The RSA Archer Control Standards library consists of over 1,200 best-practice control standards organized through a custom GRC taxonomy developed specifically to align with multiple best-practice external standards and benchmarks.
Control standards specify a particular course of action or response to a given situation. They are topical rather than tactical, serving as management level guidelines that provide specifications for the implementation of corporate policies intended to drive compliance with internal and external corporate objectives.
The Archer Control Standards library is linked to several other Archer libraries such as Policies, Authoritative Sources, and Control Procedures. This provides both a common connection fabric and aggregation point for measuring performance of policy and compliance activities. For example:
- Control standard "ATCS-027: Risk Assessment Process" is mapped to hierarchical policy record 0 Risk Management Policy > 02.3 Risk Assessments > 02.3.01 Risk Assessment Process.
- This same control standard is also cross-mapped to several hundred different authoritative source references, such as ("FFIEC Information Security Booklet > 0 Information Security Risk Assessment").
The benefit of this mapping process is it allows organizations to:
- Understand which controls they need to implement to comply from a regulation standpoint, or from a corporate policy and best practice
- Identify and manage key stakeholder ownership and automate both the process of implementing industry standards across the organization, and training employees on those best
- Simplify risk and compliance performance measurement, monitoring and
This content is available in the following languages:
- Simplified Chinese
The RSA Archer Control Standard Library
For Additional Support
To learn more about this content, please contact your Account Rep for additional details. To obtain this content or for technical support questions, please open a support case or contact RSA Archer at firstname.lastname@example.org for more information.