify issues that could impact system integrity or availability. 
  • Improve overall end user experience by reducing system downtimes or other issues in production environments.
  • Reduce effort within operation teams by supporting analysis tasks.
  • Compare the current status of an Archer environment to a past status report to identify performance or platform stability issues that could emerge over time.

 

Application in the real world

NTT DATA operates production environments for many of its global customers and have harnessed their real-world experience to include the most relevant checks and analysis reports in the NTT Platform Monitoring and Operations offering.

 

Since its creation, NTT implements the NTT Platform Monitoring and Operations offering for all new and existing operations services customers. This has provided significant benefit for NTT and their Archer customers as they are able to identify and analyze issues quickly and with less effort.

 

The NTT DATA operations team offers organizations additional levels of support that can be added to the offering, including:

 

  • Initial implementation support when establishing an environment
  • Continuous maintenance subscription, including software updates for both Platform Monitoring and Deep Dive Analysis (including new checks and new analysis scripts)
  • Third-level support during the analysis of issues reported by Platform Monitoring

 

To learn more about the NTT Platform Monitoring and Operations offering, please contact NTT Data at RSAArcher-Offering@nttdata.com. You can also check out the live demo recording from the December 11, 2020 Free Friday Tech Huddle and the NTT Platform Monitoring and Operations Tool & Utility pages on the Archer Exchange.

 

About the author(s):


Lars Rudolff
Senior Managing Consultant, NTT DATA Deutschland

Mr. Rudolff works for NTT Data as Senior Managing Consultant for GRC Tools. Mr. Rudolff is responsible for the technical and strategic orientation of the GRC Implementation practice. He has experience in the area of GRC tools in general since 2005 and with Archer since 2011. He has led implementation projects for many customers, including the introduction of one of the largest Archer environments in Europe at a German car manufacturer.

 

In addition, Mr. Rudolff accompanies the NTT Operations team for Archer, which provides operational services for existing Archer customers. This includes, among other things, second and third level support activities as well as maintenance services such as system upgrades or minor modifications of an existing implementation. He is also responsible for developing monitoring and automation tools for the Archer platform.

 

Gloria Higley

Product Manager, Archer Exchange

Gloria Higley is a Product Manager focused on providing useful and relevant product offerings for customers and partners with the Archer Exchange. Offered online through RSA Link, the Archer Exchange provides access to pre-built App-Packs, RSA Ready-certified Integrations, Tools & Utilities, and Content that complement and enhance out-of-the-box capabilities of Archer use cases. 

To capture an organisation’s business hierarchy, Archer provides three core applications Company, Division and Business Unit. Customers with more complex organisational structures may require additional application levels at the top, the bottom, or somewhere in the middle. There may also be a need to capture multiple alternative hierarchies (for examples regions, markets and functions) and associate objects (like risks and controls) to various levels of the hierarchy.

 

The Bowmen Group Organisational Entities App-Pack provides an extremely flexible and easy-to-manage solution for Archer customers that are seeking:

  • Greater flexibility in the setup and maintenance of their business hierarchy

  • Easier maintenance of multiple types of hierarchies

  • Additional application levels beyond the three core levels – Company, Division, Business Unit – provided by Archer out of the box,

  • Easy integration with a source-of-truth for business hierarchy content

     

Benefits of this offering include: 

  • The ability to manage all business hierarchy content with one single-leveled On-Demand Application
  • Easy and flexible business hierarchy setup and maintenance 

  • Powerful reporting capabilities 

 

Interested in learning more about the Bowmen Group Organisational Entities App-Pack?
Register and join us for a Free Friday Tech Huddle on Friday, December 4, for an overview and live demo. Free Friday Tech Huddles are only available to Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at rsa.com.

 

Bowmen Group Organisational Entities Dashboard

Space

The dashboard provides the users with an overview of risks

per organisational entity. 


Bowmen Group Organisational Entities Record Example 1

Space

An Organisational Entity record contains links to the direct

parent and children as well as the full parent and child structure. 

 

Bowmen Group Organisational Entities Record Example 2

Space

The sample Risk Register application shows the possibilities

of an application targeting the Organisational Entities. 

 

About the author(s):

 

Thomas Alderse Baas

Director & Senior Consultant, Bowmen Group

Mr. Alderse Baas is co-founder, director and senior consultant at the Bowmen Group. He has been working as a consultant within the GRC space for 10 years and has seen many different RSA Archer projects from start to end. Currently, he is Archer solution architect and responsible for the quality assurance for one of the biggest banks in the Netherlands. His knowledge on GRC combined with the technical skills on Archer makes him a perfect candidate to work with both business and IT. With a MSc in Artificial Intelligence, he is also responsible for the AI strategy of the Bowmen Group.

 

Gloria Higley

Product Manager, Archer Exchange

Gloria Higley is a Product Manager focused on providing useful and relevant product offerings for customers and partners with the Archer Exchange. Offered online through RSA Link, the Archer Exchange provides access to pre-built App-Packs, RSA Ready-certified Integrations, Tools & Utilities, and Content that complement and enhance out-of-the-box capabilities of Archer use cases. 

Today, we’re pleased to announce availability of Archer Exchange offerings for November 2020. This release marks the successful completion of our first continuous release cycle for the Archer Exchange. And there are more great offerings to come!

 

This latest Exchange release primarily includes updates to a number of existing offerings, but also includes a few new offerings:

 

  • App-Packs– pre-built applications addressing adjacent or supporting Integrated Risk Management processes (e.g. niche, industry, geo-specific)

 

  • Tools pre-built functions enabling administrators to more easily manage their Archer implementations
    • Archer Advanced Workflow Content Assistant helps organizations change the Advanced Workflow business flow for an application and has been updated to support Archer Release 6.9.
    • Archer Data Feed Monitor enables an Archer Administrator to call a data feed when there is work to do. It has been updated to encrypt the Config file upon initial execution.
    • NTT Platform Monitoring and Operations enables organizations to monitor the health of their Archer environment and proactively identify issues that may impact system integrity or availability.  

 

  • Integrations- pre-built data exchange configurations bringing data into and pushing data out of the Archer Platform
    • LexisNexis data feeds and JavaScript file have been updated to improve performance and ingest Historical Notes content.
    • RiskLens Gen 3 has been updated with new JavaScript code to address validation errors when executing data feeds. RiskLens Gen 3 integrates with the following use cases:
      • Archer IT Risk Management
      • Archer Operational Risk Management
      • Archer Top-Down Risk Assessment
      • Archer Information Security Management System (ISMS)
    • RiskRecon Third Party Security Risk Monitoring has been updated to improve performance, provide filtering by issue severity at the API endpoint, and enhanced error handling for data feeds. RiskRecon Third Party Security Risk Monitoring integrates with the following use cases:
      • Archer Third Party Catalog
      • Archer Third Party Engagement
      • Archer Issues Management
    • SecurityScorecard integrates with the Archer Third Party Catalog use case and has been updated with new JavaScript code to improve integration performance.
    • SirionLabs Contract Lifecycle Management (CLM) is a new integration for the Archer Third Party Catalog use case and enables organizations to manage their engagements throughout the complete lifecycle of a contract.
    • Thomson Reuters Regulatory Intelligence integrates with the Archer Corporate Obligations Management use case and has been updated with new JavaScript code to address validation errors when executing data feeds.
    • Veracode integrates with the Archer Third Party Catalog use case and has been updated to accommodate the new Veracode APIs. 

 

In a year filled with unprecedented challenges and uncertainty beyond our control, I find it especially rewarding to focus on outcomes where things have fallen naturally into place.  That’s why I feel incredibly fortunate to be Archer’s new CEO as we lead our business into its next chapter.  Just a few months ago, I couldn’t have predicted the opportunity to join an iconic leader in the risk management software industry where I’ve spent my career, and be able to continue my partnership with Symphony Technologies Group - RSA’s primary portfolio sponsor.

 

I was equally excited by the opportunity to address the passionate Archer customer base (albeit virtually) today at the Archer Summit 2020.  For those unable to join this year’s event, let me recap some of the main points.

 

First and foremost, my message to customers is to reinforce our commitment to Archer’s leadership and innovation in the Integrated Risk Management arena.  As an independent company, we have a better opportunity to focus on that singular objective and drive on the collective energy and passion of our employees and this entire community towards that mission.

 

Since my arrival at Archer just a few short weeks ago, I’ve been incredibly impressed by the recent momentum around the offerings, all of which has only reinforced what I knew of Archer’s reputation. Not only have recent innovations in the product been huge drivers of value for customers, but they also act as a foundation for new areas of development and value creation. For example, the move to Archer’s Cloud has enabled a major online retailer to be implemented within 90 days.  We have the ability to be more agile and responsive to the changing needs of risk managers, and more fully committed to ensuring long-term customer success.

 

I shared our focus on four strategic pillars which will guide our efforts and investments in the future:

  • Modern Cloud Offerings: we have already seen tremendous improvements in time to value for our customers using Archer Cloud and will continue to advance our capabilities as a preferred deployment method.
  • Integrated Risk Management for the Enterprise: we believe our capabilities are unmatched and create tremendous differentiation, and we plan to compound that advantage to engage more stakeholders in the risk process and improve communication and outcomes through broad use of the Archer platform.
  • Analytics: with nearly 1,500 customers globally, we plan to share depersonalized insights across our vast customer network to help how our clients think about risk and the usage of Archer.
  • Customer Success: we have formally launched our Customer Success Program (CSP) offerings to create a formal process to ensure our client objectives are known and whether we are collectively realizing the benefits expected through our proven, developed methodology.

  

Finally, I communicated our independent brand identity for the Archer business.  Although there have been many advantages being part of Dell and RSA, that association has led some to think our capabilities are solely focused on IT risk management.  Our newly relaunched Archer brand gives us the opportunity to renew a connection to the broader elements of operational risk and reinforce the importance of integration of risk across the entire organization, not just IT.

 

These are just a few areas where you will be seeing and feeling the positive impacts of our independence, and so I look forward to building upon today’s news and the many highlights of the Archer Summit 2020 to work with all of you in writing Archer’s next chapter.

We are excited to announce that RSA Archer Exchange will have a virtual booth at RSA Archer Summit 2020 on October 6! This year's annual RSA Archer customer conference will be a virtual event and it's FREE to attend -- REGISTER NOW! You can join us at our virtual booth in your preferred time zone from the comfort of your chair to learn about some of our most popular offerings.

 

We will provide 15-minute demonstrations of RSA Archer Exchange offerings around the clock throughout RSA Archer Summit. With this year's "follow the sun" format, when we are within standard business hours for a specific region's time zone, we will highlight the most requested offerings for that geographical area. This allows you to see what matters most for your specific needs during the hours that are most convenient for you.

 

Check out the RSA Archer Exchange demo schedule below to see which offerings you want to learn more about. Please note that the times listed are subject to change.

 

Asia Pacific Schedule

Date and Local TimeDemo Topic
Oct 6, 2020 - 12:00 PM - 12:10 PM (AEST)RSA Archer Exchange Tour
Oct 6, 2020 - 12:10 PM - 12:20 PM (AEST)RSA Archer Conflict of Interest App-Pack
Oct 6, 2020 - 12:20 PM - 12:30 PM (AEST)RSA Archer Gift Registration App-Pack
Oct 6, 2020 - 12:30 PM - 12:40 PM (AEST)RSA Archer Product Security Development Assessment App-Pack
Oct 6, 2020 - 12:40 PM - 12:50 PM (AEST)RSA Archer Strategic Risk Management App-Pack
Oct 6, 2020 - 12:50 PM - 1:00 PM (AEST)Evalto Inactive User Reporting App-Pack
Oct 6, 2020 - 1:00 PM - 1:10 PM (AEST)RSA Archer Speak Up App-Pack
Oct 6, 2020 - 1:10 PM - 1:20 PM (AEST)RSA Archer Strategic Planning App-Pack
Oct 6, 2020 - 1:20 PM - 1:30 PM (AEST)RSA Archer Support Requests App-Pack

 

India Schedule

Date and Local TimeDemo Topic
Oct 6, 2020 - 12:00 PM - 12:10 PM (IST) RSA Archer Exchange Tour
Oct 6, 2020 - 12:10 PM - 12:20 PM (IST) RSA Archer Conflict of Interest App-Pack
Oct 6, 2020 - 12:20 PM - 12:30 PM (IST)RSA Archer Gift Registration App-Pack
Oct 6, 2020 - 12:30 PM - 12:40 PM (IST)RSA Archer Product Security Development Assessment App-Pack
Oct 6, 2020 - 12:40 PM - 12:50 PM (IST) RSA Archer Strategic Risk Management App-Pack
Oct 6, 2020 - 12:50 PM - 1:00 PM (IST) Archer Scripts Offerings
Oct 6, 2020 - 1:00 PM - 1:10 PM (IST)RSA Archer Speak Up App-Pack
Oct 6, 2020 - 1:10 PM - 1:20 PM (IST)RSA Archer Support Requests App-Pack
Oct 6, 2020 - 1:20 PM - 1:35 PM (IST) RSA Archer NIST-Aligned Privacy and Cybersecurity Framework App-Packs

 

Europe & Middle East Schedule

Date and Local TimeDemo Topic
Oct 6, 2020 - 12:00 PM - 12:10 PM (GMT)RSA Archer Exchange Tour
Oct 6, 2020 - 12:10 PM - 12:20 PM (GMT)RSA Archer Speak Up App-Pack
Oct 6, 2020 - 12:20 PM - 12:30 PM (GMT)Archer Scripts Offerings
Oct 6, 2020 - 12:30 PM - 12:40 PM (GMT)RSA Archer Complaints Tracking App-Pack
Oct 6, 2020 - 12:40 PM - 12:55 PM (GMT)NTT ISMS Risk & Control Assessment App-Packs
Oct 6, 2020 - 12:55 PM - 1:10 PM (GMT)Crowe Pandemic Response App-Pack
Oct 6, 2020 - 1:10 PM - 1:30 PM (GMT)HCL Regulatory Interactions Management App-Pack

 

Americas Schedule

Date and Local TimeDemo Topic
Oct 6, 2020 - 8:30 AM - 8:40 AM (EDT)RSA Archer Exchange Tour
Oct 6, 2020 - 8:40 AM - 8:55 AM (EDT)RSA Archer NIST-Aligned Privacy Framework App-Packs
Oct 6, 2020 - 8:55 AM - 9:10 AM (EDT)Crowe Pandemic Response App-Pack
Oct 6, 2020 - 9:10 AM - 9:20 AM (EDT)Evalto Inactive User Reporting App-Pack
Oct 6, 2020 - 9:20 AM - 9:30 AM (EDT)RSA Archer Project Management App-Pack
Oct 6, 2020 - 9:30 AM - 9:40 AM (EDT)RSA Archer Model Risk Management App-Pack
Oct 6, 2020 - 9:40 AM - 9:50 AM (EDT)RSA Archer Exam Management App-Pack
Oct 6, 2020 - 9:50 AM - 10:00AM (EDT)RSA Archer Contract Clause Management App-Pack
Oct 6, 2020 - 10:00 AM - 10:10 AM (EDT)RSA Archer FFIEC-Aligned Cybersecurity Framework App-Pack
Oct 6, 2020 - 10:10 AM - 10:20 AM (EDT)RSA Archer Multi-Record Publisher Tool & Utility
Oct 6, 2020 - 10:20 AM - 10:35 AM (EDT)RiskRecon Third Party Security Risk Monitoring Integration
Oct 6, 2020 - 10:35 AM - 10:40 AM (EDT)RSA Archer Advanced Workflow Content Assistant App-Pack
Oct 6, 2020 - 10:40 AM - 10:55 AM (EDT)NTT ISMS Risk & Control Assessment App-Packs
Oct 6, 2020 - 10:55 AM - 11:15 AM (EDT)HCL Regulatory Interactions Management App-Pack
Oct 6, 2020 - 11:15 AM - 11:25 AM (EDT)Archer Scripts Offerings
Oct 6, 2020 - 2:30 PM - 2:40 PM (EDT)Evalto Inactive User Reporting App-Pack
Oct 6, 2020 - 2:40 PM - 2:50 PM (EDT)RSA Archer Complaints Tracking App-Pack
Oct 6, 2020 - 2:50 PM - 3:00 PM (EDT)RSA Archer Speak Up App-Pack
Oct 6, 2020 - 3:00 PM - 3:15 PM (EDT)RSA Archer NIST-Aligned Cybersecurity Framework App-Packs
Oct 6, 2020 - 3:15 PM - 3:30 PM (EDT)Crowe Pandemic Response App-Pack

 

The RSA Archer Exchange team will be available in our virtual booth throughout RSA Archer Summit to answer any questions you may have. We look forward to having you join us to learn more about RSA Archer Exchange!

RSA has been named a Leader in the 2020 Gartner Magic Quadrant for IT Vendor Risk Management Tools. We believe this positioning speaks to the capabilities of RSA Archer in helping customers understand and manage risks that may arise from third party relationships. 

This is the fifth consecutive time* that RSA has been named a Leader in the Gartner Magic Quadrant for IT Vendor Risk Management

 

 

Register to download a complimentary copy of Gartner’s analysis of the IT Vendor Risk Management market and guidance on how to define requirements for IT Vendor Risk Management deployments.     

 

 

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from RSA.

*Appeared as EMC (RSA) in Magic Quadrant for IT Vendor Risk Management, 2014, 2016. Appeared as Dell (RSA) in Magic Quadrant for IT Vendor Risk Management, 2017, Appeared as RSA in Magic Quadrant for IT Vendor Risk Management Tools, 2019. The report was not published in 2018.

Gartner, Magic Quadrant for IT Vendor Risk Management Tools, Joanne Spencer, Edward Weinstein, 24 August 2020

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Consolidated compliance and security monitoring

Managing the security and compliance of an IT infrastructure has become one of the most time-consuming and important tasks for IT security professionals. Firewalls, vulnerability scanners, intrusion detection systems, and compliance checks are powerful tools for safeguarding your critical IT assets. However, these tools are only as effective as your organization’s capacity to monitor, prioritize, and respond to crucial events. These tools often produce thousands of findings each day, leaving security teams to sort through alerts from various devices and identify which findings require action.

 

AWS solves this problem by consolidating compliance checks and security findings from Security Hub, GuardDuty, and other products into a centralized location. Findings flowing into Security Hub from GuardDuty, IAM Access Analyzer, Macie, and partner offerings are all standardized into the AWS Security Findings Format. This standardized format eliminates the need for manual data conversion and simplifies the process of transferring data into external environments. The AWS Security Hub integration with RSA Archer enables organizations to automatically import data directly into RSA Archer.

 

How it works

AWS Security Hub runs automated configuration and compliance checks based on industry standards such as CIS, AWS Foundational Security Best Practices, and PCI DSS standards. The checks provide real time compliance scores and identify devices and accounts requiring attention.

 

GuardDuty is a managed threat detection service that uses machine learning to safeguard critical AWS accounts and services from malicious activity and other security threats. GuardDuty monitors activities and logs issues within the AWS environment, provides recommended remediation actions, and assigns numeric severity values to these issues. Issues are then categorized into three severity levels based on the criticality and type of threat detected.

 

Leveraging cutting-edge technology

Prior to being routed into RSA Archer, Security Hub and Guard Duty findings flow into Simple Queue Services (SQS) Queues, which is a distributed message queuing service developed by Amazon. These queues offer a nearly unlimited number of API calls per second, and due to their distributed nature, they provide virtually unlimited throughput. Server-side encryption is available to protect the contents in SQS queues and can be configured using the AWS Key Management Service. These queues are extremely affordable and future proof the RSA Archer integration. Additional AWS Security Hub products and third-party offerings can be directly transferred from these queues into RSA Archer.

 

From AWS Security Hub to RSA Archer

The RSA Archer integration with AWS Security Hub provides users with the ability to leverage compliance checks and security findings in their RSA Archer environment. The Security Hub data feed ingests findings from Security Hub into the Configuration Check Results application. Check Results are then mapped to the technology baselines such as CIS, AWS Foundational Security Best Practices, and PCI DSS standards. GuardDuty security findings are routed into the new Potential Unauthorized Activity on-demand application.

 

Both Security Hub and GuardDuty findings can be grouped into tickets and formally remediated through the RSA Archer exception requests and remediation plans workflows. The integration also leverages RSA Archer’s new charting engine, which was introduced in version 6.7.  

 

Security Hub Dashboard

 

Interested in learning more about the AWS Security Hub Integration with RSA Archer?

Listen to a recording or check out the presentation of a Free Friday Tech Huddle that covered the AWS Security Hub integration with RSA Archer. Free Friday Tech Huddles are only available to RSA Archer customers. if you are not yet a customer but are interested in learning more, please contact your local representative or authorized reseller - or visit us at www.rsa.com.

We’ve done it again! For the fifth consecutive time, Gartner has named RSA a Leader in the just-published Gartner 2020 Magic Quadrant for IT Risk Management (ITRM).

 

RSA was previously named a Leader in the Magic Quadrant for IT Risk Management in 2019, 2017, 2016 and 2015*. We believe our repeated recognition as a Leader represents our continued efforts to deliver innovative solutions that help our customer more effectively manage risk.

2020 Gartner MQ ITRM

We want to sincerely thank our customers for their participation in Gartner’s evaluation. We appreciate your support and acknowledge the key role our customers play in RSA receiving this Magic Quadrant Leader position.

 

Footnote:

*Appeared as EMC (RSA) in Magic Quadrant for IT Risk Management 2015, 2016. Appeared as RSA in Magic Quadrant for IT Risk Management 2017. Appeared as Dell Technologies (RSA) in Magic Quadrant for IT Risk Management 2019. The report was not published in 2018.

Gartner, Magic Quadrant for IT Risk Management, Khushbu Pratap, Brent Predovich, Claude Mandy, 11 August 2020

Today, we’re pleased to announce availability of RSA Archer Release 6.9, delivering new features and enhancements to streamline access to key data and provide a cohesive, actionable view of risk and compliance at all levels of your organization. This release introduces new and updated RSA Archer Platform features designed to provide a more intuitive user experience, efficient search and reporting, and easier administration.

 

In addition to Platform updates, Release 6.9 includes updates to several RSA Archer use cases. Enhancements to the RSA Archer Controls Assurance Program Management and RSA Archer IT Controls Assurance use cases help you quickly set up evidence collection and ensure that evidence of the control is captured on an ongoing basis, all in one location. Bringing RSA Archer closer to delivering near real-time evidence collection, these updates allow you to easily designate which controls you want evidence collected for and whether you want automated or manual collection. Dashboards have been added to enable the evidence collection process to be more readily monitored and to help provide users with a better understanding of overdue evidence requests, evidences currently due, and those pending approval.

 

Release 6.9 also includes updates to the RSA Archer Cyber Risk Quantification use case, leveraging the RiskLens Generation 3 platform to provide an improved data model for analyzing risks and a more streamlined data interchange between RSA Archer and RiskLens environments. And on the heels of last month’s announcement of our new Vendor Portal functionality, Release 6.9 updates to the RSA Archer Third Party Risk Management use case include added fields to connect the Engagement Risk Assessments questionnaire with Vendor Portal.

 

We invite you to attend the Free Friday Tech Huddles this Friday, Aug. 28 and Friday, Sept. 11 for demonstrations of RSA Archer Release 6.9 features. (Available only to RSA Archer customers. Pre-registration is required.) For more information about this release, please visit the RSA Archer Release 6.9 subspace on RSA Link.

When an organization provides products and services to their clients, they may become inundated with requests for information. Most of these requests come in the form of Requests for Information (RFIs) or Requests for Proposals (RFPs) from external organizations. In some cases, organization are provided with a list of requirements or questions to which they must respond. These answers are typically pulled from different areas within the responding organization and are typically managed through email inboxes, making it difficult to track the responses and ownership.

 

The RSA Archer Request & Response Tracker provides a more efficient way to manage requests and provide responses in a timely manner. It can help you document requests, import requirements, and assign ownership to gather the necessary responses. Frequently used responses can be added to a library with approval tracking for use in the future. This allows you to minimize the response cycle time.

 

With the RSA Archer Request & Response Tracker app-pack, you can:

  • Document and track requests for information, proposals, etc.
  • Import requests and assign ownership for response
  • Document and manage responses and supporting evidence 
  • Create and maintain a library of approved responses
  • Export responses using mail merge template

 

The RSA Archer Request & Response Tracker app-pack includes several useful benefits, including:

  • Consistent and repeatable automated process for managing and tracking requests for information
  • Ensure accountability and timeliness for responses through workflow automation
  • Minimize information silos within the organization

 

Interested in learning more about the RSA Archer Request & Response Tracker app-pack?

Register and join us for a Free Friday Tech Huddle at 11:00 am Eastern Time on Friday, August 21 for a live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at www.rsa.com.

 

RSA Archer Request & Response Tracker

Request Manager

 

 

RSA Archer Request & Response Tracker

Response Owner 

As more services gather more data about individuals in the course of doing business, concern grows about the problems that could arise in processing that data if it is not protected properly. Improper protection impacts the organization because the organization is responsible for securely collecting and storing the data. While good cybersecurity practices help manage privacy risks by protecting people’s information, privacy risks can also arise from how you collect, store, use, and share this information to meet your mission or business objectives, as well as how individuals interact with your products and services.

 

NIST (National Institute of Standards and Technology) believes that organizations would be better able to address the full scope of privacy risk with tools that support better implementation of privacy protections. NIST has created the NIST Privacy Framework to help your organization identify your current privacy posture and your desired outcome. Using this framework, you can identify the gaps and develop action plans.

 

The RSA Archer NIST-Aligned Privacy Framework release 6.8 app-pack, which includes the NIST Cybersecurity Framework and utilizes the same methodology, allows you to assess both privacy and cybersecurity practices within your organization.

 

With the RSA Archer NIST-Aligned Privacy Framework app-pack, you can:

  • Create a Current Profile that indicates which privacy implementation tier is being achieved
  • Identify a Target Profile that describes the organization's desired privacy implementation tier
  • Conduct a Privacy Risk Assessment against Core activities in the NIST Privacy Framework
  • Analyze the Current Profile against the Target Profile to determine gaps
  • Implement an Action Plan to address privacy gaps
  • Conduct an assessment against the NIST Cybersecurity Framework

 

Benefits of the RSA Archer NIST-Aligned Privacy Framework app-pack include:

  • An enhanced privacy foundation built by bringing privacy risk into parity with broader enterprise risk portfolio
  • Improved protection of individual privacy and resiliency of critical infrastructure
  • Reinforcement of privacy risk management through a common language and consistent process for communicating requirements and progress
  • Ability to maintain compliance with regulatory requirements

 

Interested in learning more about the RSA Archer NIST-Aligned Privacy Framework app-pack?

Register and join us for a Free Friday Tech Huddle at 11:00 am Eastern Time on Friday, August 21 for a live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at www.rsa.com.

 

IoT Security Assessor Dashboard

RSA Archer NIST-Aligned Privacy Framework

Profile Owner Dashboard

 

RSA Archer NIST-Aligned Privacy Framework

Profile Scorecard

Filter Blog

By date: By tag: