Skip navigation
All Places > Products > RSA Archer Suite > Blog > Author: Patrick Potter
1 2 3 Previous Next

RSA Archer Suite

34 Posts authored by: Patrick Potter Employee

While this blog is being published the week after, I am writing it on Friday the 13th.  Friday the 13th emanated from religious and cultural traditions and varies somewhat in the actual day of the week and month, but what is common is it is associated with catastrophe, potential, received or real. 


Whether you are superstitious or not, I think it is ironic that Friday the 13th falls right before Business Continuity Awareness Week.  Business Continuity Awareness Week is an annual global event to demonstrate the value of business continuity and help people understand why they should apply it to their organization. The theme for the week is return on investment. 


Business Continuity Awareness Week is more than a Hallmark holiday.  It is a great reminder to us all of the value of being prepared, not only organizationally but personally.  I have blogged before about the importance of individual preparedness, and believe it is a cornerstone of organizational preparedness and resiliency. 


Whether focusing on personal or organizational preparedness, there are three main factors to think about.  This applies to all maturity levels.


  1. Understand Your Priorities.  In simple terms, this means you have to understand what is most important to keep up and running and recover quickly if it is disrupted.  This is always health and safety related, but could also be anything from finances to servicing customers to compliance.  In the middle of a disaster, you always have to make tough decisions on what to take and what to leave behind, what to do or not to do.  If a disaster struck, what would you absolutely take with you or not do without?  Once everyone is safe, what business-related activities do you turn your attention to?
  2. Make Your Plans.  It is not enough to say that you will deal with it when it happens because that usually ends up not going so well.  Making plans means you think ahead of time how you will react before, during and after the disaster related to those priorities I talked about in point #1 above.  For health and safety, for example, how will you ensure that everyone is safe? How will they act in the event of a disaster? Where will they go? How will you communicate?  Make plans for each of those priorities you come up with. Plans need to be well documented with multiple copies kept somewhere safe.
  3. Practice.  You only know if your plans will work if you practice them.  Practicing shows you what will not be feasible, logical or natural and helps you iron out the bugs in your plans.  Practice also makes perfect.  Once your plans are solid, then practice helps everyone to learn what to do – what their roles are in the plans.  This instills confidence not only in those organizing, but in the participants – real people who may someday have to deal with a real life event.


Being prepared adds an element of much-needed peace to our lives, takes one thing off our executives’ plates and lets us focus on life, running our business or whatever else is going on.


Leave Friday the 13th to the black cats - and enjoy Business Continuity Awareness Week. 

Oh, and make sure you thank a Business Continuity professional!  Email me at with your thoughts and ideas.

Screen Shot 2016-05-17 at 1.50.46 PM.png



We are thrilled to announce the kickoff of the RSA Archer Champion Network!  Keep reading to understand what it is, how it will benefit you and what you can do to get engaged.


Why do we need the RSA Archer Champion Network? Today, RSA Archer reaches out to customers that provide product feedback, talk with other customers, speak at events, etc., but we often go to the same people and don’t have an official process for selecting or maintaining a vibrant and balanced group across use cases, industries and markets.  We need to build a complete network of GRC SMEs (aka RSA Archer Champions) that will become advocates and defenders of RSA Archer, and who we can in turn mentor and help build their GRC presence.


What is the RSA Archer Champion Network? A new, selective group of the most effective Archer advocates that have proven they go above and beyond to help drive Archer deep into their organizations, industry or market.  Champions will continue to serve as a critical source for roadmap feedback, will serve on advisory councils, speak at events, co-author blogs and articles, and participate in analyst activities, among other things.


Who can be a Champion? A Champion can be any Archer user, Subject Matter Expert (SME), champion, advocate or administrator from customer organizations.


How are Champions selected?

Each person nominates himself or herself by completing this self-nomination form at  An internal RSA Archer Selection Committee reviews the submissions for inclusion as a Champion.


What’s in it for the RSA Archer Champions?

  • Exclusivity – Being part of an exclusive RSA Archer Champion Network – think of it as a “platinum” club in Archer circles.  
  • Engagement – Champions will be pulled into conversations, events, requests and thought leadership, schedules permitting.  Without overusing our Champions, we would like them to be consistently engaged with us on various levels to post, speak, volunteer, reach out to others, etc.
  • Information – We have a private subspace on the RSA Link Community and provide Champions with access and special insights from and access to our leaders through newsletters, special blogs from SMEs, invitations to special events and other insights. 
  • Recognition – We will make our Champions our special guests at RSA Charge, User Groups, Working Groups and other events. We’ll recognize Champions at these events or whenever attending other RSA meetings or calls.
  • Career Building – With Archer positions growing in the market, this Champion status will be marketable. 


Private RSA Archer Champion Network Community

This subspace will be where the Champions can post their bios, meet other Champions, initiate and respond to discussions, post questions, see Archer activities they can participate in and receive updates from Archer professionals and other Champions.  We have given access to this site to certain internal RSA employees because we want the Champions to engage with them online as well. 


Next Steps:

  • Click on the graphic at the top of this blog, which will take you to the self-nomination form.  Complete and submit the form to nominate yourself as a potential RSA Archer Champion!
  • The Selection Committee will review submissions, select Champions and announce them at the end of June 2016.  The submission process will remain open indefinitely as we continue to build the Champion Network.
  • Invite other individuals you feel would qualify also to self-nominate.


The Champion Network is meant to drive the Archer product forward and help you build your presence as an RSA Archer GRC expert.  With input and share of voice from Archer supporters like you, we are confident we will all be successful!  We hope you take advantage of this opportunity to build your professional network and help us together build the Archer Champion Network.  For any questions, reach out to Patrick Potter or Denise Sposato

We are pleased to announce that RSA Archer has been awarded the SC Magazine 2016 Excellence Award for offering the best regulatory compliance solution!

Archer had to demonstrate that our solution helps organizations comply with specific regulatory requirements in the health care, retail, educational, financial services and government markets. Archer also had to demonstrate that we help customers meet mandates in such legislation as HIPAA, SOX, GLBA, FISMA, and in guidelines noted by the likes of the FFIEC and the PCI Security Standards Council. Archer had to offer references of customers who are engaged in, or have already completed, real, fully fledged deployments, and to address specific questions posed to us during the judging process.  This was a rigorous yet worthwhile review of our solution and we sincerely thank SC Magazine for this honor. 

Hundreds of RSA customers have been using our regulatory compliance capabilities for many years and we are proud to offer these critical capabilities to a market that not only needs them but has been our partner in building and maturing our solution to be what it is today.

Once again, a sincere thanks to SC Magazine and the many faithful RSA Archer customers that trust us to help them mature their regulatory compliance capabilities.

Screen Shot 2016-03-02 at 4.22.04 PM.png

In the 1993 movie, Groundhog Day, Phil (Bill Murray), an arrogant weatherman, is out to cover the annual emergence of the groundhog from its hole. He gets caught in a blizzard that he didn't predict and finds himself trapped in a time warp.

Screen Shot 2016-02-01 at 12.33.07 PM.pngHe is doomed to relive the same day over and over again until he gets it right.


This reminds me of my days as an internal auditor and how during every audit we would identify issues, or gaps in internal controls or risk management, that we would ask management to address.  We would complete the audit and move on to the next one.  A year or two later we came back to review that same area and invariably would find many of the same issues as the previous audit and, lo and behold, the issues had not been addressed.  It felt like Groundhog Day. It probably also felt like Groundhog Day for management because once the auditors left, their day-to-day responsibilities to run the business took precedence over addressing the issues we raised.


Let’s look at how this probably happens for a lot of companies with a simple example. Finance department management performs control self-assessments during the year and identifies issues in their processes and controls they want to address.  They document the issues in a spreadsheet and begin to address them.  A few months later, the Compliance department is testing the company’s adherence to Sarbanes Oxley and finds issues that happen to fall into the Finance department’s responsibilities.  They document their issues and forward them in an MS Word report to Finance to be addressed.  Later, Internal Audit performs a Finance department review and happens to identify other control issues.  They document their findings in an audit report and send it to Finance department management to be addressed.  This broken record plays on and on.


By now Finance department management is pulling their hair out because they have a seemingly endless stream of issues they are responsible to address coming from different sources and in different formats.  They don’t know if the issues are duplicative or conflict with each other.  There are different priorities placed on the issues and deadlines, and they have to report status to multiple organizations.  It’s just confusing and uncoordinated and this approach does nothing to help the Three Lines of Defense (Check out this 3LOD Blog) organize their efforts.


All Three Lines of Defense need one method to track issues and their resolution, or lack thereof. From the perspective of the department responsible to address the issue, they need to see all of the issues assigned to them from whatever their source, be able to see if there’s duplication, how and if their teams are addressing the issues, if they are on schedule and the risk and impact of not addressing the issues.  This is a real advantage to management who not only own that issue but are responsible to run the business, because they can make risk-based, analytical and informed choices regarding how to address the issue and this provides them leverage and control over the outcome.  The other two Lines of Defense benefit because they can recommend issues and track their resolution even after they have finished their reviews; they can follow up as needed, run reports and even monitor issues across business units, owners, controls and risks.


Just like in the movie, only when Phil finally gets it right does Groundhog Day stop, there is now an answer to help all three Lines of Defense manage their issues and it’s called RSA Archer Issue Management.  RSA Archer eliminates much of the lack of communication and confusion that results from the myriad of issues companies are trying to address.  Watch this short video for more information RSA Archer Issues Management: Know your Gaps, Take Action.


One of my favorite lines from the movie is when Phil is sitting in a restaurant for the umpteenth time and asks: “Do you ever have déjà vu, Mrs. Lancaster?”  Mrs. Lancaster replies: “I don't think so, but I could check with the kitchen”.  Well, when it comes to déjà vu, let’s keep it to our favorite dish – when it comes to coordinating and driving real resolution to our risk and control issues, try RSA Archer Issue Management.  Email me at with your comments.  Also, follow me @pnpotter1017.

Filter Blog

By date: By tag: