With today’s launch of RSA Exchange Release R8, we’re excited to bring you new offerings that can help you in continuing to advance in your integrated risk management (IRM) journey.

One RSA objective for this year is delivering advanced IRM capabilities to help your organization achieve greater visibility and insights. RSA Exchange Release R8 is one of our largest releases to date and brings to market new capabilities in managing tax risk and strategic risk, as well as managing your organization’s conflict of interest policies with gift registration. In addition, 13 new and updated integrations offer enhanced insight from industry-leading software providers, and 6 new authoritative sources can help widen your view of risk.

The RiskRecon integration has been updated to optimize the new RSA Archer Third Party Security Risk Monitoring use case, which is now generally available.

Here is a full list of the new and updated offerings available in Release R8.

• App-Packs – pre-built applications addressing adjacent or supporting Integrated Risk Management processes (e.g. niche, industry, geo-specific)
  • HCL Tax Risk Management
  • RSA Archer Gift Registration
  • RSA Archer Strategic Risk Management

• Tools & Utilities – pre-built functions enabling administrators to more easily manage their RSA Archer implementations
  • Archer Scripts Data Driven Event Analysis
  • RSA Archer Data Feed Monitor update

• Integrations - pre-built data exchange configurations bringing data into and pushing data out of the RSA Archer Platform
  • Allied Media Digital Testing and Controls Automation
  • Apparity EUCA Risk Discovery and Analysis
  • Axonius Cybersecurity Asset Management
  • Centers for Medicare and Medicaid Services (CMS) Data Feeds
  • CyberArk Privileged Access Security
  • Rapid7 Nexpose
  • Redis
  • Recorded Future Third Party Risk
  • RiskRecon update
  • Scaleout StateServer
  • Venminder Third Party Risk Management
  • S. Department of Health and Human Services (HHS) Data Feed
  • Wolters Kluwer Regulatory Data Feed update

• Content - pre-mapped collection of best-practice policies, control standards, legal and regulatory requirements, industry standards, and assessments
  • Australian Privacy Act Authoritative Source
  • Australian Prudential Standard CPS 234 on Information Security Authoritative Source
  • New Zealand Privacy Law Authoritative Source
  • Shared Assessments Standard Information Gathering Template for 2019 Questionnaire
  • S. Department of Health and Human Services (HHS) Cybersecurity Practices Authoritative Source
  • US State Breach Notification Laws Authoritative Source update

There are so many new capabilities available in Release R8, and I know it can be overwhelming.  My suggestion is to start by reviewing the product advisory to learn a bit more about each of the new and updated offerings.

Next, I invite you to join me for a Free Friday Tech Huddle on Friday, May 31 for an overview of the RSA Exchange Release R8 offerings. Christine Tran will also provide a demonstration of the new RSA Archer Strategic Risk Management and RSA Archer Gift Registration app-packs.

Lastly, there is a wealth of documentation, downloads, and more on the RSA Exchange on RSA Link.  I recommend that you bookmark the listing of all RSA Exchange offerings. And if you have new ideas for the RSA Exchange, please send them our way on RSA Ideas! 

RSA Exchange Release R4 is now available! We’re excited to introduce two new app-packs and nine new integrations. Plus, we’re introducing the RSA Archer Content Library on the RSA Exchange.

As you’ve likely heard, the RSA Exchange helps you easily access and download best-practice App-Packs, Integrations, and Tools & Utilities. The RSA Exchange features offerings that leverage On-Demand Applications created by RSA and RSA SecurWorld Partners, known as App-Packs, via the RSA Link online community. It also highlights RSA Ready certified Integrations that enable you to pass risk data between the RSA Archer Platform and third party software, as well as Tools & Utilities to help administrators manage the Platform.

The newest RSA Exchange offerings in Release R4 include:

• App-Packs - pre-built applications addressing adjacent or supporting GRC processes (e.g. niche, industry, geo-specific)
  • RSA Archer Model Risk Management provides an automated governance process to document and manage changes to the organization’s model and model inventory.
  • RSA Archer Strategic Planning provides an automated process for documenting and managing strategies, strategic plans, and operational plans.

• Integrations – pre-built data exchange configurations bringing data into and pushing data out of the RSA Archer Platform
  • BigID Data Mapper extends customers’ ability to implement a holistic approach to EU GDPR compliance programs and efficiently operationalize GDPR obligations for data subject access rights, including DSAR reports, record modification and data process record keeping.
  • Emergynt Instinct Engine allows users to build risk metrics from RSA Archer reports, leveraging them for Second Line of Defense (Chief Risk Officer, Chief Executive Officer, Executive Board, etc.) risk reporting.
  • Recorded Future Vulnerability Enrichment Feed allows customers to automatically download contextual data regarding cyber vulnerabilities. 
  • Wolters Kluwer Regulatory Data Feed allows you to automatically import Wolters Kluwer data directly into the RSA Archer Corporate Obligations Management use case.
  • Tableau Web Data Connector allows for the creation and analysis of RSA Archer’s data in the Tableau software in real time, with no additional steps to ETL the data to another system or format.
  • Regulatory content (RSS) feeds for the RSA Archer Corporate Obligations Management use case, including feeds from:
    • Federal Trade Commission (FTC)
    • GovTrack 
    • Monetary Authority of Singapore (MAS)
    • Reserve Bank of India (RBI)

• Content - pre-mapped collection of best-practice policies, control standards, legal and regulatory requirements, industry standards, and assessments 
  • RSA Archer Policy Content Library
  • RSA Archer Control Standards Library Content
  • Authoritative Sources
  • RSA Archer Question Library Content

Interested in learning more about these Release R4 offerings? Check out details on the RSA Exchange and join us for these upcoming Free Friday Tech Huddles:

• May 25 – RSA Exchange Release R4 overview
• June 8 – Introduction to the RSA Archer Strategic Planning and RSA Archer Model Risk Management app-packs
• June 15 – Introduction to the Tableau Web Data Connector integration
• June 22 – Introduction to the BigID integration
• June 29 – Introduction to the Wolters Kluwer integration

Please note, Free Friday Tech Huddles are available to existing RSA Archer customers. If you are not yet a customer but interested in learning more, please contact your local representative or authorized reseller.

Congratulations, your use case is live! You have successfully automated your business process with RSA Archer. After a team high-five and a few moments of contemplation of your team’s shear awesomeness, you hear the “ding” of your email inbox wind up like a month-long holiday radio station. Upon reviewing said inbox, you note a growing list of requests asking:

• Would you grant access to this great new business process for my whole team?
• Can I request a data import to speed up the data entry process?
• I love this report…but could we tweak it to add X value?
• Can we add another status option to field Y?
• Can we use RSA Archer to manage Z risks? How about our Friday donut club?
• Oops! I accidentally added this record. Could you delete it for me?

In the RSA Archer world, a successful risk and compliance program can feel like you’ve climbed the highest peak. And past the peak, that success can overwhelm your team post-implementation with a snowball of requests for enhancements, access requests, and more. Complicating matters, these requests are usually emailed to the GRC team or business process owner and often lack the necessary details needed to adequately define the request’s requirements. Large volumes of these type of requests can overwhelm business process owners and Archer admins who are typically responsible for reviewing the requests, evaluating their impact to the existing business process, and determining their priority to the business. Organizations must establish a governance process to manage and prioritize these requests as their volume increases.

At RSA Charge in October, one of our amazing presenters provided an all too familiar example highlighting the need for a change request program. As their team prepared a business process demonstration for the on-site bank examiners, they noticed a field in their application records suddenly appeared blank. After careful review, it was determined that another team using this “shared” application in RSA Archer decided they weren’t using that particular field…and deleted it.

Unfortunately, this is not an uncommon scenario. But there are two steps that your organization can take to minimize the potential this scenario will happen to you.

Step 1: Institute an RSA Archer Control Board

Business processes require oversight and governance; so does the technology that automates and manages those business processes. A Control Board can ensure that any enhancements or changes to the business process complement or enhance the current risk management process within your organization. An RSA Archer Control Board is responsible for your organization’s RSA Archer roadmap and can review short term minor changes as well as plan for larger projects in the future that may involve more staffing and investment.

The Control Board reviews proposed requests and evaluates the impact the requested change may have to other business processes, applications, questionnaires, calculations, reports, iViews, workspaces, and more. In addition, this team can prioritize the requests based on business need, impact, legal review, effort, and more.

Fortunately, there are many mountain climbers that have forged a successful path ahead and can offer guidance on setting up Archer Control Boards. In fact, several presenters provided their best practices and lessons learned at RSA Charge 2017 and their presentations are available (here and here) on the RSA Archer community. (Please note, these links require access to the RSA Archer Customer/Partner Community.)

Step 2: Automate Your Support Request Process

Managing change requests for your RSA Archer implementation is simply a governance business process. So, why not automate it?

The good news: RSA Archer has done all of the hard work for you! On November 14, we released the RSA Archer Support Request app-pack to capture end user requests for enhancing RSA Archer business processes. Organizations can easily manage their business teams’ ideas including:

• Business process improvements, innovations, or changes;
• Suggestions for new reports or changes to existing reports;
• Requests to delete records;
• Proposals for updating dashboards and iViews;
• Enhancements application layouts;
• User access requests, and more.

In addition, the RSA Archer Support Requests app-pack assists business process owners in defining enhancement requirements, level of effort, and prioritizing incoming requests. Once the request has been approved, the RSA Archer Administrator can manage the development status and document progress as the request is being developed and deployed. 

With RSA Archer Support Requests, your Control Board can track, prioritize, and implement requested changes to your RSA Archer implementation allowing your organization to quickly respond to business requests and minimizes disruption to the system and existing business processes.

Interested in learning more about the RSA Archer Support Requests app-pack? Join us for a Free Friday Tech Huddle on December 1, 2017. In addition, a demonstration video is available on the RSA Exchange. Check it out and let us know what you think!

RSA Archer Support Request for Access

Completed Request for a Report Enhancement

As promised, we’re ready to offer our quarterly release for the RSA Exchange!

If you haven’t heard, the new and improved RSA Exchange helps you easily access and download best-practice ODA offerings created by RSA and RSA SecurWorld partners, known as App-Packs, via the RSA Link online community. It also highlights RSA Ready certified Integrations that enable you to pass risk data between the RSA Archer Platform and third party offerings, as well as Tools & Utilities to help administrators manage the Platform.

First, I’d like to welcome two new partners to the RSA Exchange Technology Partner Program. This program enables RSA SecurWorld Partners to develop and offer best practice App-Packs and Tools & Utilities on the RSA Exchange. RSA Exchange Release R2 includes the first offerings from our RSA SecurWorld partners:

• Archer Experts: Archer Experts Re*Porter and Archer Experts Record Retention
• The Bowmen Group: Bowmen Group Multicurrency

I am very excited to bring our partner’s offerings to you and help begin our partner’s journey with the RSA Exchange. Be sure to check out them out on the RSA Exchange.

At RSA Charge 2017 last month, I heard many stories about your risk and compliance successes, as well as the amazing response your organizations have had to GRC programs using RSA Archer technology.  One of the most common questions was “how do you handle the large volume of enhancement and new use case requests?”  Many organizations have created an on-demand application (ODA) to handle these requests.  In addition, RSA Archer has been asked to help provide a more formal process for handling the data collections process for regulatory examinations. To help address these business issues, RSA Exchange Release R2 introduces two new App-Packs:

• RSA Archer Support Requests captures end user requests and recommendations for enhancing RSA Archer business processes and use cases. Organizations can easily manage their business teams’ ideas for process improvements and innovations by enabling end users to submit business process changes, ideas for new reports, requests to delete records, proposals for updating dashboards and iViews, specifications for enhancing application layouts, requests for user access, and more.
•  RSA Archer Exam Management  helps organizations prepare for, document, and manage the processes for conducting an audit examination. This offering provides a centralized process to efficiently manage scoping, data collection, collaboration, and the post analysis phase of an exam. Organizations can track the phases of an exam; assign, collect, and track information requests; log hours worked on each phase; and maintain visibility into related loss events.

RSA Exchange Release R2 also highlights several new RSA Ready-certified integrations:

• Demisto
• Digital Defense
• LogicHub
• RiskRecon
• Swimlane
• U.S. Treasury Specially Designated National (SDN) and Blocked Persons List

Interested in learning more about these offerings? If you are planning to attend the RSA Archer Summit in London this week, drop by the RSA Exchange demo pod to learn more! We also invite you to join us for a Free Friday Tech Huddle on December 1, 2017 that will highlight these offerings.  And, as always, you can visit the RSA Exchange for all of the details.

As the saying goes, “Everything is BIGGER in Texas”.

And RSA Charge!

This event is the biggest gathering of the RSA Archer community and risk professionals in the world. And the RSA team is ecstatic that we get to host this BIG event in the BIG state of Texas.

As a teenager, I spent my summers visiting my sister who worked and lived in Dallas. We toured the 6th Floor Museum, Six Flags, the Dallas Zoo, Reunion Tower, the Fort Worth Botanical Gardens, and J.R.’s ranch, Southfork from the hit TV show Dallas. There are so many BIG and fun attractions to guide your stay while you’re in the Dallas - Fort Worth area for RSA Charge. I’m very excited to plant my boots back in this great city that holds so many memories.

In addition to the boundless hospitality and attractions of Dallas, the RSA Charge event brings together the foremost thought leaders to tackle one of the BIGGEST topics for executives and board of directors – RISK. Whether we are talking about cyber risk, operational risk, third party risk, audit risks, resiliency risks, compliance risks, and more, the RSA Archer community at RSA Charge can discuss how they are addressing risk within their organization, learn best practices from their peers, and make new connections to help continue their organization’s risk management journey.

I have the privilege of overseeing the Risk and Compliance track Taking Command of Your Risk Management Journey. Sessions for this track are focused on approaches, strategies and recommendations to help build and mature your risk and compliance program. Over the years, I’ve watched the topics for this track mature as your programs and the risk community have matured. The sessions in this track are very well attended as our speakers are seasoned risk pros. And this year’s line-up is BIG! Here are a few highlights:

• Our friends from AIG, ME Bank, and the BPAY Group will discuss how they are balancing their risk journey;
• A financial services risk manager will share how their organization demonstrated value to senior leadership;
• Lockton Companies and RSA will discuss the benefits of mitigating risk through cyber insurance;
• Berkshire Bank and US Bank will highlight their change request programs; and
• Duke Energy, Verizon, Raiffeisen Bank, and EY will talk about how they are using an Agile approach when implementing risk programs.

There are so many great topics in the Taking Command of Your Risk Management Journey track. Be sure to check them out and add these great sessions to your agenda. Not registered yet? Visit the RSA Charge site to register, schedule hotel accommodations, review sessions, and more.

I’ve been attending and moderating sessions for this BIG event since 2009. Having reviewed the sessions for this year’s event, I know that this is a BIG opportunity for you to learn from the best in the risk management industry and get the most out of your technology investment. I look forward to seeing you in Dallas!

RSA Charge 2017, the premier event on RSA® Business-Driven Security™ solutions, unites an elite community of customers, partners and industry experts dedicated to tackling the most pressing issues across cybersecurity and business risk management. Through a powerful combination of keynote speeches, break-out sessions and hands-on demos, you’ll discover how to implement a Business-Driven Security strategy to help your organization thrive in an increasingly uncertain, high-risk world. Join us October 17-19 at the Hilton Anatole in Dallas, Texas.

The EMEA GRC Community gathered in record numbers last week for our second annual RSA Archer GRC Summit in EMEA.  With over 300 attendees this year, we saw a huge increase in participation from our inaugural event last year – by far the largest GRC Summit in the Europe, Middle East and Africa region.  For everyone that attended, thank you for spending your valuable time to network with peers, share your knowledge and continue your Risk Intelligence journey.

This year’s GRC Summit featured:

• 15 educational breakout sessions led by customers, partners and RSA subject matter experts covering topics such as GRC Program, IT & Security Risk, Operational and Enterprise Risk, Regulatory & Corporate Compliance, Business Resiliency and Third Party Governance.
• Keynotes from Rob Gould (Vice President EMEA, RSA), Eric Erston (RSA Archer Go To Market, RSA), Malcolm Marshall (Partner, Global Leader, Information Protection, KPMG) and Ron “Chopper” Harris (Chelsea Legend, Chelsea FC) focused on the central theme of Risk Intelligence – harnessing risk and exploring opportunity.
• 8 sponsors including KPMG (Gold Sponsor), Accenture and EY (Silver Sponsors) and Atos, WiPro, CSC, TUV Rheinland and NTT Communications (Bronze Sponsors) that shared and demonstrated their risk and compliance best practices.

We would like to thank all of our attendees, speakers, panelists, and exhibitors for making the RSA Archer GRC Summit EMEA such a wild success.  The educational breakout sessions have been posted on the RSA Archer Community (login is required) and pictures of the event are also available (use the password “Chelsea”).  Please take a look and share with other risk and compliance practitioners that were not able to join the event.

We look forward to seeing everyone next year!  Cheers!

RSA Archer was positioned as a Leader in the 2014 Forrester Wave: GRC Platforms report, issued last week by independent research firm Forrester Research. The Forrester Wave GRC report shows very positive evaluation of the RSA Archer GRC Platform across the board, with a focus on reviewing specific Platform features. It’s very clear that our customers once again provided Forrester with terrific feedback on the RSA Archer GRC Platform and solution offerings.

In addition to ranking GRC platforms, the Forrester report also noted the end of distinctly defined GRC Platform submarkets, such as IT GRC versus Enterprise GRC, due to growing customer interest in a consolidated platform for diverse use cases. Leaders were shown to support these diverse use cases and possess the flexibility to help customers address changing market and business demands.

We greatly appreciate the concerted efforts of our customers and various RSA Archer groups that came together to make the Leader ranking by Forrester possible.  We’re very excited that RSA Archer continues to be the only GRC solution provider rated as Leader across both the Forrester Wave GRC report and all Gartner reports for IT GRC, Enterprise GRC, and Business Continuity Management Planning.

We invite you to download Gartner reports on IT GRC, Enterprise GRC and Business Continuity Management.