Archer

RSA - Archer Integrated Risk Management Platform used for security PIN to login into the secure firm network, to avoid any data breaches or unauthorized access to the systems.

The risk management process at our organization is driven from the top. The board and executive team are aligned with risks we as a company are exposed to and what are the steps we are taking to mitigate or minimize them. The goals and targets are set for various key functions and stakeholders involved to manage risks. The scope of RSA Archer is not just limited to one or two departments, it is being used by the entire organization. We are a highly compliance driven organization who deals with sensitive data of our clients across variety of industries globally. We are also exposed to multiple checks and reviews based on various standards, regulations and contracts throughout the year. Hence governance, risk and compliance is a mission-critical to our business strategy. RSA Archer helps us manage it effectively across the organization.

The whole organization uses RSA Archer across multiple subsidiaries to document relationships, risks, assets and controls. It effectively links issues to vendor relationships and assets while automating assessments within workflows. The dashboard capability allows for a wide range of customization for multiple types of users, offering a rich KPI experience.

This software allows us to track our audit finding remediation and complete questionnaires during our financial reporting process. It is administered and was selected by our internal audit group for their primary needs of finding remediation. They offered its use to Finance (no additional cost), for us to complete our financial reporting questionnaires and certifications with our controllers and functional leaders. It solves the business problem of approval workflow for our international footprint. I can’t speak much to the ROI, but can say that the accuracy and audit trail has improved.

RSA Archer is being used by four major departments in the organization which require compliance and governance. It manages routine tasks, client profile creation, policy management, etc. It is a tool to adhere to compliance and e-governance in the organization. The tool is not built for small scale companies and, in my opinion, mammoth firms can achieve great benefits from this.

RSA Archer was implemented to consolidate over a dozen in-house built systems. It allowed us to consolidate reporting and move teams to a common platform.

We use Archer to manage vendor relationships, vendor contacts, vendor contracts, risk/policy exceptions, and various other vendor risk uses. It is used enterprise-wide and is a key part of doing any work with a third party. We have used different versions of RSA Archer over the years and the team is trying to get the application to the most current platform/release.

In my own organization RSA Archer is used to manage Security operations center, manage the organizational assets, their Risk and compliance assessments. It is being used by departments reporting to the CISO The business problems that it helps solve is to monitor and implement controls against cyber attack’s and threats. The SecOps module of Archer helps with integrating with all sources of security alerts and incidents affecting the organizational assets, remediation activities required to prevent, detect and react to incidents impacting security (confidentiality, integrity availability) and thereby having the up-to-date information on the security posture of the organization

RSA Archer is being used in the IT department to manage and provide governance over policies and business continuity. It is also being used for network monitoring through the Security Analytics solution. It addresses the governance issues across the enterprise. It allows us to manage all our our BCM documents in an executable and actionable framework.

RSA Archer is being used by my organization within the Internal Audit department to track various company controls, processes, policies, standards, and changes. Additionally, my organization uses RSA Archer to streamline the internal audit process. This helps Internal Audit to have visibility into all controls and their design and operating effectiveness across the entire organization.

As an Archer consultant, I work with many different types of organizations who are deploying Archer for the first time, or are looking to build upon its capabilities. I have seen instances where it is leveraged both organization wide, or just for a particular department. Archer excels at introducing efficiency to any type of business process, from managing enterprise risk, to tracking non-IT incidents, to implementing a robust vulnerability management program.

RSA Archer is mainly used by the Technology Governance, Risk and Controls team to manage IT related risks.