Questions and Answers during the session:
Q: Will this product work with public sector?
A: Yes, this product should work for any public or private standards/regulations. This product is agnostic towards the data you use. The training data given to the model determines its context. If you give it public sector data for training, then it will have that as its context for the matchings.
Q: hat Archer version is this compatible with?
A: Since it currently uses manual import/export to interact with RSA Archer data, RCA works with any version of RSA Archer. Technically there is also a reliance on the login API, but that is one of the earliest Archer APIs. Compatibility will currently go as far back as the login API... pretty far!
Q: Does Archer already have the regulatory content or does the end user need to provide? Also, are the controls what Archer believes are standard across the financial industry or are those also provided by the end user?
A: RCA trains on data supplied by the end user. This training data would include regulatory content and control standards.
Q: Can this be used with other application data sets other than Authoritative Sources?
A: Yes, however at the current time you may have to manually edit the data to meet the import file guidelines. The algorithm used in the model hasn't been tested with data sets other than Authoritative Sources. Theoretically this same concept could be applied to matching of other content.
Q: Where can we access the RSA Archer RCA tool?
A: It is available as a purchasable Use Case of the RSA Archer platform. Contact your Account Management team to get the discussion started.
Q: What if Compliance uploads the regulation but someone in the business needs to do the mapping of the control to the regulatory obligation. Is there workflow to assign this to someone else or would this have to happen offline? And, what if there are multiple business lines that need to align controls to the same regulatory section? How is that shown?
A: Logins to RCA are provisioned out based on your RSA Archer user account. So you are free to let any Archer users in your business interact with RCA.
Q: What is the cost for utilizing this?
A: It is available as a purchasable Use Case of the RSA Archer platform. Contact your Account Management team to get the discussion started around pricing.
Q: Can you show how it loads into RSA Archer?
A: I don't believe we are setup to demo that today. Once you are done, there is an Export option that downloads a ZIP file containing CSV files, which can be put into Archer via Data Import, Data Feed, or API.
Q: I believe I saw this being mapped to the section level of the regulation. Does it go further to the specific requirement level?
A: RSA Archer's authoritative sources are formatted into the following levels: Source, Topic, Section, Sub Section. RSA Archer's out-of-the-box content has sections or sub sections mapped to control standards. RCA accounts for mappings at the section and sub section levels."
Q: How are you differentiating between the terms: Standards and Controls? So adding a new control will create a new standard?
A: We are mapping authoritative sources to control standards. This is why we use the term standards in RCA. That being said, RCA could be used to map authoritative sources to control procedures instead. To add to that: Standards = Regulations, Controls = Corporate policies
Q: Can we leverage this if we have on-premises?
A: YES! Currently import and export is completely manual. RCA is hosted in AWS and accepts input data from a csv. As a result, on premises customers can leverage RCA.
Q: What about analyzing Assessment Objectives in A&A?
A : Our RSA Archer offering is in AWS (not our hosted offering by RSA).
Q: Do we still need an authentication API?
A: It is not a special API you need. It is the standard RSA Archer REST API that RCA authenticates against. Depending on your security policies in AWS, you may need to open up some network ports to allow connectivity, however.
Q: Are you going to add help documentation?
A: This is already included in the product, in the "?" icon top-right.
Q: Is this license per environment?
A: License is per instance of RCA. We recommend talking to you account management team.
Q: How do we load the Controls to assess against?
A: Controls and authoritative sources are both loaded in the training file. We have documentation that specifies the format required of the training file.
Q: Will this be supported by CS, DSE, or SaaS support?
A: All of the above!
Q: In the future, will we be able to see this tool embedded in RSA Archer itself?
A: Potentially. But at present as a SaaS product it is built on an entirely different technology stack than Archer, so does not embed within. If embedding is a pressing need, please submit to RSA Ideas on the Community.
Q: So, if we don't have them mapped together today, this won't connect the dots?
A: Correct - It needs to learn based on your prior mappings to suggest how to map to changes or net new.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.