Patrick Potter

RSA Archer 6.3 - Building Better Resiliency

Blog Post created by Patrick Potter Employee on Oct 19, 2017

The theme of the latest RSA Archer 6.3 release is “Privacy, Resiliency and Flexibility”.  I can’t think of three better words to describe some of the biggest challenges organizations of all size and shape face today. In this blog I’ll focus on Resiliency.


Resiliency is the ability to quickly bounce back from a crisis, large or small.  Bouncing back implies two aspects: one, not completely breaking upon impact; and two, having the mechanism to quickly recover and resume activity.  Resiliency may entail heroic efforts, but what is more important are the plans, processes and practices that enable organizations to be prepared to quickly bounce back when a crisis hits.


One barrier to building resiliency is lack of coordination.  In any organization, there are siloes - separate departments, processes, systems and information.  Even within a Business Resiliency program, there are siloes – such as separate teams that handle daily incidents, perform business continuity and IT disaster recovery, and that manage crisis events.  This separateness impedes coordination, reduces the ability of the organization to be resilient and forces them to rely on those heroic efforts I mentioned.  Effective coordination is especially crucial in dealing with incidents and crisis events.


Incidents are the day-to-day occurrences that happen in any organization, such as minor employee, physical or IT events.  Most organizations handle enough of these that their processes are very standard so these incidents don’t create much disturbance.  However, where some damage can occur is when these incidents turn into crises, and when incident management teams are not coordinated enough with crisis management management teams to ensure an effective handoff.  Some reasons for the lack of coordination might include:


  • Separate teams. As mentioned in the organization, there are typically separate teams that manage incidents and crisis events. This slows down and often hinders the process of transition the incident to a crisis event, and when dealing with a crisis, minutes often matter.
  • Confusing Communications. Communications surrounding an incident usually involves a small group of individuals directly involved in the incident resolution and it is very prescribed and basic.  However, communication changes drastically during a crisis event, and may very quickly extend to much larger groups like employees and executives, or external parties like regulators, law enforcement and emergency personnel.  It becomes much more complex and ad hoc making the transition difficult.
  • Multiple Systems. Different systems are often used to manage incidents and crisis events.  This may be due to different teams acquiring them or the focus of these point solutions.  This causes a lack of coordination because information is housed in different systems and is not connected to paint the bigger picture, such as what caused the event and its evolution.  This is critical during a crisis event because having the history of the event, those involved and next steps housed in one system helps crisis teams to not miss critical elements and is vital to better managing the event.


Updates to the RSA Archer Incident Management and Crisis Management use cases in the 6.3 release have been added to significantly help with these issues and enable better coordination between incident and crisis teams.  Workflow, discussion forums, event tracking, post-event analysis, and reporting and dashboards have all been developed to enable incident and crisis teams to:


  • Manage the event as one and ensure a more seamless handoff from the incident team to the crisis team
  • Provide a holistic history of the incident and related crisis event so teams can see the bigger picture around the event, make better decisions, and help in planning for subsequent events
  • Reduce confusion between incident and crisis teams with workflow and user roles that help with decision-making, crisis declaration, and transition.


These updates will help disparate resiliency teams improve their management of disruptive events from their inception to closure.  Other departments will also find value in these use cases.  For example, resiliency risk has risen to the Board level in recent years and is also on the radar of most regulators and auditors. As such business risk management teams also have a vested interest in better managing the resiliency of the organization.


Siloes will continue to exist because organizations are complex, however, resiliency can be strengthened by creating more effective and seamless handoffs between siloed areas. These critical updates in the RSA Archer Incident Management and Crisis Management use cases can help reduce resiliency risk to the organization.