RSA Archer Policy Library Content

Document created by Susan Read-Miller Employee on Apr 26, 2018Last modified by Susan Read-Miller Employee on May 18, 2020
Version 12Show Document
  • View in full screen mode

RSA Archer Suite Logo


The RSA Archer Policy Library includes a set of 19 best-practice policies developed by RSA Archer in cooperation with leading Fortune 1000 organizations and aligned with the International Organization for Standardization (ISO) and International Electro-Technical Commission's (IEC) 27001 codes of practices.


A Policy is a broad statement of principle that presents the management position for a defined area. These statements are long-term directives that guide the development of more specific rules to address particular situations. Policies are interpreted and supported by Standards and Procedures. Policies are relatively few in number, must be approved and supported by executive-level management, and must provide overall direction to the organization.


To make communication with your employees easy, RSA Archer designed these policies using a three-level structure. The purpose of this structure is to allow employees to quickly locate policies based on a high-level name, an area of focus, or a specific section. For example:

  • A Policy is the highest-level item in the Policy framework. Policies include high-level statements of management expectations regarding an issue (for example, 8.0 Access Control).
  •  An Area is the second-highest level in the Policy framework. Areas include more specific language regarding the policy, describing the area of focus and the intent of the main level policy. Areas act as a categorical stepping stone to help users navigate to the Sections that they are looking for (for example, 8.1 User Enrollment and Authorization).
  •  A Section is the third level of policy in the Policy framework. Sections provide an additional level of grouping (for example, 8.1.4 Password Management Systems).


The following list details each of the 20 policies available in the RSA Archer Policy Library:

  • Introduction
  • Security Management
  • Risk Management
  • Personnel Security
  • Physical Security
  • Operations Management
  • Security Monitoring and Response
  • Communications Management
  • Access Control
  • Network Security
  • Third-Party Services
  • Application Development
  • Business Continuity Management
  • Legal, Compliance and Regulatory
  • IT Management
  • IT Event, Incident and Problem Management
  • Privacy
  • Audit Management
  • Financial Services Management
  • Healthcare Services Management



The RSA Archer Policy Library is available in the following languages:

  • English
  • French
  • German
  • Italian
  • Japanese
  • Portuguese
  • Russian
  • Simplified Chinese
  • Spanish


Licensing Restrictions

The RSA Archer Policy Content Library is available with the use of the RSA Archer Policy Program Management and/or the RSA Archer IT Policy Program Management use cases. No additional license is required.


For More Information

To learn more about the RSA Archer Policy Library Content:


For Additional Support

To learn more about this content, please contact your Account Rep for additional details. For technical support questions, please open a support case or contact RSA Archer at for more information.