Marshall Toburen

RSA Archer Third Party Catalog

Blog Post created by Marshall Toburen Employee on Jan 9, 2019

What is a Third Party Catalog?

The RSA Archer Third Party Catalog provides organizations the capability to inventory all of the third parties with whom they do business and to document their third parties in accordance with their organizational structure (parent company, subsidiary, sub-subsidiary). Third party contacts can be documented and accountability for third party relationships can be established by named individual and by the business units that own the relationship. If you are utilizing the RSA Archer Third Party Engagement, Risk Management, and Governance solutions then risk and performance information can be rolled-up across all products and services delivered by the third party and depicted in aggregate at the appropriate third party organizational level.


Why is the proper management of Third Parties so important?

A third party is any entity with which your organization has an actual or implied contractual relationship for the receipt of goods and services.  Besides being called a third party, these relationships are also known as vendor or supplier relationships. 


Third parties may relate, to some degree, with every aspect of an organization.  They may impact your organization’s objectives and they support, in one way or another, the products and services an organization delivers.  They support business processes, introduce risk and affect and supplement the extended internal control environment of your organization.  They may provide assets and inputs to the organization such as hardware, software, physical space, and product inputs.  Acting as an agent of the extended organization, they are subject to your regulatory obligations and policies, and they may directly supplement your human resources through consultants and temporary labor, or extend your human resources by the nature of the services that they are providing.  You may have third parties that touch on every one of these elements. 


There are numerous reasons organizations choose to engage third parties.  These include competing better; benefiting from a vendor’s expertise that you don’t have in-house; optimizing resources, acquiring resources (often more cheaply), transferring risk such as under insurance, and expanding market share by capitalizing on the third party’s presence in a market where you don’t currently have a presence or by offering a more attractive product or service because of the third party’s contributions.


Third parties are an extension of your business and, in the end, third parties introduce the same risk to your organization as if you internalized the activities.  In most cases, it is impossible to eliminate the risk altogether.  The best you can do is understand it and manage it down to an acceptable level.


RSA Archer Third Party Catalog

RSA Archer offers the Third Party Catalog use case as the starting point to consolidate your third party dependencies.


Key features include:

  • Catalog suppliers, partners, service providers and other third parties
  • Capture important details related to third parties, including contracts
  • Map internal business units to third parties
  • Manage contacts with third parties
  • Efficiently manage your third party relationships
  • Establish accountability for each third party relationship
  • Track exceptions related to third party relationships


With RSA Archer Third Party Catalog, you can:

  • Obtain an awareness of all third party relationships throughout the organization
  • Reduce time identifying third party relationships and contracts
  • Establish Accountability for individual supplier relationships and quickly identify relationship owners
  • Track contract terms, including notification of key contract events such as contract obligations, and renewal and expiration dates 


Today, organizations are faced with complex and fast moving challenges exacerbated by the very nature of rapidly expanding third party relationships.  The RSA Archer Third Party Catalog is one element of an effective Integrated Risk Management program.  Stressing the agility and flexibility needed by today’s modern organizations, integrated risk management brings together the various domains of risk across business activities (horizontally), connecting the activities to the strategies and objectives of the organization on an aggregated basis (vertically). This approach to risk management provides leadership with the most holistic understanding of risk facing the organization so they can make truly informed decisions about where to deploy limited capital and human resources to produce the most effective return to the organization.


As your company drives business growth through an extended business ecosystem strategy, your risk management program must evolve and manage risk with more agility and integration than before. Managing third party risk and performance is one ingredient to showing real progress and improvement and decreasing business risk.  RSA Archer can help your organization better understand and manage its third party relationships on one configurable, integrated software platform. With RSA Archer solutions, organizations can efficiently implement risk management processes using industry standards and best practices and significantly improve their business risk management maturity.


For more information, visit or read the Datasheet.