RSA Archer Third Party Risk Management

Document created by Susan Jessee Employee on Dec 3, 2015Last modified by Christopher Dodge on Aug 24, 2017
Version 12Show Document
  • View in full screen mode

Use case for Third Party Governance



RSA Archer® Third Party Risk Management employs a series of risk assessment questionnaires to be completed by a third party to assess the third party’s internal  control environment and collect relevant supporting documentation for further analysis. The results of these questionnaires are factored into a determination of the organization’s residual risk across several risk categories (compliance/litigation, financial, information security, reputation, resiliency, strategic, sustainability, and fourth party risk). Risk results are depicted for each engagement and are rolled up to the third party to depict their overall risk across all of the engagements they deliver to the organization. Risk assessment findings can be automatically captured and managed as exceptions and remediation plans can be established, assigned to accountable individuals, and monitored to resolution.


Key Features

  • Consistent evaluation of third party controls and risk scoring
  • Capture and store supplemental documents such as SSAE-16s, financial statements, and PCI assessments, and monitor when refreshed documents are due
  • Capture declared critical fourth party relationships and understand the quality of governance your third party applies to their own third party relationships
  • Depiction of risk of overall third party relationship, across all engagements being delivered to your organization
  • Consolidated view into known issues
  • Organized, managed process to escalate issues
  • Visibility into known risks and efforts to close/address risks
  • Efficient program management and understanding of program status


Key Benefits

RSA Archer Third Party Risk Management provides:

  • Methodical and standardized approach to risk assessment
  • Management and mitigation of identified issues
  • Stronger, quicker response to emerging risks
  • Fewer third party related incidents and losses
  • Reduced costs
  • Reduced time to resolution on issues
  • Improved staffing management for remediating issues based on risk prioritization
  • Reduction of overtime/reactive overload
  • Reduction of overall risk
  • Reduced repeat audit and regulatory findings



For More Information

To learn more about RSA Archer Third Party Risk Management


To learn more about how EMC products, services, and solutions can help solve your business and IT challenges, contact your local representative or authorized reseller—or visit us at If you are an existing RSA Archer customer and have questions or require additional information about licensing, please contact RSA Archer at or call 1-888-539-EGRC.


Third Party Risk Management with border shadow.jpg