Skip navigation
All Places > Products > RSA Archer Suite > Blog > Author: Emily Shipman

RSA Archer Suite

2 Posts authored by: Emily Shipman Employee

RSA knows risk management is a team sport, which is why we’ve made it our mission to “Inspire Everyone to Own Risk.” And these days, “everyone” includes the vendors that provide services and goods that help to support and fuel your business. To effectively to manage your third-party risk, it’s essential to foster engagement with your vendors and gain insight into their activities.


Launched today, the new Vendor Portal for RSA Archer Third Party Risk Management makes it easier to facilitate collaboration between business stakeholders, risk managers, and external vendors. As a feature enhancement for the Third Party Risk Management use case, Vendor Portal provides an intuitive interface for vendors to easily and securely complete assessments, upload documentation, respond to issues, and attest to performance, while minimizing the management burden for RSA Archer administrators. 


RSA Archer users can publish content to Vendor Portal with the click of a button. Automatic provisioning makes it easy for vendors to access the system and invite their peers to collaborate. When their work is complete, assessment or application responses are natively synchronized back into RSA Archer for review.


Vendor Portal is a SaaS-based feature that is compatible with RSA Archer on-premises, hosted, and SaaS implementations that are licensed for the RSA Archer Third Party Risk Management use case. Vendor Portal can be utilized for up to 50 vendors at no charge, and larger vendor quantities can also be supported at an additional charge.


Key features of Vendor Portal include:

  • An external interface and dashboard for secure collaboration with vendors
  • Native synchronization with RSA Archer to externally publish applications and questionnaires and retrieve responses
  • Self-service provisioning for vendor users


Customer benefits of Vendor Portal include:

  • More efficient engagement with vendors
  • Intuitive experience for vendors with nominal training
  • Reduced management burden for RSA Archer administrators



If you’d like a closer look at Vendor Portal, you can find more information on RSA Link. Customers are invited to join us for the upcoming Free Friday Tech Huddles (pre-registration is required):

  • July 24, 2020 at 11:00am Eastern -- Introducing Vendor Portal for RSA Archer Third Party Risk Management
  • July 31, 2020 at 11:00am Eastern -- Installing and Configuring Vendor Portal Service and Publish Custom Object

Wouldn’t it be great if the size and resources of your third-party risk management team actually kept pace with your growing number of third parties? Hey, it never hurts to dream. But in case that dream never becomes a reality, RSA Archer has got your back.


Third-party relationships aren’t just growing in number and complexity -- they’re also growing in their potential impact to your business. As innovative companies lean into digital transformation, they’re increasingly leveraging third parties to host new infrastructure, improve customer experiences, and fuel digital-native products. So as our reliance on third parties grows, we have to ask ourselves how our risk management can work better, smarter, and faster.


Third-party risk management has traditionally been limited to questionnaires. These assessments remain important today, but they leave several gaps in effective risk management. First, they only tell you the risk at the "point in time" the assessment is conducted. Second, they only tell you what the third party knows and wants you to hear. They do nothing to illuminate security gaps that a vendor isn’t aware of. They tell you which controls are in place, but leave you with no assurance that those controls are operating effectively. And lastly, they’re just downright time-consuming for everyone involved, from respondents to reviewers. In a world where third parties are critical to bringing new products to market, that means hindering the pace of progress for the entire business.  


So how can we do risk better? The key is to maximize efficiency and minimize risk. Doing that means focusing on protecting value at risk. This requires having context for what matters to the business and where the value lies. But it’s not enough to just identify risk. Effective risk management also requires action.


That’s why we’re so excited to announce the new RSA Archer Third Party Security Risk Monitoring use case. While questionnaires and risk rating services alone only provide a partial view of risk, RSA Archer now enables you to build the complete picture. This new RSA Archer use case brings together business context, technical valuation powered by machine learning, objective verification of operating effectiveness, and actionable workflow to provide the most efficient, effective approach to risk management.


With both questionnaire-based assessments and new continuous monitoring of a third party’s internet presence, you can focus on how risk is actually implemented and operated. Prioritizing actions based on inherent business risk, asset value, and known defficiencies keeps you focused on what matters most. RSA Archer’s powerful workflow engine then ensures that the most critical issues get triaged both internally and externally for immediate response. As part of the broader RSA Archer platform for integrated risk management (IRM), you can also maximize the business value of your risk management program by providing a single place to share third party risk dashboards with stakeholders from the first line of defense, compliance, business resiliency, information security, and more.


Interested in taking your third-party risk program to the next level? Join us on Wednesday, May 22, 2019 at 11:00 AM Eastern for our webinar, "Third Party Risk Management: Making Sense of Your Vendor Data." To sign up, register here. Learn more about the new RSA Archer Third Party Security Risk Monitoring use case and be sure to join us for a Free Friday Tech Huddle on June 14, 2019.

Filter Blog

By date: By tag: