Skip navigation
All Places > Products > RSA Archer Suite > Blog > 2017 > November

Congratulations, your use case is live! You have successfully automated your business process with RSA Archer. After a team high-five and a few moments of contemplation of your team’s shear awesomeness, you hear the “ding” of your email inbox wind up like a month-long holiday radio station. Upon reviewing said inbox, you note a growing list of requests asking:

  • Would you grant access to this great new business process for my whole team?
  • Can I request a data import to speed up the data entry process?
  • I love this report…but could we tweak it to add X value?
  • Can we add another status option to field Y?
  • Can we use RSA Archer to manage Z risks? How about our Friday donut club?
  • Oops! I accidentally added this record. Could you delete it for me?


In the RSA Archer world, a successful risk and compliance program can feel like you’ve climbed the highest peak. And past the peak, that success can overwhelm your team post-implementation with a snowball of requests for enhancements, access requests, and more. Complicating matters, these requests are usually emailed to the GRC team or business process owner and often lack the necessary details needed to adequately define the request’s requirements. Large volumes of these type of requests can overwhelm business process owners and Archer admins who are typically responsible for reviewing the requests, evaluating their impact to the existing business process, and determining their priority to the business. Organizations must establish a governance process to manage and prioritize these requests as their volume increases.


At RSA Charge in October, one of our amazing presenters provided an all too familiar example highlighting the need for a change request program. As their team prepared a business process demonstration for the on-site bank examiners, they noticed a field in their application records suddenly appeared blank. After careful review, it was determined that another team using this “shared” application in RSA Archer decided they weren’t using that particular field…and deleted it.


Unfortunately, this is not an uncommon scenario. But there are two steps that your organization can take to minimize the potential this scenario will happen to you.


Step 1: Institute an RSA Archer Control Board

Business processes require oversight and governance; so does the technology that automates and manages those business processes. A Control Board can ensure that any enhancements or changes to the business process complement or enhance the current risk management process within your organization. An RSA Archer Control Board is responsible for your organization’s RSA Archer roadmap and can review short term minor changes as well as plan for larger projects in the future that may involve more staffing and investment.


The Control Board reviews proposed requests and evaluates the impact the requested change may have to other business processes, applications, questionnaires, calculations, reports, iViews, workspaces, and more. In addition, this team can prioritize the requests based on business need, impact, legal review, effort, and more.


Fortunately, there are many mountain climbers that have forged a successful path ahead and can offer guidance on setting up Archer Control Boards. In fact, several presenters provided their best practices and lessons learned at RSA Charge 2017 and their presentations are available (here and here) on the RSA Archer community. (Please note, these links require access to the RSA Archer Customer/Partner Community.)


Step 2: Automate Your Support Request Process

Managing change requests for your RSA Archer implementation is simply a governance business process. So, why not automate it?


The good news: RSA Archer has done all of the hard work for you! On November 14, we released the RSA Archer Support Request app-pack to capture end user requests for enhancing RSA Archer business processes. Organizations can easily manage their business teams’ ideas including:RSA Archer Support Requests Business Process Owner Dashboard

  • Business process improvements, innovations, or changes;
  • Suggestions for new reports or changes to existing reports;
  • Requests to delete records;
  • Proposals for updating dashboards and iViews;
  • Enhancements application layouts;
  • User access requests, and more.


In addition, the RSA Archer Support Requests app-pack assists business process owners in defining enhancement requirements, level of effort, and prioritizing incoming requests. Once the request has been approved, the RSA Archer Administrator can manage the development status and document progress as the request is being developed and deployed. 


With RSA Archer Support Requests, your Control Board can track, prioritize, and implement requested changes to your RSA Archer implementation allowing your organization to quickly respond to business requests and minimizes disruption to the system and existing business processes.


Interested in learning more about the RSA Archer Support Requests app-pack? Join us for a Free Friday Tech Huddle on December 1, 2017. In addition, a demonstration video is available on the RSA Exchange. Check it out and let us know what you think!


RSA Archer Support Request - Request for Access

RSA Archer Support Request for Access


RSA Archer Support Request - Completed Request for a Report Enhancement

Completed Request for a Report Enhancement

At this year's RSA Charge, it was amazing to me to see so many Compliance, Risk and Security professionals in one place, learning from subject matter experts and each other through technical deep dives and business-driven use cases focused on delivering best practice and lessons learned.  I had the opportunity to speak with so many RSA customers and was inspired by the great work they are doing.    


One of the highlights of the event was that over 100 RSA customers got up on stage during RSA Charge to present their unique use case and the challenges and opportunities they have addressed with the help of RSA solutions.  Thank you for sending us your feedback; it is great to see that overall you felt that the sessions were impactful and of value. 


During RSA Charge you completed evaluations for the sessions that you attended.  These provide us great information, including what sessions you enjoyed the most – you confirmed that one presentation from each RSA Suite clearly stood out as being the BEST! 


Out of 92 outstanding Breakout sessions that took place on Wednesday, October 17 and Thursday, October 18 winners were selected by RSA Charge 2017 attendees for being best overall in:


  • Overall Value
  • Presentation Skills
  • Credibility/Knowledge
  • Engaging/Interactive
  • Avoided Commercialization
  • Relevance


We would like to announce, recognize and sincerely thank the recipients of the RSA CHARGE 2017 Best in Show Award:


            RSA Archer Suite Best in Show Award:

Deanne Dinslage, Sr. Archer Systems Administrator, Assistant Vice President, Bank of the West & Andrea Dollen, Manager, True8 Solutions            

Beyond the Customer - Making RSA Archer Suite Work for YOU! - Tired of hours of documentation for minutes of build?  Let me show you how to use RSA Archer Suite to do this in a few clicks with better results!


RSA Fraud & Risk Intelligence Suite Best in Show Award:

Damon Marracini, Vice President, Citi; Michael O’Connor, eCommerce Principal Product Marketing Manager, RSA; Greg Zaharchuk, Fraud Investigator, Vanguard; Qasim Zaidi, Cyber Process Manager, Capital One; Alma Zohar, Web Threat Detection Product Manager, RSA

Tales from the Trenches: Using Web Threat Detection to Fight Fraud - Learn how RSA Web Threat Detection is helping customers fight real-world cyber fraud.


RSA NetWitness Suite Best in Show Award:

Sean Catlett, SVP, Emerging Services, Optiv

Building a Modern Security Program:  Or… “If I Had to Start Over, What Would I Do?” – Discussion on keys to building your SOC and defending your enterprise using orchestration and automation.


RSA SecurID Suite Best in Show Award:

Michael Duncan, Program/Process Manager, Ameritas Life Insurance Corp; Lisa Ferraro, Developer, Ameritas Life Insurance Corp; Ravi Makam, Principal Consultant, Optiv

Insights and Lessons Learned from Upgrading RSA Identity Governance and Lifecycle and Going Virtual - Ameritas Life Insurance Corporation and Optiv Discuss Upgrading to RSA Identity Governance and Lifecycle Version 7.0.1 and go from a hard appliance to VM's to take advantage of new product capabilities.


Congratulations to all the Best in Show Award winners – RSA Charge 2017 attendees selected these from over 92 sessions!  Great job and thank you!

In regulated industries such as financial services, banking, insurance, and energy, periodic examinations by regulators and auditors are a regular occurrence. They might follow up on a workers compensation complaint; investigate misleading marketing and advertising of products, fraudulent sales practices, or inappropriate underwriting practices; complete a periodic SEC or FINRA exam; or follow up on violations found in a previous exam.


These regulatory examinations can result in costly penalties and fines and unwanted publicity. For example, in 2017 alone, the Financial Industry Regulatory Authority (FINRA) alone has assigned more than $31 million in fines and restitution.


In addition, the process of identifying, locating, and gathering all required documentation for the examiners is a time consuming and often manual process. The data required is owned by a variety of teams across the organization, which requires a great deal of coordination to collect. There are also many systems used to capture necessary evidence and retain records.  Once the exam is complete, tracking the progress and completion of exam findings and remediation actions is executed using email and spreadsheets providing little visibility on findings status and progress.


All of these challenges can be addressed with RSA Archer technology. This week, RSA Archer released the RSA Archer Exam Management app-pack on the RSA Exchange. This new app-pack helps organizations prepare for, document, and manage the processes for conducting a regulatory examination. It provides a centralized process to manage scoping, data collection, collaboration, and the post-analysis phase of an exam. Organizations can:

  • Track the phases of an exam
  • Assign, collect, and track information requests
  • Log hours worked on each phase
  • Maintain visibility into related loss eventsRSA Archer Exam Management - Exam Manager Dashboard


Using RSA Archer Exam Management, organizations benefit with the ability to:

  • Simplify collaboration and the data collection process of evidence for regulatory examinations
  • Reduce the amount of time it takes to prepare for and respond to regulatory examinations
  • Eliminate duplicate requests for information
  • Increase likelihood examiner receives accurate and complete information
  • Efficiently identify and communicate with Information Owners
  • Improve exam finding remediation
  • Enable exam owners analyze past examination results and trends to augment preparation and response to current and future exams
  • Provide visibility into exam and findings status as well as post exam data analysis to identify key trends and patterns
  • Analyze staffing costs to justify required headcount for future exams


Interested in learning more about the RSA Archer Exam Management app-pack?  Join us for a Free Friday Tech Huddle on December 1, 2017. In addition, a demonstration video for this app-pack is available on the RSA Exchange. Check it out and let us know what you think! 


RSA Archer Exam Management - Exam Record

As promised, we’re ready to offer our quarterly release for the RSA Exchange!


If you haven’t heard, the new and improved RSA Exchange helps you easily access and download best-practice ODA App-Packs, Integrations and Tools & Utilities on the RSA Exchangeofferings created by RSA and RSA SecurWorld partners, known as App-Packs, via the RSA Link online community. It also highlights RSA Ready certified Integrations that enable you to pass risk data between the RSA Archer Platform and third party offerings, as well as Tools & Utilities to help administrators manage the Platform.


First, I’d like to welcome two new partners to the RSA Exchange Technology Partner Program. This program enables RSA SecurWorld Partners to develop and offer best practice App-Packs and Tools & Utilities on the RSA Exchange. RSA Exchange Release R2 includes the first offerings from our RSA SecurWorld partners:


I am very excited to bring our partner’s offerings to you and help begin our partner’s journey with the RSA Exchange. Be sure to check out them out on the RSA Exchange.


At RSA Charge 2017 last month, I heard many stories about your risk and compliance successes, as well as the amazing response your organizations have had to GRC programs using RSA Archer technology.  One of the most common questions was “how do you handle the large volume of enhancement and new use case requests?”  Many organizations have created an on-demand application (ODA) to handle these requests.  In addition, RSA Archer has been asked to help provide a more formal process for handling the data collections process for regulatory examinations. To help address these business issues, RSA Exchange Release R2 introduces two new App-Packs:

  • RSA Archer Support Requests captures end user requests and recommendations for enhancing RSA Archer business processes and use cases. Organizations can easily manage their business teams’ ideas for process improvements and innovations by enabling end users to submit business process changes, ideas for new reports, requests to delete records, proposals for updating dashboards and iViews, specifications for enhancing application layouts, requests for user access, and more.
  •  RSA Archer Exam Management  helps organizations prepare for, document, and manage the processes for conducting an audit examination. This offering provides a centralized process to efficiently manage scoping, data collection, collaboration, and the post analysis phase of an exam. Organizations can track the phases of an exam; assign, collect, and track information requests; log hours worked on each phase; and maintain visibility into related loss events.


RSA Exchange Release R2 also highlights several new RSA Ready-certified integrations:


Interested in learning more about these offerings? If you are planning to attend the RSA Archer Summit in London this week, drop by the RSA Exchange demo pod to learn more! We also invite you to join us for a Free Friday Tech Huddle on December 1, 2017 that will highlight these offerings.  And, as always, you can visit the RSA Exchange for all of the details.

Filter Blog

By date: By tag: