Skip navigation
All Places > Products > RSA Archer Suite > Blog > 2019 > May

Many organizations establish policies to provide guidance regarding conflicts of interest when conducting business with outside organizations. A conflict of interest may occur when you have a personal or financial interest with the company or person you are conducting business with. As a part of managing conflicts of interest, it is important to manage and monitor the acceptance of gifts from both parties.  


Gifts, entertainment expenses, and charitable donations are used frequently to build and maintain good relationships between your organization and the companies you do business with. However, if not managed properly, conflicts of interest can impact judgement and the business relationship. Most organizations implement some form of anti-bribery or conflict of interest policy to ensure employees are conducting business in an honest and ethical manner when contemplating or entering into a transaction or arrangement that might benefit one party over the other. It is crucial to ensure that any gifts, entertainment expenses, or charitable donations are within the company's policies and do not pose a conflict of interest to protect the relationships between partners, customers, vendors, and anyone else you conduct business with.


On May 21st, the RSA Exchange introduced a new offering to help you address your organization's requirements for gift registration.  The RSA Archer Gift Registration app-pack helps monitor the risks against violations of conflict of interest with regards to gifts, entertainment expenses and charitable donations. In doing so, you can identify requests over the organization's threshold and manage the exceptions to identify areas with potential conflicts of interest and address the issue.


RSA Archer Gift Registration allows you to:

  • Track gifts, entertainment expenses, and charitable donations
  • Identify and manage non-compliant expenses
  • Manage and report exceptions for approved expenses outside of the organization’s threshold
  • Provide visibility into the status of the requests


Interested in learning more about the RSA Archer Gift Registration app-pack? Join us for a Free Friday Tech Huddle on Friday, May 31, for a live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at


RSA Archer Gift Registration Dashboard

Strategies drive the overall direction of a company; therefore, one of the top priorities for every organization is to ensure strategies are executed according as planned and in a timely manner. Understanding and preparing for risks that pose a threat to your organization's strategy execution is crucial. To aid in successful strategy execution, you must implement a process to identify, assess, and mitigate any strategic risks that may impact your organization's strategy.  Some of these risks include but are not limited to:   

  • Shifts in consumer demand and preferences
  • Legal and regulatory change
  • Competitive pressure
  • Merger integration
  • Technological changes
  • Senior management turnover
  • Stakeholder pressure


Proper strategy execution requires prioritization of the strategic risks. With the RSA Archer Strategic Risk Management app-pack, your organization will find comfort in a consistent and repeatable process for identifying and mitigating strategic risks, while understanding the level of preparedness against risks that impact your organization's strategies, minimizing the risks for successful strategy execution.


This new app-pack helps you get the most from both the Risk Catalog and the Strategic Planning app-pack. With the RSA Archer Strategic Risk Management you can relate the strategic risks to the strategies defined in the RSA Archer Strategic Planning app-pack to get a holistic view of your organization's strategies and how the strategic risks impact the organization. In addition, the existing Risk Catalog lets you build an inventory of your risks, from the enterprise level down to the operational level through the Risk Register. It allows you to roll-up individual risks into macro-levels for analysis and reporting at the most relevant level. With the addition of the RSA Archer Strategic Risk Management app-pack, you now have another layer of analysis available to you. Once you have identified risks in your hierarchy that tie back to Strategic Risks, you can track them together in the new app-pack while still maintaining the hierarchical structure in the Risk Catalog. That way, you have insights both on how individual risks roll-up throughout the organization AND on how each risk can influence the strategic risks.


RSA Archer Strategic Risk Management allows you to:

  • Identify strategic risks within the organization
  • Relate strategic risks to organizational strategies
  • Conduct a Strategic Risk Assessment to determine risks, impacts, and level of preparedness
  • Implement Action Plans to remediate strategic risks outside of the organization’s tolerance levels
  • Monitor strategic risks to identify opportunities to mitigate risks 


Interested in learning more about the RSA Archer Strategic Risk Management app-pack? Join us for a Free Friday Tech Huddle on Friday, May 31, for a live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at



RSA Archer Strategic Risk Management

Strategic Risk Manager Dashboard

Wouldn’t it be great if the size and resources of your third-party risk management team actually kept pace with your growing number of third parties? Hey, it never hurts to dream. But in case that dream never becomes a reality, RSA Archer has got your back.


Third-party relationships aren’t just growing in number and complexity -- they’re also growing in their potential impact to your business. As innovative companies lean into digital transformation, they’re increasingly leveraging third parties to host new infrastructure, improve customer experiences, and fuel digital-native products. So as our reliance on third parties grows, we have to ask ourselves how our risk management can work better, smarter, and faster.


Third-party risk management has traditionally been limited to questionnaires. These assessments remain important today, but they leave several gaps in effective risk management. First, they only tell you the risk at the "point in time" the assessment is conducted. Second, they only tell you what the third party knows and wants you to hear. They do nothing to illuminate security gaps that a vendor isn’t aware of. They tell you which controls are in place, but leave you with no assurance that those controls are operating effectively. And lastly, they’re just downright time-consuming for everyone involved, from respondents to reviewers. In a world where third parties are critical to bringing new products to market, that means hindering the pace of progress for the entire business.  


So how can we do risk better? The key is to maximize efficiency and minimize risk. Doing that means focusing on protecting value at risk. This requires having context for what matters to the business and where the value lies. But it’s not enough to just identify risk. Effective risk management also requires action.


That’s why we’re so excited to announce the new RSA Archer Third Party Security Risk Monitoring use case. While questionnaires and risk rating services alone only provide a partial view of risk, RSA Archer now enables you to build the complete picture. This new RSA Archer use case brings together business context, technical valuation powered by machine learning, objective verification of operating effectiveness, and actionable workflow to provide the most efficient, effective approach to risk management.


With both questionnaire-based assessments and new continuous monitoring of a third party’s internet presence, you can focus on how risk is actually implemented and operated. Prioritizing actions based on inherent business risk, asset value, and known defficiencies keeps you focused on what matters most. RSA Archer’s powerful workflow engine then ensures that the most critical issues get triaged both internally and externally for immediate response. As part of the broader RSA Archer platform for integrated risk management (IRM), you can also maximize the business value of your risk management program by providing a single place to share third party risk dashboards with stakeholders from the first line of defense, compliance, business resiliency, information security, and more.


Interested in taking your third-party risk program to the next level? Join us on Wednesday, May 22, 2019 at 11:00 AM Eastern for our webinar, "Third Party Risk Management: Making Sense of Your Vendor Data." To sign up, register here. Learn more about the new RSA Archer Third Party Security Risk Monitoring use case and be sure to join us for a Free Friday Tech Huddle on June 14, 2019.

With today’s launch of RSA Exchange Release R8, we’re excited to bring you new offerings that can help you in continuing to advance in your integrated risk management (IRM) journey.


One RSA objective for this year is delivering advanced IRM capabilities to help your organization achieve greater visibility and insights. RSA Exchange Release R8 is one of our largest releases to date and brings to market new capabilities in managing tax risk and strategic risk, as well as managing your organization’s conflict of interest policies with gift registration. In addition, 13 new and updated integrations offer enhanced insight from industry-leading software providers, and 6 new authoritative sources can help widen your view of risk.


The RiskRecon integration has been updated to optimize the new RSA Archer Third Party Security Risk Monitoring use case, which is now generally available.


Here is a full list of the new and updated offerings available in Release R8.






There are so many new capabilities available in Release R8, and I know it can be overwhelming.  My suggestion is to start by reviewing the product advisory to learn a bit more about each of the new and updated offerings.


Next, I invite you to join me for a Free Friday Tech Huddle on Friday, May 31 for an overview of the RSA Exchange Release R8 offerings. Christine Tran will also provide a demonstration of the new RSA Archer Strategic Risk Management and RSA Archer Gift Registration app-packs.


Lastly, there is a wealth of documentation, downloads, and more on the RSA Exchange on RSA Link.  I recommend that you bookmark the listing of all RSA Exchange offerings. And if you have new ideas for the RSA Exchange, please send them our way on RSA Ideas

Let's talk about entropy. No, I'm serious, we have to talk about it. Entropy is the natural tendency for things to become less organized over time, a natural decay of order and planning that creates chaos and uncertainty. And it is a natural tendency. As the work piles up, the new tasks, the urgent tasks will replace the mundane and old tasks at the top of your conscious mind. They have not become less important, they just are a victim of entropy.


I fight against entropy all the time, we all do. We try to create order and structure through a calendar, a to do list, reminders… Anything can become a tool in the fight against entropy. And that does bring us to a new feature in Archer 6.6, the automated metrics update.


Metrics are a great tool to monitor data, whether is it performance, risk or control data. It can give you a quick snapshot of a situation, it can give you early warning if something is not quite right, it can be used for trending, it has a lot of uses. The issue is that what you get from your metrics program is what you put in. If your metrics are not updated on a regular basis then you won't get anything of value out of them. Entropy is fighting against you, who will remember to go in an update a key indicator when there are ten new tasks to perform?


That is why we leveraged the new rules based enrollment feature in Advanced Workflow to implement an automatic upgrade of key indicators. Based on the update frequency and the last update date, metrics that are past their due update date are now going to be automatically enrolled in a workflow. The metric users will receive a notification, and have a task created for them to update their outstanding metrics. It’s a simple one step process that will ensure the key indicators stay up to date.


The end result is that since metrics will be more reliably up to date, all the information you use them for, dashboard, reports, trends, alerts will also be more up to date and reliable. So will the metrics you decide to feature on a dashboard through the new featured metric feature. The insights you will get from them will be better and timelier. And your fight against entropy will be made easier since there will be no need to chase metrics owners down to get them to update their data.


Now, this is only one illustration of how the new rules based enrollment workflow feature can be used, I am impatient to see what you will actually use it for. What do you think will be the first workflow you build using this?

Available beginning today, RSA Archer Release 6.6 represents our next step forward in creating a next-generation user experience that brings the power of RSA Archer to an evolving user base, where they are, with the context they need, and in the format they want.


With this release, we’ve focused on continuing to elevate the user experience with RSA Archer, with user interface, usability, and accessibility updates that support the growing scope and importance of risk and compliance at all levels of our customers’ organizations. Release 6.6 includes a number of improvements to key features of the main navigation, dashboards, and records pages for a more modern look and feel and enhanced functionality.


Other enhancements to the RSA Archer Platform include search and reporting improvements for easier and faster analysis. A new “Refine By” pane on the search results page – similar to what you would see in the left column on -- makes it easy to slice and dice initial search results by clicking attributes to filter the results without leaving the results page. Users can also add, remove, and reorder display fields directly from the search results page, for more efficient modifications to search results. To enable faster navigation and search, Global Search now provides search suggestions that appear in real-time as text is entered to enable faster navigation, and prioritizes content that matches the Key Field, Tracking ID, or both.


Release 6.6 includes workflow management enhancements for greater efficiency, including while on the move. As one of the customer-voted “Top 10” features on RSA Ideas, the new Advanced Workflow Actions by Email capability enables users to quickly and easily complete workflow actions, such as approving or rejecting a record, via email without the need to log in to RSA Archer. The release also includes performance improvements to optimize management of data at scale, support for an Application Managed Output Writer for JavaScript Transporter to enable more data in a single data feed, and removal of inactive jobs to reduce the job engine load.


RSA Archer Release 6.6 also includes updates for several use cases:

  • RSA Archer Key Indicator Management use case updates enable past due active metrics or metrics that do not have recorded results to be automatically enrolled into workflow. Metric owners are notified that action is required and can then determine the appropriate remediation actions for the metric.
  • RSA Archer Corporate Obligations Management and RSA Archer IT Regulatory Management use cases have been updated to remove pre-configured data feeds from the use case package, allowing customers to customize configuration based on their regulatory requirements. Data feeds are now available from the RSA Exchange on RSA Link.
  • RSA Archer Enterprise Catalog is a new package designed to simplify the process of updating releases by aggregating shared applications across multiple use cases.


Last, but certainly not least, for our global customers, RSA Archer Release 6.6 includes localization for the eight languages supported by RSA Archer. We’re very pleased to be able to provide localization with general availability for the first time with RSA Archer Release 6.6. Customers can immediately download RSA Archer in their language of preference, and translated documentation is also available.


For more details on RSA Archer Release 6.6 features and functionality, RSA Archer customers can review the product advisory. Customers are invited to join us for a Free Friday Tech Huddle on Friday, May 3. You can also read the blog series and check out the documentation available on the RSA Archer Release 6.6 subspace on RSA Link.


If you haven’t yet upgraded to 6.x to take advantage of these and other great features, please reach out to your account representative. You don’t know how much you’re missing!


Stay tuned for even more great things coming soon for the RSA Archer Suite.

Filter Blog

By date: By tag: