If as a child you marveled at watching the simple, fascinating micro-example of physics of a pebble dropped into a puddle, you know what the results are. The pebble drops; the water’s surface is broken; ripples fan out from the point of impact… such an unassuming yet beautiful study of cause and effect. Now imagine instead of a puddle, it’s a lake, with stones dropping at a continuous and rapid rate, all in different spots. I am sure you can visualize the effect - the water agitated in all directions, waves tossing to and fro…
Many organizations today face this churn when it comes to risk. It is not that organizations aren’t thinking about risk. Survey after survey indicates risk is a board level topic. But the rocks keep falling. Those that are tasked with managing risk are riding the roiling waves. Issues are identified through a variety of sources such as audits, risk assessments and security assessments but are not managed properly to closure. Prioritization of these issues is near impossible because there is no common understanding of the business criticality of business assets and processes affected by these issues. Companies then lack any consolidated view of general risks or have very manual (spreadsheet) based approach to cataloging and assigning risks. And the lake and those falling rocks aren’t always in the control of your company. Third parties (outsourcers, contractors, service providers, business partners, etc.) are becoming increasingly important and organizations just don’t know what entities are impacting their risk profile.
To address this churn, RSA Archer is pleased to announce the RSA Archer Ignition Program – a fast track approach to launch a business risk management strategy. To strategically address risk, enterprises need a strong foundation for their program. While the risk management program vision may be long term initiative, there are some specific areas that need to be addressed at the beginning of the effort that not only provide quick value to the organization but set up a much healthier and sounder foundation for the future. A strategic foundation needs:
- A process for Issues Management to eliminate ‘churn’ around risk and compliance issues from audits, risk assessments, and internal compliance processes;
- A Business Impact Analysis framework to catalog and prioritize assets and build the context to connect risk issues to impacts to the business;
- The ability to catalog and monitor Risks to establish a strategic method to view and understand risks across the enterprise; and
- The ability to identify and track Third Parties used by the business to understand the emerging ecosystem that affects business risk.
The RSA Archer Ignition package includes integrated use cases to address these four key areas via RSA Archer Use Cases with Quick Launch services and education offerings to get your program off the ground quickly. This package is priced and scoped based on the size of the organization allowing you to maximize your initial return on your investment. Once your organization gets these processes in place, RSA Archer provides a maturity driven approach to build on these foundations to develop a strategic approach for Business Risk Management. Our suite of use cases allows you to grow your risk management program to the level of maturity necessary for your business and ensure your lake, while still full of waves, is manageable and navigable.
For more information, see the RSA Archer Ignition Program.