RSA Archer Third Party Risk Management

Document created by Susan Jessee Employee on Dec 3, 2015Last modified by Kris Kessler on Feb 14, 2020
Version 16Show Document
  • View in full screen mode

Use Case for Third Party Governance




RSA Archer® Third Party Risk Management employs a series of risk assessment questionnaires for third parties, enabling your organization to assess their internal controls and collect relevant supporting documentation for further analysis. Questionnaire results are factored into a determination of the residual risk of each engagement being delivered by the third party.


Residual risk is assessed across several risk categories -- compliance/litigation, financial, information security, reputation, resiliency, strategic, sustainability, and fourth-party risk. Risk results are depicted for each engagement and rolled up to the corresponding third party to obtain an overall view of the third party’s “aggregate” risk to your organization. Risk assessment findings can be automatically captured and managed as exceptions, and remediation plans can be established, assigned to accountable individuals, and monitored to resolution.


Key Features

  • Overall depiction of risk of each third-party relationship, across all product and service engagements delivered to your organization
  • Consistent evaluation of third-party controls and risk scoring
  • Capture, storage and monitoring of supplemental documents such as System & Organization Controls (SOC) reporting, financial statements, and PCI assessments
  • Capture governance quality for declared critical fourth-party relationships
  • Reporting on the overall third-party risk profile, individual problem third parties, and any remediation in process


Key Benefits

With RSA Archer Third Party Risk Management provides, you can:

  • Understand your third-party risk profile
  • Leverage a methodical and standardized approach to risk assessment
  • Manage and mitigate identified issues and respond more quickly to emerging risks
  • Reduce third party related incidents and losses, repeat audit and regulatory findings, and associated costs
  • Provide positive assurance to all stakeholders regarding the effectiveness of your third-party risk management program




For More Information

To learn more about RSA Archer Third Party Risk Management


To learn more about how RSA products, services, and solutions can help solve your business and IT challenges, contact your local representative or authorized reseller—or visit us at If you are an existing RSA Archer customer and have questions or require additional information about licensing, please contact RSA Archer at


RSA Archer Third Party Risk Management use case screenshot 11-19-2019.jpg