Skip navigation
All Places > Products > RSA Archer Suite > Blog
1 2 3 Previous Next

RSA Archer Suite

438 posts

With today's launch of RSA Exchange Release R11, we're excited to share new offerings to enable you to expand your IT & Security Risk Management processes. It's important to have a complete picture of technology and security-related risks in order to make decisions. What's more, the alignment of security policies and regulatory and business requirements is critical for success.

 

One of our new offerings, the RSA Archer IoT Project Readiness app-pack, enables organizations to prioritize their IoT projects around business goals and needs.  Our partner, NTT, has created the NTT ISMS Controls Assessment app-pack to help with the challenges that organizations face when setting up an Information Security Management System (ISMS).

 

We're excited about our partner integrations like the AWS IAM Access Analyzer which will provide a consolidated view of unauthorized access findings from multiple AWS accounts, prioritize and take action on critical devices, save time analyzing resource policies for public or cross-account accessibility, and continuously monitor and refine permissions. Our new Cysiv Command Integration provides an ongoing management of incidents and security posture using RSA Archer, while allowing Cysiv to provide SOC-as-a-service and SIEM-as-a-service. The Panaseer integration computes metrics that measure control deployment and control performance. Our Rapid7 Nexpose integration enables organizations to catalog network devices discovered on the network. Finally, the ThreatWatch integration enables organization to access near real-time vulnerability intelligence along with continuous impact assessment of organizational assets.

 

We're also introducing a wide range of content that provides best-practice policies, control standards, legal and regulatory requirements, industry standards, and assessments such as the CCPA Regulation that was passed in June 2018 and went into effect on January 2020.

 

To learn more about each of these new and updated offerings, start by reviewing the Product Advisory. Also, please join me on Friday, February 21 for a Free Friday Tech Huddle for an overview of the RSA Exchange Release R11 offerings.

 

And last, but not least, there is a wealth of documentation, downloads, and more on the RSA Exchange on RSA Link.  I recommend that you bookmark the listing of all RSA Exchange offerings. And if you have new ideas for the RSA Exchange, please submit them on RSA Ideas

Compliance teams within different organizations, spread across industry verticals, work towards achieving regulatory requirements through different regulatory compliance, control assurance and monitoring programs.  A large part of the compliance team’s responsibility is managing and responding to regulatory interactions such as information, investigation and inspection requests, as well as documenting meeting notes, outcomes, correspondence, and formal orders.

 

The complexity of responding to regulators and tracking those responses creates challenges for compliance teams due to the number of regulators requesting information, internal review and governance processes, linkages to regulatory change processes, and impacts to other compliance and risk areas.

 

The HCL Regulatory Interactions Management app-pack was introduced as part of RSA Exchange Release R10 to help organizations streamline the complexity of interactions with regulatory bodies. 

 

It enables organizations to efficiently maintain a repository of regulatory requests along with associated responses to ensure organizational readiness in meeting underlying compliance requirements through other linked assurance processes.

 

With the HCL Regulatory Interactions Management
app-pack, RSA Archer customers can:

 

  • Register regulatory interactions, identify internal respondents, and track responses to closure
  • Consolidate responses and track supporting evidence
  • Track approvals for external communication readiness
  • Trigger regulatory reviews, policy change requests, findings, associated actions and impacted risks and controls
  • Streamline interactions with regulatory bodies
  • Efficiently maintain a repository of requests and associated responses
  • Ensure organizational readiness in meeting underlying compliance requirements

 

 

ADDRESSING HCL CUSTOMER’S NEEDS

HCL Technologies recently worked with a U.S.-based multinational finance and insurance corporation to assess their needs for responses to regulatory requests and an effective mechanism for collaboration with internal stakeholders. With a global presence in more than 75 countries and jurisdictions, the customer needed to address many complex regulatory challenges, including:

 

  • Managing interactions with a diverse set of regulators for various counties and jurisdictions
  • No central system and/or repository for these interactions and communications
  • Significant human effort required to manage and respond to interactions with regulators
  • Lack of understanding of the organizational impact of regulator interactions on policies, business processes, and product or services


HCL carried out a detailed analysis on the customer environment, including current processes for regulatory interactions and use of regulatory change management functionality within their RSA Archer implementation. Post review, HCL created a solution blueprint by proposing an on-demand application (ODA) built on top of the customer’s existing RSA Archer instance.
Based on this solution blueprint, HCL developed the HCL Regulatory Interactions Management app-pack to help streamline the process of managing the customer’s interactions with regulatory bodies.

 

HCL did a phased rollout of the app-pack to all business units and locations for the customer. In doing so, the HCL Regulatory Interactions Management app-pack enabled the customer to:

 

  • Streamline the process of managing interactions with regulatory bodies
  • Enable faster response to regulatory communications
  • Reduce efforts to manage regulatory interactions by 30%
  • Efficiently maintain a repository of requests and associated responses
  • Ensure organizational readiness for meeting underlying compliance requirements
  • Create a comprehensive repository of global interactions and communications to share knowledge with different business functions and locations

 

Interested in learning more about the HCL Regulatory Interactions Management app-pack? Register and join us for a Free Friday Tech Huddle on Friday, January 31, for a live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at www.rsa.com.

 

About the author(s):

Deepak Arora
Senior Manager – HCL Technologies

Deepak is a seasoned GRC professional with industry experience of over ten years across different industry verticals including Financial Services, Telecommunications, Manufacturing and Retail. He is responsible for providing GRC technology advisory, blueprinting, and implementation services at HCL spanning across areas like Enterprise & Operational Risk, IT Compliance, Internal Audit, Business Continuity and Information Security and has been associated in driving various GRC Transformation programs for many esteemed organizations in the United States and Europe.

 

Gloria Higley

Product Manager - RSA 

Gloria is a Product Manager focused on providing useful and relevant product offerings for customers and partners with the RSA Exchange for RSA Archer. Offered online through RSA Link, the RSA Exchange provides access to pre-built App-Packs, RSA Ready-certified Integrations, and Tools & Utilities that complement and enhance out-of-the-box capabilities of RSA Archer use cases. 

 

Wow, 2019 sure was a great year for RSA Archer customers and the RSA Archer Suite.  It’s mind-blowing to realize how many incredible improvements and new offerings the RSA Archer Engineering and Product Management teams delivered in just 12 months. As we dive into 2020, I thought a look back would be a great way to reflect on everything that we accomplished in 2019 and set the stage for great things to come in 2020.

 

2019 was a busy year for RSA Archer teams, delivering several releases throughout the year, including new and enhanced use cases, improvements to the performance, scalability, and usability of the RSA Archer Platform, and of course, the new RSA Archer SaaS offering. We also continued to develop our solution ecosystem with the continued addition of RSA Exchange offerings each quarter.

 

In March, we introduced the new RSA Archer Third Party Security Risk Monitoring use case, which provides organizations visibility, insight, and actionable intelligence into their third and fourth-party IT risk environments.  This new SaaS-based use case discovers and analyzes each third party’s IT footprint using artificial intelligence to automatically measure the value of each asset. This enables analysts to quickly identify each vendor’s specific systems that pose the greatest risk, based on vulnerability severity and asset criticality. Third Party Security Risk Monitoring is available for SaaS, hosted, and on-premise implementations of RSA Archer.

 

In May, we launched RSA Archer Release 6.6.  This release marked the kickoff of our efforts to make marked improvements to the RSA Archer user experience. These improvements focused on reporting, workflow, and new search capabilities. We also introduced RSA Archer Enterprise Catalog, a new package that aggregates frequently-updated shared applications across multiple use cases to simplify the update process. In addition, updates to the RSA Archer Key Indicator Management use case leverage the new Advanced Workflow rules-based enrollment capability. This allows metrics to be automatically enrolled into a workflow for review when they reach a particular date or threshold.

 

In September, we introduced the new RSA Archer Regulatory Content Analysis use case. This SaaS-based use case enables compliance analysts to more quickly and efficiently focus on specific areas of regulations that impact the business. It incorporates patent-pending technology and utilizes natural language processing and machine learning to analyze how an organization maps existing regulations to controls. RSA Archer Regulatory Content Analysis is available for SaaS, hosted, and on-premise implementations of RSA Archer.

 

In October, we launched RSA Archer Release 6.7, delivering even more enhancements to modernize and simplify the user experience with RSA Archer Suite, in support of the growing importance of a cohesive view of risk and compliance at all levels of an organization. This release is the next step in the user experience evolution, providing cleaner, easier-to-use dashboards, and more direct, intuitive navigation. Release 6.7 provides a number of updates for reporting, including enhanced charting for added graphical context, and administration updates for improved functionality. The release also includes updates for RSA Archer Public Sector Solutions, RSA Archer Enterprise & Operational Risk Management, RSA Archer IT & Security Risk Management, and RSA Archer Third Party Governance use cases.

In November, we were very excited to announce the availability of our new RSA Archer SaaS offering. RSA Archer customers now have the option to leverage the flexibility, availability, and scalability of the cloud, coupled with the depth and breadth of the RSA Archer Suite, to comprehensively and proactively manage risk. Our SaaS offering enables us to support the changing needs of our customers with greater choice for their implementation of RSA Archer, while continuing to drive innovation in the market.

 

On a quarterly basis throughout 2019, we introduced new and updated offerings on the RSA Exchange for RSA Archer, including 11 App-Packs, 5 Tools & Utilities, 30 Integrations, and over 23 new and updated content packages. RSA Exchange continues to add new offerings that provide best practices and complement out-of-the-box RSA Archer capabilities.

 

On the heels of everything we delivered in 2019, 2020 is set to be another exciting year for RSA Archer.

 

Be sure to mark your calendars for RSA Conference 2020 Feb. 24-28 in San Francisco, California and RSA Charge 2020, Oct. 5-8 in sunny Orlando, Florida. Both of these events are great opportunities to learn more about exciting new RSA Archer solutions and network with your peers and industry experts.

 

So here’s to a fantastic 2019 and looking forward to all the great things to come in 2020!

In Deloitte’s 2019 Extended Enterprise Risk Management global survey, 83% of respondents reported experiencing a third-party incident within the past three years, with 11% reporting they had experienced a third-party incident that severely impacted their customer service, financial position, reputation, or regulatory compliance.

 

In the 2019 Gartner Magic Quadrant for IT Vendor Risk Management Tools report, Gartner states: “Through 2022, more than 5% of publicly traded companies will see a decrease in market capitalization as a result of mismanaged or unmanaged vendor risks.”

 

It is with these sobering statistics in mind that we are proud to announce that RSA has again been positioned as a Leader in the 2019 Gartner Magic Quadrant for IT Vendor Risk Management Tools. Published on Nov. 25, the report evaluates and positions  ITVRM software vendors on their ability to execute and their completeness of vision.

 

2019 Gartner Magic Quadrant for IT Vendor Risk Managemnt

We’d like to sincerely thank our customers who participate in analyst evaluations, including Gartner's ITVRM assessment this year.  We know you are very busy, but your feedback is invaluable in helping to inform others of your experience with the RSA Archer Suite.

 

Interested in learning more about RSA Archer Third Party Governance? Please contact RSA and download the MQ report for IT Vendor Risk Management Tools.

 

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Dell (RSA).  Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

 

Gartner Magic Quadrant for IT Vendor Risk Management Tools, 25 November 2019, Christopher Ambrose, Joanne Spencer

 

*Appeared as EMC (RSA) in Magic Quadrant for IT Vendor Risk Management, 2014, 2016.  Appeared as RSA in Magic Quadrant for IT Vendor Risk Management, 2017.

 

Today RSA announced it has completed an integration with Amazon Web Services (AWS) that will enable resource-based policy event information from AWS Identity and Access Management (IAM) Access Analyzer to be integrated into RSA Archer to better manage cloud resource access policy risks.

 

IAM Access Analyzer, which is launching at AWS Re:Invent 2019, is aimed at addressing a significant security challenge associated with cloud deployments, specifically the decentralized way in which resource-based policies are managed.  Prior to the launch of IAM Access Analyzer policies for Amazon Simple Storage Service (Amazon S3) buckets, AWS Key Management Service (KMS) Keys, AWS Lambda, Amazon SQS Queues, and IAM roles had to each be independently configured.  This required customers to manually monitor each resource for policy changes that allow access to users outside of the customer’s account.  The IAM Access Analyzer offering provides customers centralized visibility of resource-based policy changes, generated as findings when a resource is shared with a principal that is outside of the customer’s account.

 

IAM Access Analyzer capabilities have additional power to help manage cloud resource access risk when integrated into RSA Archer. To fully contain risks associated with resources sharing with outside accounts, organizations need to have visibility into their cloud resources, with business context, to quickly assess the IAM Access Analyzer findings to determine its actual risk to the business.  An RSA Archer integration with IAM Access Analyzer provides organizations with the necessary business context to understand the cloud resources role, business criticality, and state of compliance to help security and risk practitioners make risk-based decisions on how to address the IAM Access Analyzer finding. Out of the box dashboards and workflows within RSA Archer help customers in prioritizing and managing the risks of the IAM Access Analyzer findings.

 

We are excited to further extend the relationship with AWS, in an area that directly addresses managing one of the most common digital risks facing organizations today, specifically cloud transformation risk. This additional integration extends the ability for RSA customers to extend the value of managing security and risk around critical workloads in the cloud.

 

For current RSA Archer customers interested in taking advantage of this new capability, integration with IAM Access Analyzer can be built to bring findings and associated cloud resource information into the "Potential Unauthorized Activity" and "Cloud Assets and Services" on-demand applications (ODAs) currently available as a beta version and coming soon to RSA Exchange. These results can then be paired with the Asset Criticality, Risk and Business Context in RSA Archer IT Security Risk Management use cases. This context will help the customers in prioritizing and managing the findings to take quicker action.

 

RSA Archer customers interested in leveraging this new integration, you can learn more at the following link: https://aws.amazon.com/iam/features/analyze-access

What is DevSecOps and why is it so important? With the transformation to a DevOps model, companies need a way to introduce security into the picture. It’s not just about development and operations anymore. In the past, security was addressed in the final stages of development. In doing so, it became a bottleneck in the process stretching out the development cycle much longer than needed. With a DevOps model, companies are developing much more rapidly and have more frequent development cycles, and incorporating security early and frequently. Security is no longer an afterthought.

 

IT and security teams require tools to help document and track the security of products and remediation. On Nov. 19, we introduced the RSA Archer Product Security Development Assessment app-pack, our first RSA Exchange offering for the journey of DevSecOps. With IT Security Risk Managers and Product Security teams as its primary audience, this app-pack provides a consistent and repeatable process to identify security concerns early in the DevOps process and minimize the impacts of security risks prior to deployment.

 

RSA Archer Product Security Development Assessment allows you to:

  • Document product initiatives during the development lifecycle
  • Manage and track threat model information
  • Identify risks and mitigation strategies associated with security concerns during threat modeling
  • Track results and approvals for security testing and third-party libraries

 

Interested in learning more about the RSA Archer Product Security Development Assessment app-pack? Join us for a Free Friday Tech Huddle on Friday, Nov. 22 for a live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at www.rsa.com.

 

RSA Archer Product Security Development Assessment

Initiative Leader Dashboard

 

RSA Archer Product Security Development Assessment

Security Manager Dashboard

With today's launch of RSA Exchange Release R10, we are excited to share new offerings to help you navigate an integrated risk management (IRM) journey that's right for you.  In this release, the RSA Exchange is starting the journey into DevSecOps with the introduction of the RSA Archer Product Security Development Assessment app-pack. While it's important to put security into the design of your offerings, it's also important to track the risks that are identified in security testing to ensure the appropriate mitigation plans are in place and implemented. We would appreciate your feedback on this first offering in DevSecOps to help guide us with future offerings to support your journey.

 

RSA Exchange Release R10 also introduces a new offering from our partner HCL, which is designed to manage regulatory interactions. In addition, we have three integrations for asset discovery and updates to existing tools & utilities and content.

 

Here is a full list of the new and updated offerings available in Release R10:

 

 

  • Tools & Utilities – pre-built functions enabling administrators to more easily manage RSA Archer implementations

 

 

 

To learn more about each of these new and updated offerings, start by reviewing the Product Advisory. Also, please join me on Friday, November 22 for a Free Friday Tech Huddle for an overview of the RSA Exchange Release R10 offerings and a brief demo of the RSA Archer Product Security Development Assessment app-pack.

 

And last, but not least, there is a wealth of documentation, downloads, and more on the RSA Exchange on RSA Link.  I recommend that you bookmark the listing of all RSA Exchange offerings. And if you have new ideas for the RSA Exchange, please submit them on RSA Ideas

For a long time, we have received your feedback, “RSA Archer provides a fantastic set of features, but if only it had equally compelling User Interface…”

 

Well, the wait is over! With RSA Archer v6.7, we just delivered the first batch of many of the UI improvements we have planned for delivery in upcoming releases. We are excited about how new UI appearance and user interaction has turned out. And we want you to be equally excited, when you get to try it out!

 

So, what has improved?

 

Global Header, Navigation Menu and Environment Bar

We have replaced complex, monolithic, counterintuitive, access all-features-at-once Mega Menu with modern, responsive and easy to navigate Global Header and Navigation Menu. The simple yet efficient navigation will speed up the learning curve for new users and eliminate the fatigue of experienced users having to click through many places for frequent, repetitive activities. 

 

Re-organization of frequently used features that existed in Mega Menu plus addition of other frequently used features  such as Type ahead global search, recent activities, assigned tasks, Back office (administration) pages, contextual search, User Preferences, Home page, Workspaces, Flexible Workspace Management control as well as Master report list greatly improves ease of access from anywhere in RSA Archer with a single click.

 

In addition, ability to customize the background and text of the new Environment bar (located above the Global Header) will help you easily identify the environment you are working on and eliminate the mistakes of doing edits in the wrong environment.

 

Global Header and Nav Menu

 

Landing page iView for first line of Defense user

While we love RSA Archer for what it has to offer, navigating RSA Archer for a new user was a daunting experience. To tackle the problem, we have added a new "Landing page iView" type so that you can create a default landing page with links to frequently used features for the first line of defense users. You will also have opportunity to improve/customize the appearance with choice of adding an image as background to the iView.

 

First Line of Defense User Landing Page

 

Appearance and Record page updates

We have modified the appearance of the User Interface. Rather than you trying to set primary and secondary options and hope for color algorithm to churn out the right color combination (which rarely happened), now you have direct control over selecting the colors of your choice and modifying the appearance.

 

The User Interface uses the system defined neutral, high-contrast color scheme to display the content while allowing you to control the color selection for prominent locations in UI such as Nav Menu, Footer and Environment bar as well as the branding logo in Global Header and the background image in Landing page iView. For more insight on this topic, please visit our other blog.

 

We also updated the Record page header to give it a modern, clean appearance and improve visibility to frequently used functions. For the records associated with application that uses the Advance Workflow (AWF), the record header also optionally displays a progress tracker aka Workflow tracker.

 

 

Dashboard and iView improvements

Along with other UI changes, we also made number of changes to Dashboard and iView such as the layout of components, color, font size, padding and other related modifications including addition of Quicklink bar.

 

Dashboard and iViews improvements

 

For the demo and better insight to the Global Header, Navigation Menu, Record page header, Appearance, First line of defense landing page, Dashboard and iView improvements, please attend this week’s Free Friday Tech Huddle . We look forward to your attendance!

You’ve given us your input and shared your feedback on features and functionality. You’ve seen updates in customer product roadmap sessions. You’ve seen exciting sneak peeks at RSA Charge 2019. And today, it’s here – RSA Archer Release 6.7 is now available!

 

RSA Archer Release 6.7 delivers enhancements designed to modernize and simplify the user experience with the RSA Archer Suite, in support of the growing importance of a cohesive view of risk and compliance at all levels of an organization. This release is the next step in the evolution of the RSA Archer user experience, with cleaner, easier-to-use dashboards and more direct, intuitive navigation.

 

Updates in Release 6.7 provide improved usability and easier accessibility to key data. Improvements to the user interface allow business users to more quickly access the data they need and more easily interpret the data. Dashboard updates enable easier navigation, with a new Quick Links bar and links to frequently accessed user actions and dashboard options that remain at the top of the page when scrolling. A new “first line of defense” iView provides business users with a clean, simple dashboard and clear access to common tasks and reports. Reporting enhancements in Release 6.7 provide added graphical context for key data, more interactive functionality, and more chart type options.

 

RSA Archer Release 6.7 dashboard

 

For RSA Archer administrators, this release includes a number of updates to extend functionality and performance, including updates to the Data Gateway feature of the RSA Archer Platform. Introduced in Release 6.4, the Data Gateway allows organizations with large data sets in external systems to connect to RSA Archer. In Release 6.7, updates enable administrators to configure the Data Gateway without the need for professional services. The Data Gateway RESTful API provides commands to add, update, and delete Data Gateway connections, content mapping, and field mapping, and new documentation provides instruction for coding a Data Gateway connector. Other new administration features in Release 6.7 include automated deployment of packaging, secure connection for FTP data feeds, proxy bypass, and much more.

 

In addition to enhancements to the RSA Archer Platform, Release 6.7 includes updates for a number of RSA Archer use cases for Public Sector, Enterprise & Operational Risk Management, IT & Security Risk Management, and Third Party Governance.

 

To learn more about RSA Archer Release 6.7, please review details in the Product Advisory. RSA Archer customers are invited to join us for a Free Friday Tech Huddle on Nov. 1 (pre-registration is required). We'll have more Free Friday Tech Huddles over the next few months to take deeper dives into Release 6.7 features. You can also check out Release 6.7 documentation available on the RSA Archer Release 6.7 subspace on RSA Link.

One of the biggest commitments we at RSA make to our customers is to provide best-in-class security products that help manage digital risk.  Our goal is to do so with maximum reliability while also requiring minimum effort on your part.  However, we know, that even best-in-class products occasionally need help to install, use, and maintain them.  While we are continuously focused on improving our support services to ensure that every interaction you, our customers, have with us is positive and quick, we realize that even the best support interaction still requires time and effort on your part.  And what’s more valuable than time?

 

With that in mind, today I am happy to officially launch our Engineering Request dashboard within the RSA Case Management portal, which will allow you to monitor progress of Engineering Requests (ER) opened on your behalf*.  Not only will you be able to see progress of your ER’s, but you will be able to do so on your own, without the need to call support for an update. 

 

To access this information, navigate to the RSA Case Management portal by clicking on My Cases in the main menu on RSA Link.    Clicking on the Engineering Requests tab will display Engineering requests that have been opened on your behalf (linked to your support cases) since January 1, 2018.  For each of these, you will be able to see its Status to know when the issue has been addressed, and if a fix is included in a release, you’ll see the release number as well.

  

Click to enlarge

 

This is just another small improvement to your support experience.  Stay tuned for the more exciting upcoming changes.

 

In the meantime, if you have any feedback on this enhancement or other ideas to continue to improve your experience, please share! 

 

* This functionality is currently only available for the RSA Archer Suite and the RSA NetWitness Platform. Additionally, you will only be able to monitor Engineering Requests that were opened directly on your behalf and are not security issues that could have sensitive information.  We will encourage you to utilize the RSA Ideas portal to manage and monitor Enhancement requests.

RSA is pleased to announce that – once again -- Dell Technologies (RSA) has been named a Leader in the 2019 Gartner Magic Quadrant (MQ) for Business Continuity Management Program (BCMP) Solutions!

 

This comes on the heels of Leader designations for Dell Technologies (RSA) in the 2019 Gartner Magic Quadrant for Integrated Risk Management Solutions and the 2019 Gartner Magic Quadrant for IT Risk Management Solutions – making RSA the only vendor to be positioned as a Leader in all three of these Magic Quadrants!

 

RSA Named A Leader in 2019 Gartner Magic Quadrant for Business Continuity Management Program Solutions, Worldwide

 

In the BCMP Magic Quadrant report, Gartner states that “organizations need a consistent and repeatable process for all aspects of BCMP development and execution. With the growing focus on resilience in day-to-day business operations — rather than on out-of-band response and recovery activities only — BCMPs need to demonstrate maturity, status and effectiveness on an ongoing basis, not just once a year.” RSA Archer use cases for Business Resiliency bring together incident response; business impact analysis; recovery planning, testing and activation; and crisis management – all critical components of a program positioned to build resiliency throughout the organization.

 

Gartner also states that “the critical capabilities of BCMP solutions center on providing business leaders with a more effective means of evaluating operational risks and business impacts, as well as planning for, responding to, recovering from and restoring after a business disruption.” The RSA Archer Business Resiliency solution integrates with operational risk management, security and third-party risk use cases to dramatically improve coordination, alignment, and visibility across these often-separate functions.

 

Finally, Gartner defines “optimal BCMP solutions as holistic, addressing the following critical capabilities: ease of use and configuration; dashboarding and reporting; and BCM tool integration.” RSA Archer offers out-of-the box capabilities that are highly configurable, along with best-in-class dashboarding and reporting. The RSA Archer Business Continuity & IT Disaster Recovery Planning and RSA Archer Crisis Management use cases are integrated with emergency mass notification and mobile partners, to put RSA Archer in the hands of people on the move during a disaster.

 

We sincerely thank our customers for sharing their valuable insights and experiences working with RSA Archer Suite with Gartner. Our community of active and enthusiastic users continue to be a driving force behind what we do, and we thank you.

 

 

 

Figure 1. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Dell RSA.

 

*Gartner, Magic Quadrant for Business Continuity Management Program Solutions, David Gregory, Roberta Witty, 12 September 2019

 

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Understanding how new regulations and standards impact your business is critical in order to reduce the risk of regulatory fines and ensure compliance of your organization. Unfortunately, the process is typically tedious, time consuming, and varies wildly depending on available resources.

 

When a new regulation is introduced, an analyst must read the new regulation and use past experience and knowledge of the organization’s internal controls and how they map to similar regulations to map controls to the requirements. In other words, this takes a lot of organizational knowledge and expertise to be done well -- and even then, it’s a spreadsheet exercise that’s a lot of copying and pasting.  While the analyst will get better at this task over time, their knowledge is lost when they move on from this position and new personnel will essentially be starting over.

 

If this were just an occasional task, this approach might be ok. But the regulatory burden for organizations has continued to grow at an increased pace over the past 20 years. Additionally, companies are making changes in their business -- geographical expansion, the addition of new kinds of business, or a digital transformation -- that open them up to new regulatory burdens..


To make this process more efficient and accurate, RSA has introduced the RSA Archer Regulatory Content Analysis use case. Utilizing machine learning and Natural Language Processing (NLP), Regulatory Content Analysis provides analysis of how you have demonstrated compliance with previous regulations by looking at the Controls in place for the requirements defined in them. Utilizing this library of information, the Regulatory Content Analysis algorithm provides you with personalized regulatory analysis, suggesting control matches for the new regulation. It also shows you analogous requirements from existing regulations to help analysts understand the similarities. All of this information is displayed in an intuitive interface that assists analysts through mapping and makes the entire process more efficient and more consistent.

 

RSA Archer Regulatory Content Analysis provides:

  • Automatically suggested controls for new regulations based on your compliance program
  • Natural language processing and machine learning to process and analyze text-based regulations
  • Highlights of similar new and existing regulations for analyst reference
  • Manually matching of content utilizing advanced search and mapping features

 

The RSA Archer Regulatory Content Analysis use case can be utilized with the RSA Archer Policy Program Management use case to demonstrate the effectiveness of the organizational controls you have in place. This combination delivers a complete solution for managing your compliance to the broad and changing landscape of regulations applicable to your organization.

Interested in learning more about RSA Archer Regulatory Content Analysis? Join us for a Free Friday Tech Huddle on Friday, September 27 for a live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at www.rsa.com.

Complaints are inevitable for any organization.  Complaints management is required by various regulations and standards, including the Office of the Comptroller of the Currency (OCC) in the United States and the Office of the Superintendent of Financial Institutions (OSFI) in Canada, just to name a couple.  If not managed correctly, tracking complaints can be difficult and not resolved in a timely manner, which can result in risk to your organization.  Some of these risks include reputational damage or financial impacts to your organization.  Regulations and standards require organizations to adhere to their guidelines on how to handle the complaints, deal with them in a timely manner and report that information back to the governing body.  

 

On August 20th, the RSA Exchange introduced a new offering to help you minimize the risk of impact from complaints, internal and external to your organization.  With the RSA Archer Complaints Tracking app-pack, you can have a consistent and repeatable process for tracking and managing complaints so you can minimize dissatisfaction from employees and customers while ensuring compliance with regulatory requirements in regards to how complaints are handled and how long it takes to resolve the complaints.  

 

RSA Archer Complaints Tracking allows you to:

  • Document complaints internal and external to the organization
  • Conduct an Investigation to determine impacts to the organization
  • Document findings and determine a course of action for resolution
  • Monitor complaint resolution and satisfaction
  • Report complaints for regulatory requirements

 

In addition, the RSA Archer Complaints Tracking app-pack can be utilized with the RSA Archer Speak Up app-pack to allow the ability to submit complaints anonymously to support whistle blower regulatory requirements.  To learn more about the RSA Archer Speak Up app-pack, please visit RSA Archer Speak Up on the RSA Exchange. 

 

Interested in learning more about the RSA Archer Complaints Tracking app-pack? Join us for a Free Friday Tech Huddle on Friday, August 23, for a live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at www.rsa.com.

 

RSA Archer Complaints Tracking

Complaint Owner Dashboard

Conflicts of interest exist in the commercial world and cannot be avoided.  Every organization conducts business with another organization or individuals.  We must understand and identify conflicts of interest and the importance of managing those conflicts of interest.  Conflicts of interest arise when an individual or organization has a competing obligation, personal or financial interest, with the individual or organization in which they are conducting business with.  Examples of relational private or personal interests include, but are not limited to, family and other relatives and personal relationships in the workplace, board or industry association memberships, investments and shareholders, secondary employment, personal relationships with suppliers, third parties, and vendors.  In addition, monetary conflicts of interest include gifts and hospitality, which are not addressed with this offering.  However, it is addressed using the RSA Archer Gift Registration app-pack.  For more information on how to manage conflicts of interest regarding gifts, entertainment, and charitable donations, visit RSA Archer Gift Registration on the RSA Exchange.  

 

Failure to manage conflicts of interest can have negative consequences for your organization.  If these conflicts of interest are not identified and mitigated properly, it could put your organization at risk which could result in reputational damage, non-compliance with regulatory requirements, and even, financial loss.

 

On August 20th, the RSA Exchange introduced a new offering to help you address conflicts of interest in your organization.  With the RSA Archer Conflicts of Interest Management app-pack, you can have a consistent and repeatable process for identifying and managing relationships internal and external to the organization while understanding the risks that may occur from those relationships and be able to mitigate and prioritize those risks.

 

RSA Archer Conflict of Interest Management allows you to:

  • Create a Conflict of Interest Profile identifying conflicts of interest within the organization
  • Conduct an Assessment to determine risks and impacts regarding conflicts of interest
  • Document findings and determine a course of action to remediate conflicts of interest
  • Monitor conflicts of interest to minimize risks

 

Interested in learning more about the RSA Archer Conflict of Interest Management app-pack? Join us for a Free Friday Tech Huddle on Friday, August 23, for a live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at www.rsa.com.

 

RSA Archer Conflicts of Interest Management

Conflict of Interest Owner Dashboard

Today, we’re pleased to announce availability of the RSA Exchange Release R9. Today also marks the 2nd anniversary for the RSA Exchange.  Let’s recap:

  • 2 years
  • 9 releases
  • 215+ offerings
  • 11 RSA Exchange Technology Partner offerings
  • 20 app-packs
  • 9 tools & utilities
  • 66 integrations
  • 120+ content offerings

The RSA Exchange is seeing amazing momentum, increasing our offering count with a release every quarter! We're so excited to share new app-packs, integrations, content, and much more to help you expand your journey with Integrated Risk Management (IRM).  

 

The RSA Exchange Release R9 continues to expand on our last release by adding another use case to support conflicts of interest.  In the RSA Exchange Release R8, we launched an offering to manage gifts, entertainment expenses, and charitable donations.  With this release, we expanded the conflicts of interest use case by developing an offering to manage conflicts of interest as it pertains to relationships internal and external to the organization.  In addition, we added another offering to manage complaints internal and external to the organization, while supporting whistle blower capabilities using the previously released RSA Archer Speak Up offering.

 

We have made lots of updates to existing content and integrations while continuing to add new content and integrations.  We previously released an integration with RiskRecon to help you monitor third party security risks within your organization.  With the RSA Exchange R9 release, you can now monitor your own company with the RiskRecon Own Enterprise Risk Monitoring integration.

 

Here is a full list of the new and updated offerings available in Release R9.

 

 

 

 

 

To learn more about what Release R9 has to offer, start by reviewing the product advisory to learn a bit more about each of the new and updated offerings.  Don't forget to check out our Free Friday Tech Huddle on Friday, August 23 for an overview of the RSA Exchange Release R9 offerings. I'll be providing a demonstration of the new RSA Archer Complaints Tracking and RSA Archer Conflict of Interest Management app-packs.

 

Lastly, there is a wealth of documentation, downloads, and more on the RSA Exchange on RSA Link.  I recommend that you bookmark the listing of all RSA Exchange offerings. And if you have new ideas for the RSA Exchange, please send them our way on RSA Ideas!  Also, don't forget to visit us at RSA Charge at the RSA Exchange booth to learn more about all our offerings to date! 

Filter Blog

By date: By tag: