These questions and answers provides responses provided for the June 5, 2020 Free Friday Tech Huddle which provided RSA Archer Release 6.8 updates for the RSA Archer Financial Controls Monitoring and RSA Archer PCI Management use cases
Q: Can we use FCM for 404 and 906 in addition to SOX 302?
A: Yes, we did not show this functionality in the demo, but the use case does still have Quarterly Financial Certifications.
Q: While not related to financial controls, can the same approach be used for SOC1 and SOC2 in the RSA Archer Financial Controls Monitoring use case?
A: Yes, RSA has built the use case in a way to be generic to cover financial compliance standards and not just specifically for SOX.
Q: Given that the RSA Archer Financial Controls Monitoring use case is an overhaul of a previous use case, how would you suggest we go about moving from the old use case to this new one? Will it require a lot of mapping of fields in the prior application to the new application, export data from the old app, and import to the new app? Or some other method?
A: The RSA team re-used as many of the applications as we could to help limit the need move data between applications. I would recommend you reach out to your Existing Account representative and do a deeper dive on this. It will depend on how much customization has been done to the existing use case and that will vary from customer to customer.
Q: In compliance engagement, is there a possibility to have a similar record creation design as we have in the assessment campaign application (ORM) where the RCSA/pRCSA/CSA records and the dependent child records are created on the fly without any dependency on DFMs to run in the backend.
A: We are working to come up with a common solution for scoping/record creation that we can use across solution areas. This has some dependency on the internal reference platform enhancements that are currently being worked on due to the complex nature of the data relationships.
Q: Is there any external portal for external auditors to view the control effectiveness instead of their access into an internal instance of RSA Archer and instead of using the internal dashboard?
A: Great question! Not at this time but that is an idea we have been talking about as a possible new use for the technology that will make up Vendor Portal. It's in the very early idea stages so nothing soon but it is under consideration.
Q: Is there a page in the community site which has list of such potential enhancements which are work in progress?
A: I would recommend attending the RSA Archer Virtual Roadmap sessions to learn what features are currently in progress. Here is the link to the schedule on RSA Link: https://community.rsa.com/docs/DOC-32619.
Q: In PCI, can you elaborate or show about Control Evaluation History? How does it work?
A: All records of SAQs are kept in RSA Archer. The control evaluation history will be available for each assessment with its scoring/dates and review comments.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.