Patrick Potter

RSA Archer Incident Management

Blog Post created by Patrick Potter Employee on Dec 12, 2018

What is Incident Management?

Incident management is tracking, treating and resolving incidents that are more common and operational in nature, ranging from cyber and physical events, to minor social media outbreaks or others. Incident management includes capturing the details of the incident, assessing the criticality and executing the appropriate response procedures.


Why is effective incident handling important?

Many organizations have developed incident response processes but they are often manual, ad hoc and dispersed, and incidents are managed using spreadsheets or homegrown solutions. As a result, there is usually no end-to-end process to effectively handle them uniformly. An effective incident management process should include prioritizing the incidents as they occur and letting that drive a measured response. Incidents should be categorized, teams assigned to manage them, status tracked, resolved, and post-event investigation performed where necessary. Additionally, reporting should be in place for internal teams and because of requirements to track fraud, cyber incidents, whistleblower and physical security threats mandated by regulations, including the Public Disclosure Act and the Sarbanes-Oxley Act.


Organizations are spending more time and resources than necessary to manage their incidents due to the lack of an effective process. More importantly, if not handled correctly or quickly, simple incidents can turn into crisis events that have the potential to interrupt business and cause serious harm to the organization’s people and operations, hinder compliance, damage reputations and so on. Organizations of all size and scope must have an incident management process that allows personnel to react quickly and effectively when events occur.


RSA Archer Incident Management

The RSA Archer Incident Management use case addresses the problems outlined above through key features that include:

  • Central repository for reporting all incidents and managing the entire incident lifecycle
  • Workflow and procedures to be implemented as incidents occur, categorized by incident type (denial of service, phishing attack, and more), team or other criteria
  • A fluid connection to crisis management teams and procedures for incidents that escalate into crises

With RSA Archer Incident Management, you will be able to:

  • Centralize all incident management into one tool, eliminating duplicative processes, tools, resources and costs
  • Control access to incident data to protect the integrity of confidential information
  • Link incidents to related findings and monitor related remediation efforts
  • Quickly view dashboards and reports to manage incidents and identify trends, similarities, and relationships


RSA Archer Incident Management is one element of Integrated Risk Management. As your company drives business growth with new initiatives, technology adoption or market expansion, new incident types could impact your organization, so you must evolve and manage them and associated risk with more agility and integration than before.  Managing incidents is one ingredient to reducing risk by acting quickly to control incidents before they become larger crises that potentially result in physical damage, financial loss, reputational damage or other negative impacts to the organization.


RSA Archer can help your organization manage multiple dimensions of risk on one configurable, integrated software platform. With RSA Archer solutions, organizations can efficiently implement risk management processes using industry standards and best practices and significantly improve their business risk management maturity.


For more information, visit or read the Datasheet.