Skip navigation
All Places > Products > RSA Archer Suite > Blog > 2018 > May

Mathematical models are increasingly being used to inform business decisions and estimate risk in a manner that is often material to the organization. Because these models can have material impact on an organization's business strategies and financial statements, it is imperative that the models are accurate at all times. This means the models are constructed in a sound and logical manner, can accurately produce real-world predictions, and are subjected to strong change controls to ensure the integrity of the model's performance at all times.


A bad model can create material financial misstatements, constrain revenue opportunities, result in poor strategic decisions, create regulatory violations, fines, and sanctions, damage an organization's reputation among its customers, employees, shareholders, and regulators, and more, depending on the purpose of the model. 

Released on May 22, 2018, the new RSA Archer Model Risk Management app-pack helps organizations establish sound governance processes around the models they use to run their business on a day-to-day basis.


With RSA Archer Model Risk Management, you can:

  • Document your organization’s model inventory and model documentation
  • Track model and model inventory changes
  • Track model validation and approvals
  • Formally certify the model inventory is complete and up to date
  • Document validation findings
  • Analyze model performance indicators
  • Decommission models as needed


Organizations can benefit from:

  • A consistent and repeatable process for documenting, validating, and managing changes to models
  • Reduced unauthorized changes to the model
  • Improved accuracy of models
  • Reduced likelihood of outdated information in the model
  • Reduced financial penalties, financial losses, or unforeseen risks due to model inaccuracies or insufficient testing
  • Improved visibility into the health and status of the model inventory

Interested in learning more about the RSA Archer Model Risk Management app-pack? Join us for a Free Friday Tech Huddle on Friday, June 8 for a live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller—or visit us at

Organizations often struggle with turning their corporate vision into reality, especially when change occurs that requires adjustment to strategies and plans. While organizational vision and mission are typically well-established and change infrequently, strategies and plans can change due to a wide variety of internal and external factors, requiring in a shift in an organization’s strategic direction.


Without a coordinated approach to manage strategies and plans, a breakdown in strategy execution can keep an organization from attaining its goals. We have seen organizations lack a consistent approach to managing its strategy, operational plans, and performance. Plans and performance are typically managed in silos on spreadsheets, documents, or emails, limiting visibility and accountability.  When changes occur, the organization is unable to determine the impact and provide clear strategic direction.


These challenges can be addressed with the new RSA Archer Strategic Planning app-pack, available now on the RSA Exchange on RSA Link. Released on May 22, 2018, the app-pack focuses on closing the gap between strategies formulated at the executive level and operational plans and tasks developed at the tactical level. The RSA Archer Strategic Planning app-pack establishes a consistent, centralized process for managing Strategic Planning to increase the consistency of development and execution of strategies and related plans.


With RSA Archer Strategic Planning, you can:

  • Simplify the process of developing and executing Strategies, Strategic Plans, Operational Plans and its activities
  • Provide an audit trail to capture who created, executed, and reviewed the Strategy, Strategic Plans, and Operational Plans
  • Track the performance of Strategies through metrics and periodic reviews
  • Provide role-based access control to restrict personnel to information and tasks necessary to perform their job
  • Reduce time associated with capturing the Strategy analysis, SWOT analysis, and financial information
  • Store all Strategy information in a centralized location controlled by access roles
  • Capture changes related to Strategy, Strategic Plans, and Operational Plans through change requests
  • Simplify the communication process via an automated notification process.

Organizations can benefit from:

  • A Structured Strategic Planning process that enables top down execution of Operational Plans
  • Increased likelihood of meeting objectives
  • Visibility into current state of business performance and Operational Plans
  • Increased likelihood the organization executes its strategies
  • A consistent method for evaluating performance across functional areas
  • Assurance that Strategies become an actionable Operational Plan
  • Achieving measurable actions within Operational Plans


Interested in learning more about the RSA Archer Strategic Planning app-pack? Join us for a Free Friday Tech Huddle on Friday, June 8 for a live demo.   Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller—or visit us at

As the excitement builds towards the RSA Archer Summit 2018, I am happy to announce nominations for the annual customer awards is now open.   Every year, we honor customers as they push the envelope, innovate and enable their Integrated Risk Management programs with RSA Archer.   Bringing GRC excellence to an organization is no simple task.  It requires hard work, commitment and a steady stream of progress.  The companies that have won these awards in the past have these traits down pat - not only addressing risk but providing business value as they help their organizations navigate the uncertainty and volatility in business today.   Our past winners include organizations of all sizes across all industries and represent the 'creme de la creme' of the risk management world.


I invite you to submit your organization for the award.  The process is simple - download the form and submit it to the RSA Archer team.  The only criteria for nomination is to be an RSA Archer customer.


The nomination form is available on the RSA Link Community along with instructions.  Don't delay - the deadline for award submissions is June 15, 2018.


I hope to see you at the RSA Archer Summit 2018!  The event promises to be a premier opportunity to learn and network with your peers.  Register today if you haven't already!

RSA Exchange Release R4 is now available! We’re excited to introduce two new app-packs and nine new integrations. Plus, we’re introducing the RSA Archer Content Library on the RSA Exchange.


As you’ve likely heard, the RSA Exchange helps you easily access and download best-practice App-Packs, Integrations, and Tools & Utilities. The RSA Exchange features offerings that leverage On-Demand Applications created by RSA and RSA SecurWorld Partners, known as App-Packs, via the RSA Link online community. It also highlights RSA Ready certified Integrations that enable you to pass risk data between the RSA Archer Platform and third party software, as well as Tools & Utilities to help administrators manage the Platform.


The newest RSA Exchange offerings in Release R4 include:


  • App-Packs - pre-built applications addressing adjacent or supporting GRC processes (e.g. niche, industry, geo-specific)


  • Integrations – pre-built data exchange configurations bringing data into and pushing data out of the RSA Archer Platform

 RSA Exchange Offering Types


Interested in learning more about these Release R4 offerings? Check out details on the RSA Exchange and join us for these upcoming Free Friday Tech Huddles:

  • May 25 – RSA Exchange Release R4 overview
  • June 8 – Introduction to the RSA Archer Strategic Planning and RSA Archer Model Risk Management app-packs
  • June 15 – Introduction to the Tableau Web Data Connector integration
  • June 22 – Introduction to the BigID integration
  • June 29 – Introduction to the Wolters Kluwer integration


Please note, Free Friday Tech Huddles are available to existing RSA Archer customers. If you are not yet a customer but interested in learning more, please contact your local representative or authorized reseller.

Hi RSA Archer Admins,


You've long asked for RSA University to offer training on topics found outside of the RSA Archer administrative interface: LDAP, SSO, how to perform an upgrade, SQL settings recommendations, and more. We've listened, and we're delighted to add the pilot of this new course to our lineup of courses offered just prior to the RSA Archer Summit in August!


This course is perfect for those who've been asked to support RSA Archer from a technology standpoint due to an enforced separation of duties.  It's also ideal for those admins in smaller organizations who need to know how to do more than configure applications and manage users. Bottom line, if you're interested in leveling up your skills as an all-around RSA Archer Admin, the brand new, 2-day, RSA Archer Infrastructure Administration course is for you!  Come join us in the days leading up to the Summit for our pilot course, offered at a 20% discount for this pre-Summit session only.


Please note that all of our training courses are limited in the number of students we can accommodate per course, do require pre-registration, and carry a cost that is separate from your conference fee. That said, these prices are at least 20% off list price, and as prior Summit and Charge events have shown, the available discounted training spots will go fast!


We strongly recommend you don’t delay and risk losing your chance to add even more value to your trip to Nashville for the RSA Archer 2018 Summit!


All of these courses will be held at the Sheraton Grand Nashville Downtown, a quick 3 minute walk from the main Summit hotel.  We commit that you’ll be out in time to join in the opening night fun on Wednesday, so make sure you register for the RSA Archer Summit as well if you haven’t already!


Visit the RSA Archer 2018 Summit website for registration and ongoing event information as we head toward the August 15-17 Summit event.


Links to register for pre-conference training are included below.


Aug  14-15 (Tues-Wed):

  • RSA Archer Boot Camp - $1600
    • In this consolidated, 2-day version of our 4-day Admin I course, students will gain knowledge of the key RSA Archer 6.x platform components such as applications, security management, and communication tools through presentations and hands-on practice.
    • Registration Link: 
  • RSA Archer Infrastructure Administration - $1600 - NEW COURSE!
    • This brand new 2-day course offers Archer Admins and IT Teams instruction specific to the Archer Server and Server Side Functions. In this class you will learn how to configure LDAP Integration, SSO, SQL Maintenance, and Archer Control Panel Settings. You will also learn Packaging, installation of Archer Updates, Bulk Data Management, License Activation, and Troubleshooting tips and tricks.
    • Registration Link:

Aug 14 (Tues):

  • RSA Archer Advanced Workflow & Navigation - $800
    • This one-day workshop includes instructions for navigating the new interface introduced in RSA Archer 6, an overview of main differences between versions 5.x and 6, and extensive hands-on practice using the new Advanced Workflow feature.
    • Registration Link:
  • RSA Archer Platform Fundamentals for Business Users - $800


Aug 15 (Wed):

  • RSA Archer Advanced Workflow & Navigation - $800 - NEARLY SOLD OUT!
    • This one-day workshop includes instructions for navigating the new interface introduced in RSA Archer 6, an overview of main differences between versions 5.x and 6, and extensive hands-on practice using the new Advanced Workflow feature.
    • Registration Link: 
  • RSA Archer Platform Fundamentals for Business Users - $800


And if you just can’t get enough of our amazing RSA Archer instructors, during the conference itself, please be on the lookout for a lab room running multiple sessions of our popular Self-Guided Exploration Lab.  There, you can get hands-on practice with any of the RSA Archer Use Cases of your choice!


We look forward to seeing you this year in Nashville! 


All the best to you and yours,


Megan Olvera

RSA Archer Education Services Practice Lead

We have all heard it.  In one way or another.  The Yanny vs. Laurel sound clip is raging across the internet.  Mainstream media has thrown major fuel on the fire.  Jimmy Fallon spent considerable time debating on his show with Questlove throwing in his own version.  Which camp are you in?  It is amazing how an audio trick manipulating the pitch of a sound clip can get so much attention.  Clever?  Yes.  Earth shaking?  Not really, but a distraction from the normal day-to-day grind.  While not as hot of a topic – I doubt Ellen or The Today Show will pick up the story – risk management has its own Yanny and Laurel.


The term GRC has been in the industry for over 15 years and while it has been accepted and grown to represent a core business process in many organizations, it also has built perceptions around the feasibility and applicability of these programs.  In some organizations, GRC has taken hold and is an accepted term.  In other organizations, though, GRC represents a bureaucratic, complex concept requiring heavy operational processes resulting in little value.


Today, organizations are faced with a much more complex and fast moving challenge that GRC programs may, or may not, be equipped to address.  Many organizations are being overwhelmed by the magnitude, velocity and complexity of existing and emerging risks – struggling to respond to business risks, rather than seizing opportunities that drive the business forward.   The reason is that many organizations’ current risk management mechanisms are undeveloped, disconnected or ineffective.


Organizations must manage risk with more agility and integration than ever before.  The strategies driving business success – for example, technology adoption or market expansion –introduce more risk.  The interdependence of digital and business strategies have converged cybersecurity and business risks creating a complex set of problems.  Industry and government requirements fuel increased scrutiny by regulators.  Organizations have an increasing reliance on external parties including service providers, contractors, consultants and other third parties that complicate their business risks.  Executives and boards demandi the business manage risk without excessive costs affecting the bottom line.  The media is ready to pounce on any incident – from a data breach to a compliance failure to a corporate scandal.  Increasing reliance on technology exposes businesses to the explosion of dangerous cyber threats.  Any delay or setback in meeting business objectives can mean the difference between success and failure in today’s highly competitive market.


Integrated Risk Management (IRM) represents the next evolution of GRC.  IRM covers many of the same concepts as GRC but stresses the agility and flexibility needed by today’s modern enterprise.  IRM highlights the integrated nature of risk:

  • Horizontally – Risk management must integrate across risk domains (security, compliance, resiliency, etc.) since no risk today stands alone.  For example, a security issue can be a compliance issue, result in a business disruption, involve a third party and result in financial losses and reputational damage.   Establishing a common program to cross operational functions and foster a multi-disciplinary approach to risk management is the horizontal element of IRM.
  • Vertically – Risk management must connect operational risks to the business strategies and vice versa.  Taking that same security issue as an example, if you can articulate the business impacts of a security incident, you are creating a more relevant starting point for the business to understand what is going on.  As risk and security teams are being asked to protect the business, they must then understand the business they are protecting.  Connecting strategic objectives to operational events, risks and controls are the vertical element of IRM.

As risk management programs mature in these two directions – horizontally and vertically – the organization starts building a truly integrated view of risk and is better positioned to adjust risk management strategies to address the volatile nature of risk in today’s enterprise.


So which do you hear when your organization says ‘we need to deal with emerging issues and the uncertainty related to strategic business objectives”?  GRC?  Or Integrated Risk Management?  It’s unlikely this dispute will become fodder for late night talk shows, but it is worthy of a discussion in your organization today.  Now if we could only settle the Blue Dress/Gold Dress argument

Filter Blog

By date: By tag: