Skip navigation
All Places > Products > RSA Archer Suite > Blog
1 2 3 4 5 Previous Next

RSA Archer Suite

422 posts

What is crisis management?

Crisis management is preparing for and handling larger and more complicated disruptive events from start to finish. Crisis management is aligned with business continuity and disaster recovery planning and execution, allowing organizations to respond holistically in crisis situations to protect and resume ongoing operations and infrastructure.

Why is effective crisis management important?

According to a 2018 Deloitte study, Nearly 60 percent of respondents (of more than 500 crisis management executives) believe that organizations face more crises today than they did 10 years ago. Further, 80 percent of their organizations had to mobilize their crisis management teams at least once in the past two years. It's a sobering statistic which leads to an obvious conclusion that crisis management shouldn’t start with a crisis because at that point it is probably already too late. 


Effective crisis management entails preparing for different types of crisis events that could likely occur, as well as adequately managing the event when it happens. Much goes into being ready for a crisis event, in fact 99% of the work happens before a crisis event ever occurs. For example, organizations must identify what types of events could occur (natural and man-made disaster), what could go wrong, and which areas of the organization could be impacted. Crisis plans must be coordinated with recovery plans for areas of the business or IT that could be disrupted. Testing must be performed to see how crisis and recovery plans stand up under different potential scenarios.


Crisis management is also important because most organizations have separate teams that manage their business continuity (BC), IT disaster recovery (DR) and crisis functions yet they all need to work seamlessly together. Resiliency means “bend but don’t break”, and it entails evolving into an organization that is naturally able to adapt to adverse conditions, make midcourse corrections and elude the negative impacts of a disruption. When you consider the increasing challenges in today’s complex, global organizations, alignment between these separate groups becomes more imperative to build resiliency across the business. Now more than ever, these teams must work closely to help their organizations become more resilient and minimize the impact of any disruption to their reputation, finances, legal status, employees and customers.

RSA Archer Crisis Management

The RSA Archer Crisis Management use case addresses the problems outlined above through key features that include:

  • Workflow, notifications and reporting that are integrated across BC, IT DR and crisis teams so they can better manage crisis events from start to finish
  • Centralized contact and notification capabilities that can be used for communicating with key constituents before and during a crisis event
  • A lessons-learned assessment that helps these integrated teams evaluate where they can improve before the next event

With RSA Archer Crisis Management, you are able to:

  • Communicate more quickly and effectively, reducing lag time in assessing damage, determining safety of employees, and ascertaining status before, during and after the event
  • Reduce impacts of crisis events by being better prepared for them
  • Reduce downtime of critical business operations or IT systems disrupted by the crisis event by quickly activating BC/DR plans and better coordinating recovery
  • Better incorporate lessons learned from tests or real crisis events back into your plans and activities, which builds resiliency into the organization

RSA Archer Crisis Management is a critical element of Integrated Risk Management. As your company drives business growth with new initiatives, technology adoption or market expansion, it becomes even more susceptible to events that could disrupt your ongoing mission. Your crisis and resiliency programs must evolve and help manage risk with more agility and integration than ever before.  Managing the negative impacts of crisis events is a key ingredient to reducing risk. RSA Archer can help your organization manage multiple dimensions of risk on one configurable, integrated software platform. With RSA Archer solutions, organizations can efficiently implement risk management processes using industry standards and best practices and significantly improve their business risk management maturity.


For more information, visit or read the Datasheet.

My final theory of my Riskicist’s Guide for you to contemplate borrows from an interesting phenomenon in nature. Synchronization of seemingly random events in nature is not uncommon. Flocks of birds and schools of fish synchronize to ward off predators. Inanimate objects can even synchronize. The point is there is no one master object is necessary to give direction for these things to synchronize. In some cases it is instinct, some cases it is physics. But out of chaos comes order.

What does this have to do with the future of risk management?

Culture has a lot to do with risk management. In some respects, culture is one of most direct influences on how well your risk program works. Your program relies on people. And people have personalities. Just like we have dominant personality traits, every employee in your company has a risk personality and they display that personality in everyday life. Do they instinctively speed up when the stoplight is yellow or do they immediately go for the brake? Or do they take a split second to calculate? Do they play the lottery every week or is it only for suckers and a waste of money? Do they wait until the prize is big enough for them to wager?  These personality types vary across a company – and depending on the level of influence a person has within the organization – this risk personality affects the company’s culture. We have seen companies where risk taking – fueled by these personalities - has built empires or destroyed from within.

We need to contemplate the emerging views on what is risky and how that will affect our organization’s culture. We need to contemplate the expectation of the future workforce when it comes to managing risk through technology – and using technology to manage risk.

My last theory is: 

The forces of SYNCHRONICITY will affect your organization’s approach to risk management

MORE than any other force.

Your workforce - including the entry level risk analyst or security admin you hire in the future - is being built on digital natives – those not knowing a world without technology. Their RISK PERSONALITY will continue to change - and be different than many of the established cultural norms. As these new personalities enter your workforce, they will bring much potential. However, your culture will change and eventually your organization will synchronize to these new ways of thinking.

In a future digital world that will be based entirely on data, it will be the personalities of your organization that will be the difference between success and failure. These personalities may be difference between taking a risk that pays off – or missing an opportunity due to caution. For the risk management professional, we must anticipate that synchronization. More importantly, WE need to be ready to change with it and become open to controlled, risk taking. We must become comfortable with the uncomfortable.

So what does the future of risk management look like? As much as I would like it, I can’t see into the future. Even with these theories, it is difficult to know exactly what will come. We know amazing technological advances are coming our way. We know we will change how we think about risk. Your digital transformation will force new paradigms; your workforce will demand new approaches.

When it comes to what we, as a risk management community, need to think about going forward, we have some clear indicators. One thing I know is risk management will be all about speed. Risk management cannot be a hindrance in your organization moving forward. You are faced with a complex and fast-moving landscape that requires an evolution towards Integrated Risk Management. We can use a Cartesian space – horizontal and vertical integration through people, processes and technology - to guide us. We can prepare ourselves for the rapid changes in risk. We will need to factor time into our risk equations. We must also anticipate this synchronization factor.

Our industry is on an evolutionary path and sitting on the precipice of a new digital world.  RSA has been leading the pack in building technology solutions over the past 35 years and proud to be part of your journey. My final thought to leave you with is this…

The future is not in FRONT of you…

It is BUILT on you.

I know you are up for the challenge.


This blog series is based on my keynote from the RSA Archer Summit 2018.

What is Incident Management?

Incident management is tracking, treating and resolving incidents that are more common and operational in nature, ranging from cyber and physical events, to minor social media outbreaks or others. Incident management includes capturing the details of the incident, assessing the criticality and executing the appropriate response procedures.


Why is effective incident handling important?

Many organizations have developed incident response processes but they are often manual, ad hoc and dispersed, and incidents are managed using spreadsheets or homegrown solutions. As a result, there is usually no end-to-end process to effectively handle them uniformly. An effective incident management process should include prioritizing the incidents as they occur and letting that drive a measured response. Incidents should be categorized, teams assigned to manage them, status tracked, resolved, and post-event investigation performed where necessary. Additionally, reporting should be in place for internal teams and because of requirements to track fraud, cyber incidents, whistleblower and physical security threats mandated by regulations, including the Public Disclosure Act and the Sarbanes-Oxley Act.


Organizations are spending more time and resources than necessary to manage their incidents due to the lack of an effective process. More importantly, if not handled correctly or quickly, simple incidents can turn into crisis events that have the potential to interrupt business and cause serious harm to the organization’s people and operations, hinder compliance, damage reputations and so on. Organizations of all size and scope must have an incident management process that allows personnel to react quickly and effectively when events occur.


RSA Archer Incident Management

The RSA Archer Incident Management use case addresses the problems outlined above through key features that include:

  • Central repository for reporting all incidents and managing the entire incident lifecycle
  • Workflow and procedures to be implemented as incidents occur, categorized by incident type (denial of service, phishing attack, and more), team or other criteria
  • A fluid connection to crisis management teams and procedures for incidents that escalate into crises

With RSA Archer Incident Management, you will be able to:

  • Centralize all incident management into one tool, eliminating duplicative processes, tools, resources and costs
  • Control access to incident data to protect the integrity of confidential information
  • Link incidents to related findings and monitor related remediation efforts
  • Quickly view dashboards and reports to manage incidents and identify trends, similarities, and relationships


RSA Archer Incident Management is one element of Integrated Risk Management. As your company drives business growth with new initiatives, technology adoption or market expansion, new incident types could impact your organization, so you must evolve and manage them and associated risk with more agility and integration than before.  Managing incidents is one ingredient to reducing risk by acting quickly to control incidents before they become larger crises that potentially result in physical damage, financial loss, reputational damage or other negative impacts to the organization.


RSA Archer can help your organization manage multiple dimensions of risk on one configurable, integrated software platform. With RSA Archer solutions, organizations can efficiently implement risk management processes using industry standards and best practices and significantly improve their business risk management maturity.


For more information, visit or read the Datasheet.

In my last blog in my Riskicist’s Guide, I posed the Theory of Exponential Growth highlighting the rapid change of risk in today’s world and the need for automation. With automation we can gain better visibility. We then have much more data to drive insights and actions – BUT as things move faster we need to better understand WHEN to deal with an issue as well as how it impacts the business. This brings me to another aspect of my riskics – TIME.  The most constant, ever present variable in hyper risk management is TIME. In fact, time could be one of the most critical variables in the Digital Risk Management transformation.

For example, most data classification schemes are one-time affairs and answer What is the value of this piece of data today? However, the value of data – the currency of the digital transformation – can change over time. I wrote about this in a blog in 2014 entitled “The Data Classification Curve”. In a nutshell, the criticality, value or sensitivity of data depends on time – financial numbers go from extreme confidentiality to public knowledge overnight; the sensitivity of personal data hits a threshold as elements are combined or collected over time.

The point is risk associated with your business, like data sensitivity, goes up or down depending on time. When we apply that concept to our traditional definition of likelihood and impact, we clearly can see both are affected by time. The likelihood of an event may go up or down depending on the time of day. The impact of a financial system outage at the end of the quarter is different than the middle of the quarter.


This leads to my next theory:

Measurement of risk will REQUIRE an element of TIME.

Risk when approached with this concept of time becomes less of a dashboard more like a stock ticker. A loss exposure at one time could be $3M, another time $1M, another time $5M… it all depends on time. Going back to our traditional risk formula, risk still depends on likelihood and impact – but each must be considered in relation to time.


This concept could be applied to any gap identified during a risk or compliance process. It could also apply to prioritization of events and alerts. RSA’s experience gives us a leg up in helping risk management processes utilize time as an input. RSA Netwitness’ user behavior analytics and RSA’s Adaptive Authentication risk engine already uses this type of approach.

Time as an input to risk management processes in the digital era affects calculating risk exposure and driving action. A security incident may be more or less critical based on the time of the day. A Business Continuity plan may need to factor in the time of the month of a potential event. Not that you would leave an event to chance or ignore something based on this time element but the timing of events will need to factor into prioritization and measurement.

As risk management processes begin to become more and more data driven, fueled by the digital transformation of the business, there will be a need to tighten up the response to that data and prioritize based on the data. As insight into risks are produced, time will be a major input into what actions are needed, when they are needed and how to prioritize those actions. Risks will need to be prioritized not only on automated business context flowing in from different systems – but prioritized based on the time.


Join me for my last theory in my next blog as I wrap up my Riskicist's Guide to the Universe.

As I continue my Riskicist’s Guide to the Universe, my first theory regarding the future of risk management deals with change.

In very simple terms, the change of Risk in the past can be thought of as growing on a mainly linear scale as a function of the organizational size or complexity. In other words, a straight line. But there is more to it. Your company has market dynamics within your industry that force change. As your competitive pressures increase and your market changes, it affects your risk. The rate of risk change is therefore a function of your market, or F(x) = Y * x where Y is a measurement of your market volatility. If your market is changing rapidly, the coefficient is > 1. The line is steeper, the rate of risk is higher. If the market pressures are relatively slow than the rate of change is between 0 and 1. The line isn’t as steep – or risk is not expanding as fast. Don’t begin thinking these are actual mathematical models – this is a conceptual depiction – but the logic applies.

Prior to the digital revolution, this might have been an adequate way to graph a simple rate of change of risk. However, risk in the digital world doesn’t grow in this linear fashion. It grows at an exponential rate.


This leads to my first theory:

The GROWTH OF RISK will follow an exponential curve based the rate of change of your market taken to the power of your digital transformation.


In this conceptual model, Y is your market changes, Z is the rate of adoption of technology within your organization. The market pressures have been a constant force affecting industries. It is the Digital Transformation that can be a massive shift. As your business goes digital, it can represent an explosion of elements in your risk management framework. More systems, more data, more threats, more EVERYTHING. It is this exponential factor that fuels hyper growth and changes how we think of some of our fundamental needs in our risk program.

The main impact of this rapid risk growth I want to explore is the impact on understanding the business context around risk. Business Context is the relationship of any risk management framework element – like an incident or a control – to the business. Business Context sets the aperture by which risk can be viewed - the more context, the more clarity. When you have Hyper Risk Growth, you need Hyper Risk Management. Hyper Risk Management requires Hyper Business Context.


Hyper Business Context must be fueled by automation. Manual cataloging anything related to the risk management process in this new world will quickly fall behind. In short, the hyper growth of risk forces us to look to automated inputs with a frequency and reliability that exceeds today’s capabilities. We must rethink what it means to create the relationships to formulate business context. Your risk program must build business context from the insights it gathers – and not rely solely on manual efforts.

The good news is RSA has a unique position when it comes to the future of business context. RSA Archer already helps you build context for your risk program. But we can also think outside the box when it comes to building business context. For example, why not let the systems tell us what is important? Network monitoring systems like RSA Netwitness can tell us how much a system is used to identify availability risks. Identity Management systems like RSA SecurID can connect applications to user profiles building relationships between business functions and IT infrastructure. These are byproducts of those technologies that we can use to inform business context.


Automation and integration will be key in ensuring your context keeps up with the data flowing from your many systems especially as your business continues along its digital transformation.


Join me next week for my next blog that discusses an ever present variable that will have a tremendous impact on measuring risk in the future. 

What are audit engagements and workpapers?

Audit engagements are the mechanism that internal audit teams use to scope, plan and execute their evaluations of risks and associated internal controls, and related areas of their organization. Audit workpapers are the means to document the results of their evaluations, or test work.

Why is the proper execution of audit engagements, including workpaper documentation, so important?

A significant challenge internal audit teams face managing their audit engagements is lack of risk-driven audit coverage, inconsistency and inefficiency. Many internal audit groups cannot focus more time on risk and compliance activities because they are too absorbed in administrative work. Further, audit procedures and engagements are often performed inconsistently, and audit teams spend countless hours inefficiently managing audit resources.

They also struggle to track the status of engagements and workpapers because their teams use multiple documents and systems. Teams cannot effectively reconcile their time and expense back to their audit plan nor report real-time updates to audit executives. They lack visibility into the status of findings generated during past audits. Audit reports are not easily updated with changes to audit findings, remediation plans and workpapers, and there are constant fire drills getting information to external auditors.

RSA Archer Audit Engagements & Workpapers

The RSA Archer Audit Engagements & Workpapers use case addresses the problems outlined above through key features that include:

  • Audit universe tracking with automatic updates on time and expense from audit engagements
  • Best practices and industry standards are built into workflows for audit engagement and workpaper documentation, review and approval workflow
  • Centralized Audit Program Library and workpaper repository
  • Audit report and planning memo templates
  • Audit findings and remediation plan management with review comments capabilities through the RSA Archer Issues Management use case (see Data Sheet)
  • Offline audit engagement capabilities


With RSA Archer Audit Engagement & Workpapers, you will be able to:

  • Ensure audit engagements and workpapers are performed consistently and per prevailing standards
  • Reduce external auditor time and requests by allowing them to self-serve the information they need
  • Easily generate audit reports with up-to-date detail and findings
  • Free up time to place more focus on risk-based auditing and strategic projects
  • Provide management and the Board with the information they need more readily


Often, internal audit teams cannot focus on helping the business evaluate new risks and opportunities because they are spending too much time performing administrative and duplicative tasks. The RSA Archer Audit Engagements & Workpapers use case helps transform the efficiency of the audit department, complete better-scoped audits more efficiently, and decrease audit expenses. The use case is also integrated with other RSA Archer risk and compliance use cases enabling your organization to move toward Integrated Risk Management (IRM). As your company drives business growth with new initiatives, technology adoption or market expansion, your overall governance, risk and compliance (GRC) or IRM program must evolve, innovate and manage risk with more agility and integration than before.  Managing the audits performed by internal audit - the third line of defense, alongside risk management and compliance testing performed by second line of defense groups, and control self-assessments performed by management is one ingredient to becoming more integrated, efficient and effective across all three lines of defense.

RSA Archer can help your organization manage multiple dimensions of compliance and risk on one configurable, integrated software platform. With RSA Archer solutions, organizations can efficiently implement risk management processes using industry standards and best practices and significantly improve their business risk management maturity.

For more information, visit or read the Audit Engagements & Workpapers Datasheet.

It’s that time of the year. As we wrap up another celestial measurement of time, people begin predicting things that will happen in the future. I don’t know why it is – but my crystal ball says over the next few weeks you will see a slew of predictions about what will be coming over the horizon of 2019. In the spirit of the season, I wanted to contribute my thoughts towards this time-honored tradition.

I must admit I do a lot of thinking about the future of risk management. Earlier this year, we held our 15th RSA Archer Summit. Last month, we also held our EMEA Summit. These events are highlights for the RSA Archer community - a time to gather and share insights – and I had the honor of addressing the community at both events on the future of risk management. That opportunity got my wheels turning as I contemplated this thought provoking topic.

We all know technology has moved blindingly fast and the coming years will be mind boggling. The way we do business today will not be how we conduct business in the future. The Digital Transformation is undeniable. For us in risk management, while the Digital Transformation is unfolding, there must be a Risk Transformation that moves at the same pace, and I would argue even faster. Risk has so many variables. It is really overwhelming as we try to investigate the future and predict how risk management will transform. When I started to think about the future of risk management, I knew I had to approach risk like something else really, really complex… like the universe.

And it hit me… If theoretical physicists can pose theories to understand the universe, a theoretical riskicist can pose theories on the future of risk management. I have been using Schrodinger’s cat as an analogy for Risk and Opportunity for years so it seemed like a good fit. Plus I have seen every Big Bang Theory episode numerous times… You know it’s bad when your wife says “Ok – Sheldon – just give me the cliff notes…” on a regular basis. But before one explores a universe – a Cartesian coordinate system to describe the space comes in handy.

The first dimension we can think of as our X axis is the different domains of risk. Security, compliance, operational risk, vendor management, audit, and business continuity - all of the functions in an organization we traditionally associate with risk management - must be horizontally aligned. Alignment across these domains means you are using the same language to discuss risk. It means that your data, your processes, and your discussions are focused and meaningful to each other.  RSA is blending security and risk management as part of its core strategy. We see these worlds converging. Communication and coordination across operational functions is absolutely critical in dealing with risk.


The second dimension of risk is our Y axis indicating the spectrum of strategic to operational risks.  Our risk management strategies must be vertically aligned to connect strategic objectives to day-to-day operations. Small events can quickly turn into major catastrophes and we have to connect those dots. We need the context to put an operational event into the big picture. We also need the ability to drill into more detail when looking at strategic business risks. RSA’s strategy of integrating threat detection and risk management is a great example of this alignment, for instance, by being able to connect a security alert to a business application that stores personal data. It is the connection between risk management at the strategic and operational levels that creates a true picture of what risks mean to your business.

The final dimension is our Z axis. It may sound cliché but the “People, Process and Technology” paradigm is even more crucial in managing risk today. Moving towards a digital world, the pressure to push the envelope will be on the technology front. There will be much more data for us to consider but we can’t forget the other two elements – we need the right talent pool and we need optimized processes.



This gives us our Cartesian space – our X, Y and Z – as a foundation. As your company matures in each of these dimensions, the view of risk gets clearer and clearer. This space gives us our guideposts to explore our universe. See, that wasn’t so bad…

Over the next several blogs, I will expound on three simple theories for you to contemplate for the future. I hope you join me for my Theoretical Riskicist’s Guide to the Universe.

What is audit planning?

Audit planning is the practice where internal audit functions assess the risk across their audit universe and determines the audit engagements they need to perform in the months and quarters ahead. They plan their audits based on risk and compliance gaps, strategic objectives of the organization, important topics and other priorities.


What is audit quality measurement?

Audit quality measurement is the execution of quality surveys to monitor the effectiveness and comprehensiveness of audit processes.  These surveys provide key insight on how well the audit function is meeting the business' needs and working with business and IT management during an audit.


Why is audit planning and quality important?

According to PwC’s 2018 State of the Internal Audit Profession Study and survey of more than 2,500 audit executives, 82% of innovative audit functions collaborate with other lines of defense to align technology tools' uses and functions, vs. 45% for non-innovative audit functions.  Internal audit’s main challenge is not having access to broad, dynamic enterprise risk and control information and analysis, but it's actually using the information for agile audit planning.  Instead, many audit teams rely only on their point-in-time risk assessments to drive audit work. This prevents internal audit from adjusting their audit plans to rapidly changing risks and business concerns.


With decentralized audit plan and risk assessment documentation captured in multiple tools and systems that are difficult to integrate, there is no easy, fluid way to manage audit plans, let alone coordinate objectives among risk and compliance groups.  Internal audit is also under pressure from audit committees and management to improve their processes; yet their quality control procedures are sporadic, inconsistent and difficult to follow up on.


RSA Archer Audit Planning & Quality

The RSA Archer Audit Planning & Quality use case addresses the problems outlined above through key features that include:

  • Complete workflow to create and assess audit entities, perform risk assessments, and create and manage audit plans
  • Workflow to schedule audits and tie forecast and actual expense and time in between audit engagements and the audit plan
  • Centralized location for storing and managing audit plans, audit entities, and assessment results
  • Audit quality assurance and review questionnaire workflows


With RSA Archer Audit Planning & Quality, you will be able to:

  • Execute a more dynamic, risk-driven audit plan that is easily adjusted to match the organization’s priorities and focuses on the most important risks
  • Easily provide Board-level reporting that keeps the audit committee well-informed of the status of audit plans, risks and critical findings
  • Demonstrate the strategic value of internal audit and more efficient use of audit resources
  • Reduce external auditor fees by providing self-access to information they need


RSA Archer Audit Planning & Quality enables internal audit teams to define their audit universe, assess risks and plan audit engagements that better address risk, and manage their audit staff and audit schedule. RSA Archer Audit Planning & Quality is a critical element of Integrated Risk Management (IRM). Since RSA Archer Audit Planning & Quality integrates management risk and control information, internal audit can ensure their audit objectives are aligned with IRM teams and play their essential role as the third line of defense. As your company drives business growth with new initiatives, technology adoption or market expansion, your internal audit function can evolve and react to risk with more agility and integration than ever before.


RSA Archer can help your organization manage multiple dimensions of risk on one configurable, integrated software platform. With RSA Archer solutions, organizations can efficiently implement risk management processes using industry standards and best practices and significantly improve their business risk management maturity.


For more information, visit or read the Datasheet.

With today’s launch of RSA Exchange Release R6, we're very excited to deliver two new integrations in support of our mobility strategy. As we previewed at RSA Archer Summit 2018 in August:

  • A new integration with Mendix enables customers to access the RSA Archer Platform via a variety of supported mobile devices both on iOS and Android. Customers can customize their Mendix-based apps to suit their specific user experience and business requirements and interact with the RSA Archer Suite using the RSA Archer public APIs.
  • A new integration with KONEXUS provides an intuitive mobile solution that integrates with RSA Archer Business Resiliency use cases. The integration streamlines crisis response and transforms business continuity and crisis management plans into actionable, role-based, task lists that put critical information in the hands of users via their mobile devices.  


RSA Exchange Release R6 also includes integrations with, erwin, Rapid Ratings, SoftWarfare, ThreatConnect, and ThreatQuotient. as well as the following offerings:


  • App-Packs – pre-built applications addressing adjacent or supporting GRC processes (e.g. niche, industry, geo-specific)


    • Tools & Utilities - pre-built functions enabling administrators to more easily manage their RSA Archer implementations



    RSA Exchange Release R6 also includes updated content for Australian Government Information Security Manual (ISM) to include Controls. Content library packages are available on the RSA Exchange Documentation & Downloads subspace.


    All RSA Exchange offerings are available on RSA Link, along with implementation guides, demo videos, and installation guides where available. For existing RSA Archer customers, you can learn more about these new and updated offerings in upcoming Free Friday Tech Huddles.

    What is a cyber incident / breach response program?

    Cyber and security breaches continue dominating front page headlines all over the world. It’s not enough to hope it doesn’t happen to you or assume you’ll be able to respond effectively if it does. Companies need a proactive, program-level approach to IT & security risk management based on sound methods for prioritizing actionable security events combined with consistent operational response procedures. Poor handoffs between security functions and IT teams leave limited visibility into remediation efforts to close declared cyber incidents, and can weaken the overall process to the point where it breaks down when needed most, namely during a breach.


    Why are cyber incident & breach response capabilities so important?

    The identification of potential security issues and the process of responding to a possible cyber incident are the first lines of defense against a significant business event. Many organizations have deployed security information and event management (SIEM) technology and log collection tools in their infrastructures to track events and provide alerts. These systems produce an overwhelming amount of data for the security team to review. Uncoordinated security response processes managed in spreadsheets, email, and through other ad-hoc mechanisms further raises the overall risk that the organization will not be able to respond in time and effectively.


    RSA Archer Cyber Incident & Breach Response Program Management

    RSA Archer Cyber Incident and Breach Response enables customers to centrally catalog organizational and IT assets, establishing insightful business context to drive incident prioritization and implement processes designed to escalate, investigate and resolve declared incidents effectively. This use case is designed for teams to work effectively through their defined incident response and triage procedures and prepare for data breaches. Built-in workflows and reporting allow security managers to streamline processes while staying on top of the most pressing concerns. Issues related to a declared incident investigation can be tracked and managed in a centralized portal, enabling full visibility, stakeholder accountability and reporting. If an incident escalates into a data breach, prebuilt workflows and assessments are designed to help the broader business team work with your security team to respond appropriately.


    With RSA Archer Cyber Incident and Breach Response, declared cyber and security events are escalated quickly and consistently, a crucial aspect of robust Integrated Risk Management programs. Advanced workflows and insights allow more efficient utilization of security team resources, resulting in faster response, analysis, and closure rates for critical security incidents. With improved processes and capabilities, the security team can more effectively leverage existing infrastructure, such as SIEMs, log and packet capture tools, and endpoint security technologies, to focus on the most impactful incidents. These capabilities improve the security team’s preparedness for serious incidents involving potential data breaches, while increasing the return on infrastructure investments and lowering overall security risk.


    For more information, please visit and review the Datasheet.

    What is Business Continuity & IT Disaster Recovery Planning?

    Business continuity (BC) and IT disaster recovery (DR) planning is defined as the development of strategies, plans and actions which provide protection or alternative modes of operation for those activities or business processes which, if they were to be interrupted, might otherwise bring about a seriously damaging or potentially fatal loss to the enterprise.


    Why is Business Continuity & IT Disaster Recovery Planning important?

    In today’s world, 24/7 service delivery requirements are putting greater pressure on business and IT resource availability, making it even more important to have effective recovery plans. Interruptions ranging from isolated infrastructure failures to natural disasters have the potential to cause serious harm to the organization’s finances and reputation. Unfortunately, recovery efforts are often chaotic, ad hoc and uncoordinated due to little or non-existent planning efforts and business recovery and IT disaster recovery teams working in silos.

    Your continuity and recovery teams live in a world of regulatory saturation, with dozens of regulations, methodologies, maturity models, guidelines and laws. These authoritative sources affect how you implement and manage your business continuity programs. The demands from regulators for strengthened programs have increased, while the number and type of catastrophic man-made and natural disasters are on the rise, resulting in regulatory fines and penalties due to the inability to comply during a disruption.


    Another challenge affecting the ability of companies to recover after a disruption are recovery plans kept in multiple, inadequate tools that don’t allow management visibility to quickly answer questions, like which business processes or IT infrastructure are missing recovery plans or which plans have not been tested. Further, many IT disaster recovery teams are working with an understanding of what is critical or most important to recover that is different than that of business continuity teams. This results in an inability to align on and recover critical business and supporting IT infrastructure to deliver products and services according to recovery objectives.


    RSA Archer Business Continuity & IT Disaster Recovery Planning

    The RSA Archer Business Continuity & IT Disaster Recovery Planning use case addresses the problems outlined above through key features that include:

    • Centralized location, templates, workflow, review and approval processes for developing standardized business continuity and IT disaster recovery plans that are built around best practices and industry standards
    • Project management capabilities to help drive the entire lifecycle of continuity planning, from plan development, to testing, to continuous improvement
    • Dashboards and reports that provide visibility into the current state of the organization’s plans status, review dates, test results and remediation status
    • Workflows and reporting that enables coordination between business continuity, IT DR, and crisis teams

    With RSA Archer Business Continuity & IT Disaster Recovery Planning, you will be able to:

    • Improve your response to disruptions, which can reduce the impact on revenue, brand and customer loyalty and availability of products and services for customers, employees and third parties
    • Implement a consistent and coordinated planning process and methodology for business and IT supported through one central tool
    • Increase trust by senior management, the board, regulators and employees with higher-quality, tested recovery plans
    • Ensure plans are aligned with the organization’s priorities and include the most critical processes and company assets
    • Coordinate information, priorities and objectives among business continuity, IT disaster recovery and crisis teams, and responders, enabling better focus on the right priorities in the event of a disaster


    RSA Archer Business Continuity & IT Disaster Recovery Planning is one element of Integrated Risk Management. This use case provides a coordinated, consistent and automated approach to business continuity and IT disaster recovery planning and execution, allowing you to respond swiftly in crisis situations to protect your ongoing operations. As your company drives business growth with new initiatives, technology adoption or market expansion, your program must evolve and manage risk with more agility and integration than before.  Managing recovery planning is one ingredient to building resiliency across the organization and reducing risk.


    RSA Archer can help your organization manage multiple dimensions of risk on one configurable, integrated software platform. With RSA Archer solutions, organizations can efficiently implement risk management processes using industry standards and best practices and significantly improve their business risk management maturity.


    For more information, visit or read the Datasheet.

    According to Oxford Metrica, during the next five years, over 80% of companies will face a crisis that negatively impacts their share price by 20% to 30%. Business disruptions from events such as cyber threats, natural disasters or third-party interruptions have the potential to cause serious harm to the organization’s operations, finances and reputation.  In today’s increasingly digital world, 24/7 service delivery requirements are putting greater pressure on business and IT resource availability, making it even more important to have effective continuity plans.


    Business continuity, IT disaster recovery and crisis management teams are facing surmounting challenges. From trying to build resilience in increasingly complex businesses, to dealing with more diverse and frequent disruptions, to living in a world with a growing number of regulations, methodologies, maturity models, guidelines and laws that affect their resiliency program requirements. Driving recovery and resiliency in today's organizations isn't getting easier.  


    Too often, approaches to continuity and recovery in today's organizations are overly complex and not built on a solid foundation. Manual processes, information silos, separate teams with conflicting priorities, and lack or ownership just complicates things even more.


    Join me on November 15 for a webinar to discuss these and other challenges, as well as focus on the basic building blocks of a solid business continuity program. 


    You can register here Event Registration and take the first step to ignite your business resiliency program!

    What is Business Impact Analysis?

    The Business Impact Analysis (BIA) is a very well-known step in the Business Continuity Management (BCM) lifecycle used to identify and evaluate the criticality of the organization’s business processes and supporting IT infrastructure. This criticality in turn drives such areas as recovery planning and strategies, incident prioritization, and plans and resources to develop better resiliency across the organization.


    The Business Impact Analysis process can also provide valuable information for other risk and compliance processes.   While the focus of the BIA is typically to determine availability requirements,  business process owners and those inputting into the BIA can also identify compliance, risk, security or other requirements.  These additional perspectives can be valuable input to prioritize issues, determine compliance or control requirements or assess business risk. 


    Why is assessing business impact important?

    Investors, customers, regulators and boards of directors are becoming more interested in management’s capability to not only recovery quickly, but continue operations through any disruption. However, organizations that fail do so because they have not adequately assessed the criticality of their business processes and planned accordingly.

    One major challenge to management is keeping track of the constantly changing landscape of business processes and their supporting infrastructure, such as their connection to IT systems, third parties, locations and critical information.


    Another challenge is making sure current BIAs have been performed for all business processes so that management can understand their criticality to the business. The issues for most companies today is:

    • BIAs are not completed often enough or consistently
    • BIAs are completed in separate systems and spreadsheets
    • BIAs are performed differently throughout the organization
    • IT and the business complete separate BIAs

    Now more than ever, business process managers and BCM teams must work together to perform BIAs to understand the strategic, financial, reputation and other key impacts of a disruption.


    RSA Archer Business Impact Analysis

    The RSA Archer BIA use case addresses the problems outlined above through key features that include:

    • A Business Process catalog that tracks processes and their relationship to supporting infrastructure, such as IT systems, third parties, locations and critical information
    • A pre-configured BIA that follows standards and best practices and includes workflow, notifications and reference data that BCM teams can use to determine the criticality of all business processes
    • Dashboards and reports that enable each user to see and respond to the information they rely on

    With RSA Archer BIA use case, you will be able to:

    • Maintain one consolidated system of record for all BIAs
    • Implement a single, best practice and standards-driven approach to completing BIAs with workflow, notifications, review and approval processes
    • Quickly access reporting that shows key metrics and reports so BCM teams, Business Unit managers and business process managers can manage their BIAs


    The RSA Archer Business Impact Analysis use case is a critical element of Integrated Risk Management. As your company drives business growth with new initiatives, technology adoption or market expansion, your BCM program must evolve and manage risk with more agility and integration than before.  Managing the recovery and resiliency of what is most important within the organization is one required ingredient to effective integrated risk management. The BIA helps establish the business context and prioritization which are fundamental elements of managing risk.


    RSA Archer can help your organization manage multiple dimensions of risk on one configurable, integrated software platform. With RSA Archer solutions, organizations can efficiently implement risk management processes using industry standards and best practices and significantly improve their business risk management maturity.

    For more information, visit or read the Datasheet.

    What is issues management?

    Issues Management is the process an organization follows to treat issues, gaps or findings, as well as related remediation plans or exception requests that are generated by multiple groups, such as audit, risk and compliance.  Issues Management is one of the most fundamental processes for Integrated Risk Management.  Control gaps, findings from risk assessments, testing failures from compliance, security, and other types of audits or any issue identified within the business that could lead to an operational error or failure are indicators of risk.  Issues Management is the process by which those items are cataloged, reported and tracked from identification to resolution or acceptance by the business as a known risk or gap.


    Why is the proper management of issues and remediation plans so important?

    Organizations of all size and scope have issues that are generated from internal or external audits, regulatory reviews, vendor assessments or other sources. These issues usually have related remediation plans that the owners have committed to. However, in our experience neither issues nor remediation plans are managed as well as they should be. They’re usually tracked in scattered documents or siloed systems, there’s no effective way to follow up with the owners, and no consolidated reporting or visibility for executives into overall status. Sometimes, management needs to push back on these issues and there is typically no exception request process to do so. Finally, some issues are symptoms of bigger problems, and without a way to look at them through a more strategic lens, the bigger problem might not ever be properly addressed.

    This causes three major concerns. First, there is additional cost and effort that comes from this duplicative and inefficient way of handling issues. This ties up multiple teams with tracking, following up, consolidating the issues and reporting. However, secondly, and more importantly, is the fact that most of these issues don’t get properly addressed because the remediation plans aren’t tracked or implemented on time, if ever. This is a major reason auditors identify repeat findings. What’s even more concerning is some of these repeat findings are very critical, and result in financial losses, regulatory fines or sanctions, fraud, reputation impairment or other risks that could have been avoided. Finally, in this day of risk management, most organizations have no way to relate issues to their measurement of risk, and determine whether their remediation plans reduce risk.

    RSA Archer Issues Management

    RSA Archer offers the Issues Management use case which addresses the heart of the problems outlined above. The key features include:

    • Pre-defined workflows, reporting, user roles and notifications, which enable immediate best practices in managing the entire lifecycle of your issues, remediation plan and exception requests
    • A repository to establish your corporate hierarchy (business unit, division) and business and related IT infrastructure (contacts, business process, IT applications, locations, information assets), with connections between issues and your risk register
    • A consolidated and coordinated repository of issues and remediation plans from all sources, including risk, compliance, audits and management assessments

     With RSA Archer Issues Management, you can:

    • Immediately implement best practices in managing the entire lifecycle of your issues, remediation plan and exception requests, including measuring real reductions to risk
    • Establish your business context and relate findings, remediation plans and exception requests to the right targets and owners.  This is fundamental and sets the foundation for your governance, risk and compliance (GRC) program and establishes ownership over issues and remediation plans
    • Consolidate and coordinate issues and related remediation plans or exception requests from all sources and identify redundancies, reducing time, frustration and expense
    • Reduce repeat findings, time to resolve issues and implement remediation plans and reduce overall risk

    As long as audits, regulatory reviews, self-assessments by business areas or assessments by others are done, management, GRC teams and internal auditors will continue to create issues and require remediation plans. However, the days of managing them ineffectively or in siloes must be put in the past as business growth is dependent on better and more integrated ways of handling issues and related risk.  


    RSA Archer Issues Management is one element of Integrated Risk Management. As your company drives business growth with new initiatives, technology adoption or market expansion, your risk management program must evolve and manage risk with more agility and integration than before. Managing issues and remediation plans effectively is one ingredient to showing real progress and improvement and decreasing business risk. The use case is also integrated with other RSA Archer risk and compliance use cases enabling your organization to move toward Integrated Risk Management (IRM).


    RSA Archer can help your organization manage your issues, remediation plans, exception requests and multiple dimensions of risk on one configurable, integrated software platform. With RSA Archer solutions, organizations can efficiently implement risk management processes using industry standards and best practices and significantly improve their business risk management maturity.


    For more information, visit or read the Datasheet.

    It seems like yesterday that I announced the release of RSA Archer 6.4 SP1 with updates to several key use cases and some exciting platform enhancements but here we are again with more exciting news.  I am happy to announce general availability of RSA Archer Release 6.5.  This release focused mainly on enhancing several areas of the RSA Archer platform with updates in user interface, performance, workflow and reporting.   Additionally, we continue to see risk programs maturing and have developed a Scenario Analysis and Delegated Authorities approach for the RSA Archer Top Down Risk Assessment use case.  

    Use Case Updates

    As companies continue to mature their programs and target integrated risk management capabilities, we focused on a key element of our Enterprise and Operational Risk Management solution - RSA Archer Top-Down Risk Assessment.  This use case is designed to help your organization implement a standardized approach to building and maintaining a risk register and supports multiple types of assessment approaches.  We have added a new Scenario application enabling risk teams to create “what if” scenarios, adjust the granularity level of the assessment and tie them to risk register records providing more precise analysis as risk owners assess risk.   These scenarios can be built into a new Scenario Library application. Risk teams can create and manage a set of scenario templates that can be used to easily create new scenario records.  Additionally, new functionality adds the ability to manage Delegated authorities on risks.   This concept is critical in risk management processes allowing risk teams to to route risks for acceptance to users that have been assigned to a defined acceptance level for each business unit.  With Delegated Authorities, risk assessment processes can more quickly and efficiently route risks for review at the appropriate functional level of approval.


    Updates to the record permission structure have been made to RSA Archer Crisis Management and RSA Archer Business Continuity & IT Disaster Recovery Planning use cases to prepare for some exciting upcoming integrations.  Keep an eye out for those in the near future.

    Platform Updates

    RSA Archer Release 6.5 delivers a number of enhancements and new functionality to the RSA Archer Platform. These include performance improvements for faster ingestion and more efficient management of data at scale, new Advanced Workflow functionality for greater ease of use, new export and reporting capabilities, and a variety of usability, accessibility, and User Interface improvements.   These are only some of the highlights so make sure you read the Product Advisory for more details.


    Several of the new features focus on Usability, accessibility, and UI enhancements including Field-level encryption for Attachments and Images and Inline edit for Calculated Cross-Reference and Related Record fields.  Our User interface improvements continue with visual adjustments on Record and Questionnaire pages.  Additionally, since RSA Archer is used as a key reporting source for business and executive users, we have added several data export and reporting enhancements.  An updated Content API offers the ability to save content, fetch tasks and retrieve related records improving the ability to integrate into external systems such as business intelligence tools.  We have also made visual improvements for default chart settings and updated the Microsoft Excel-based export functionality allows users to export up to a million records in a single file.  Finally, a new dashboard export to Microsoft PowerPoint format not only streamlines output from RSA Archer for presentations, it also provides users the ability to include data and edit the PowerPoint before sharing RSA Archer dashboards. 


    An Advanced Workflow enhancement includes new functionality that allows system administrators to make bulk changes to their advanced workflow business process and move enrolled records to the new workflow version.  UI improvements also have been added to provide a new full-screen option for Advanced Workflow Designer making it easier to view and edit large or complex workflows.


    Finally, as usual, we continue to make Performance enhancements.

    • Support for SQL 2016 SP1 and SQL 2017 enables future Platform features and brings several Enterprise Edition capabilities to the Standard Edition, which many customers run to power their RSA Archer implementations.
    • Our new Data Gateway allows customers with large data sets in external system to connect to RSA Archer and continues to expand with the ability to notify RSA Archer of changes in the external subsystem and allows RSA Archer to trigger calculations.
    • Our added support for independent licensing of Elasticsearch for Keyword and GlobalSearch allows for faster and more efficient indexing of content for search purposes, performing "at scale" when large record volumes are present.
    • Bulk Actions Dynamic Field Population enables users to dynamically populate a text field in content created during a Bulk Actions creation activity. This enables text fields to be built from multiple attributes to give fields like Title and Description more context during the bulk creation process.
    • Job Engine improvements help reduce overhead and total runtime and provide additional measures for administrators to control how the Job Engine operates.


    For more information, please read the Product Advisory.

    Filter Blog

    By date: By tag: