RSA Archer is a leading platform for integrated risk management, and a major component of the product suite is targeted towards mitigating third-party vendor risk. An Archer customer organization may have many vendors which supply products or services. Each of those suppliers carries with it a level of uncertainty with regard to reliability, security, and other factors that could impact the organization. Currently, Archer enables customers to use questionnaires, which are sent to internal employees and external vendors, to conduct due-diligence on such third parties and assess their level of risk.

Because customers may need to calculate the risk for hundreds to tens of thousands of third parties, they need to provide a way to complete these questionnaires and submit their documentation in an efficient manner. In addition, following the completion of each assessment, customers also need to collaborate with vendors to collect information for findings, contracts, insurance documents, performance metrics, and other risk management processes. Doing so can quickly become a complex and time-consuming task, which is made more difficult by the lack of a consistent means of sending and receiving the questionnaires and tracking the results. Depending on the vendor, everything from importing/exporting spreadsheets to answering questions over the phone has been attempted, with varying degrees of success.

The Archer Third-Party Portal is here to save the day! The portal was designed to address many of the shortcomings of the existing system and provides a simple, efficient, and centralized place to manage third-party questionnaires and their results. Some of the main features of the Third-Party Portal are:

User Segregation

• External vendor users are completely segregated from the RSA Archer instance.
• There is no need to worry about a misconfigured access role accidentally giving access to sensitive data within RSA Archer.

Maximum Availability

• The vendor portal is hosted in the AWS cloud and managed by RSA.
• No need for platform administration by the customer.

Archer Synchronization

• Native synchronization is present between content in the Archer platform and the vendor portal.
• Automatic publish process for assessments.
• Synchronizing submitted portal content back into RSA Archer is automated and native to the service.

Automated User Provisioning

• Vendor users are automatically provisioned based on the RSA Archer publish process.
• Vendor users can invite colleagues to collaborate on assessments by providing only a name and email address.
• The system automatically generates email invitations to the vendor user.

Vendor Portal Experience

• Vendors have a centralized portal to log in and view assessments from all customers in a single dashboard.
• An automated password reset capability reduces administrative overhead.
• The portal UI provides an intuitive and consistent user experience.
• Questions are displayed in an easy-to-answer format and the ability to add supporting documentation via attachments is provided.
• Supports simultaneous editing by multiple users.

Please stay tuned to the RSA Labs blog for further updates. And let us know if you have any questions or feedback in the comments section below. Thanks for reading!