Choosing the right technology platform to enable an organization in implementing solutions goes a long way. Our expertise on multiple EGRC/IRM platforms such as RSA Archer, ServiceNow, SAP GRC, Readinow will help you in zeroing in on the right solution suite. Our continuos client and market centric research enables us to suggest the best pick out of the lot, based on the requirements that are unique to each client. Our certified technology platform team members are read to implement solutions in a lean/agile methodology.
Choosing a right platform to enable an organization in implementing solutions goes a long way. RSA Archer smart suite is the market leader in EGRC technical solution implementations. Our certified RSA Archer team members are ready to implement solutions in lean/agile fashion for a faster and leaner delivery. RSA Archer’s out of the box solutions can be leveraged and customised to suit to the business requirements. Following is the over view of the solutions that RA Archer offers-
Most business struggle to get an overview of the risks at their organizations as they are scattered across departments and personnel. There is a lot of struggle to get a visibility into the status of the issue identified; the effort undertaken to bring them to a logical closure. RSA Archer’s Enterprise and Operational Risk management solution offers to bring all them into one platform giving greater transparency into risks, associated controls and all the way up to corporate level risk statements. This gives a trace back ability for each risk identified across the organization. The Risk catalogues presents its ability to capture all the defined risks with due dates and assigned personnel Dashboards that roll up to the executive level give a clear and concise picture of where the organization stands with respect to remediation of the risks identified, there by assurance that the internal control framework is operating as expected. It also ensures that operational risks are not the jobs of risk managers to tackle but everyone in the organization. The ease to use dashboards and user interface ensure people appropriately flag risks and raise issues making it part of a culture
As Organisations grow in size, it is crucial to manage the risk of the vendors as any faulty product or service by the vendors or for instance data breaches, either unintentionally or intentionally directly impacts the reputation of the organisation. It is with the premise “Activities can be outsourced but not the responsibilities and accountability”, that third party governance solution on RSA Archer has been developed. The solution facilitates organisation to have one platform to house all the third-party details such as engagement’s the vendors are involved with, the contracts agreements signed, the risk ratings of the vendors that comprise of inherent and residual risks calculated across areas such as Financial Stability, reputation, Credit Health etc. The solution also enables organizations to establish performance metrics to monitor all these throughout the life cycle of the vendor.With comprehensive mechanism in place, the organization will all be braced to take informed decisions.
RSA Archer’s Audit management solution enables organisations to scope out audit engagements based on the criticality, create work papers and other documentation, report issues and findings to appropriate teams in a timely manner all based on an automated work flow throughout the life cycle of an audit engagement. The Audit Management solution can be integrated into the wider Risk Management Program of the organisation enabling the risks out of audits happening in an organisation which would otherwise be just ticking the boxes for compliance. A risk-based audit approach has many advantages over the traditional one in that it increases the efficiency of the staff, focus on important ones rather than on low critical ones. The platform also can aid in easier retrieval of audit reports and related documents when the organisation faces external auditors and regulators
For federal Agencies in the United States of America, RSA Archer’s Public Sector solution helps in keeping them in compliance with federal legislations such as federal Information Security Management. Act (FISMA) that aims at safeguarding government information from man – made or natural threats. The solution also covers Office of Management and Budget (OMB) that monitors the performance of federal agencies. As Part of OMB, the solution encompasses Office of federal Financial Management, Office of Federal Procurement Policy, Office of E- Government and Information technology, Office of Performance and Personnel Management, Office of Information and Regulatory Affairs. The cost and effort in being in compliant with the federal regulations can be contained with the use of this solution. It allows the organizations to actively track issues, audit findings result from various scanning devices and pursue them to avid repetitive occurrences.
Man- made and Natural disasters sometimes have impact on the business processes of an organization by destructing either facilities or people or process. The 9/11 attacks on the USA, the frequent natural disasters that struck japan are some examples that have a huge toll on the business operating in the vicinity. It should be the constant endeavour of the organisations to reduce the impact of disasters on their business processes. Regulations such as FFIEC, ISO 22301, NFPAA 1600, FINRA Rule 4370 detail out the steps to be taken for a successful business continuity management. These regulations typically say the steps to be taken for a successful business continuity management. These regulations typically say that the organisation has to first prioritize the list of business processes based on their criticality to the businesses. The critical ones are attributed financial metrics to quantify the losses if they go out of order during disasters. Metrics such as Recovery Point Objective (RPO), Recovery Time objective (RTO) are found out during the span of the exercise. Contingency plans are made to make sure if ever a disaster strikes, the critical business processes come back within acceptable time. These contingency plans are tested, with results documented and analysed if they are acceptable. Such test runs would bring in confidence among the senior management that their businesses are not so vulnerable. crisis management piece of solution enables coordinated and consistent approach for faster response and mass communication. RSA Archer’s Business Resiliency solution brings in such cases such as Business impact analyses, Incident Management, Business Continuity and Disaster Recovery Planning and Crisis management to facilitate the above processes thereby to make an organization business resilient.
Many a times, Organizations face losses not because of competition bust because of regulatory penalties. The magnitude of these payments sometimes costs shaving off certain business units from the organizations to compensate. The regulatory scrutiny is intensely applicable to critical industries such as Banking, Finance, Insurance and Health care. It is utmost important to constantly look for applicable regulations which are fluid in nature.These applicable regulations have to be complied by the organisations. The whole process is made easier with RSA Archer’s regulatory and Corporate compliance solution. It facilitates in centralizing all the regulations applicable, corporate policies and other requirements. These are then applied to business units, projects, new products etc. to know the level of compliance. Any deviations reported out of the compliance validations or of self-effort of communicating new policy changes by appropriately routing the change request to personal through automated notifications. The solution also provides data Governance and privacy Impact assurance programs that are essential elements of EU-GDPR (European General Data Protection regulation).
Information Security assists in an organization are one of the most important ones next only to people. It is essential for an organization to categorize information technology assists based on their criticality in terms of the information they hold or process or in terms of the need for the availability or bases on the other factors the business seems are necessary. These IT assists that are critical should have valid licenced software, they patched at regular intervals, and any incidents reported on these assets must be investigated into and resolves. For thus to happen seamlessly, an automated work flow with antialignment of responsible personnel reporting going up to the senior management level is all necessary. the IT Security and Risk solution on RSA Archer enables organizations to do exactly this and a lot more. The solution can be integrated with SIEM tools/vulnerability scanners that the organization may be using. The reports provided by these other systems need to be triaged, assigned to responsible personnel facilitating appropriate decision making. The IT Security & Risk Solution also enables organizations to perform controls testing on their IT assets based on centralized controls. The results could all be summarized and reports could be generated on an ad-hoc basis throughout the life cycle of controls testing. This feature not only reduces the time and effort but also gives more transference into control testing process.