Maximizing Archer's Capabilities

Ensuring that your Archer system is properly optimized is vital to supporting your organizations business requirements. Properly automating your governance, risk and compliance processes will lead to cost savings and other efficiency gains.

How do you Know Your Archer Deployment is Optimized?

In order to fully maximize Archer's capabilities and ensure your organization sees the benefits, here are a few key points to ensure your Archer deployment is optimized:

Clean data

Is the data coming into Archer clean, rationalized, accurate and timely? Whether the data coming into Archer is done manually, by data-feed or both - the data must be clean.

Do you still have data in spreadsheets?

Is the data you previously had in Excel or other non-automated spreadsheets currently within Archer?

Do data silos still exist within your organization?

Data silos can cause a barrier to collaboration, accessibility and efficiency within your organization. An optimized Archer deployment will share data across the enterprise and not create vertical columns of data that are owned by a single business area.

Is the full scope of all risks visible?

Whether it is strategic, operational, financial or digital - Archer is designed to highlight the full scope of all risks. Through your current implementation, are all risks visible?

__________________________________________________________________________

Benefits to Configuring Archer to Maximize Archer's Capabilities

• Allows for corporate risks to become surfaced, mitigated and reported on, significantly lowering an organizations financial, regulatory, legal and reputational exposure.
• Audit trails of all governance, risk and compliance activities are being created and stored in the Archer system.
• Manual tasks previously being performed are now being done in an automated fashion in Archer, creating repeatable and auditable processes.
• Alerts are handled within the Archer system and are immediately triggered when an event happens, streamlining the notification of individuals inside and outside of the organization who have a task to perform within the designed workflow.
• Customized dashboards based on roles within the Archer system are provided with easy to read “My Tasks” reports, providing a daily “to do” list for business users.

__________________________________________________________________________

What is the Downside to Not Properly Optimizing Archer?

• A heavily customized Archer deployment can become too rigid for a dynamic regulatory environment and inhibits responsiveness to change. Configuration, testing and deployment cycles take longer. What happens to your risk posture if only fifty percent of high-priority adjustments can be addressed in any given year? An organization must remain agile and possess the ability to quickly adapt to change.
• Data that is siloed is costing the company money because there is inherent value in data – not just to the business function / unit that “owns” it – but across the GRC system. If risk exists everywhere – and it does – then it needs to be aggregated and reported on across the GRC landscape to give senior management a clear and concise picture of their risk posture at any time.
• Corporate policies that are not systemically linked to controls and authoritative sources are simply Word documents that are relegated to being a “guide”, instead of an enforced policy. When policies are housed in Archer and linked appropriately, they become an intrinsic part of the GRC process and are integral to ensuring that corporate policies and procedures are followed – not just suggested - and controls are regularly tested to verify that.
• For systems that are not fully-optimized relative to automated notifications, the resulting lag time in reacting to events in the Archer system – such as intrusions reported by vulnerability scans – can lead to patches not being applied in a timely manner and consequently, leaving the entire corporate network open to attack.

__________________________________________________________________________

What are the Steps to Properly Optimizing Archer?

Step 1 - A Complete Health Check That Includes the Review of:

The hardware and software that Archer is running on (for customer’s that host Archer themselves.

The overall performance of the Archer system at the use case / application level to check for any system anomalies which may be impacting the user experience negatively.

An in-depth analysis of the configuration for each deployed application to ensure that RSA best practices are being followed, and that there are no potential long-term issues that might arise from the configuration. This phase includes – but is not limited to – the following:

• Review data-driven events (DDEs) for total number (RSA provides guidelines around the maximum number of DDE’s that should be configured for any given application to ensure smooth operation).
• Review custom calculations for any configuration issues that may be below the surface.
• Review Custom Objects for potential issues if future upgrades are performed (upgrades to Javascript and / or Archer can cause Custom Objects to cease working).
• Review Advanced Workflow utilization.
• Review any configured custom workflow.
• Review notifications.
• Review access control per application.
• Review campaign triggers / frequency.
• Review questionnaires for any special logic (question show/hide dependencies, for example).
• Review RSA-provided calculations to ensure these are being used and used properly – verify that roll-up calculation logic is working correctly based on the company’s business hierarchy

The overall performance of the Archer system relative to:

• Review custom and out-of-the-box datafeeds for any historical or current runtime issues.
• Review Archer logs for any errors that are being generated in the background that the company might not be aware of.

Step 2 - A 1, 3 and 5 Year Strategic Roadmap

• The output of this process provides a high-level as well as tactical implementation plan for 1, 3 and 5 years out. The purpose of the plan is to align future enhancements and new use case implementations of Archer to the overall GRC strategy of the organization to ensure that Archer will be fully leveraged in the future to meet the GRC goals of the company.
• Key organization Archer stakeholders in the business, technical and senior-management areas are interviewed as part of this process so an overall picture of the goals of the organization as a whole and stakeholders as individuals is painted.
• A gap-analysis is then performed, comparing the goals of the stakeholders and the organization at large to the current Archer deployment. Call-outs include where the current Archer deployment aligns with the goals stated as well as where the current deployment would need to be modified and finally, the Archer use cases that would need to be acquired going forward to meet the remaining goals.
• Once the list of enhancements, modifications and new uses cases is developed and reviewed with the key stakeholders to confirm the go-forward approach, an operational plan would be developed based on the organizational priorities of the goals combined with the technical order-of-implementation necessary to implement the modifications / enhancements.
• The final operational plan should then be broken out into manageable 1, 3 and 5 year deployments and reviewed with the stakeholders.

Who We Are

Archer Experts, LLC consultants represent the best and the brightest relative to RSA Archer technical competence. We are very particular about who we engage as “Experts” – consultants must be technically stellar with RSA Archer, that’s a given, but must also be customer-focused, professional in all aspects of customer interaction and embrace a simple goal: Beyond all else, make the customer successful.

To learn more about our capabilities, please contact: