CTS – Your Technology Partner

Governance, Risk, and Compliance

Written by Adrian Capote on August 15, 2014

Businesses set high-level objectives that steer from the top down. Governance is a broad term that defines the controls and standards each company puts in place to assist in reaching its objectives. Risks are the obstacles and unknowns that hinder a company’s path towards success. Institutions must identify, analyze, manage, and mitigate these impediments. Many factors contribute to the development of the standards and controls that will help guide decisions away from threats, and towards goals. Businesses must consider these factors, while navigating among, and always complying with, government, industry, and company regulatory requirements and policies. With no likelihood of regulation easing anytime soon, the burden to build confident compliance through consistent transparency for better-informed decisions is greater than ever.

Meet RSA Archer GRC

Data storage giant EMC boldly moved into GRC space with its acquisition of Archer by its security division, RSA. RSA Archer GRC platform facilitates the GRC responsibility by bridging existing silos to span IT, finance, operations, and legal domains. Archer enables a broader, more complete view of any business for ease of visibility and compliance.

Archer’s modular solutions allow business users to tailor configuration according to any organization’s unique demands and structure. COTS modules include:

  • Policy Management
  • Risk Management
  • Compliance Management
  • Enterprise Management
  • Business Continuity Management
  • Vendor Management
  • Audit Management
  • Incident Management
  • Threat Management
  • Vulnerability Risk Management
  • Security Operations Management
  • Federal Assessment & Authorization
  • Federal Continuous Monitoring

In addition, users can design, build, and seamlessly integrate new GRC components into the core solution using licensed on-demand applications through a drag-and-drop interface.

In 2013, Gartner named the RSA Archer GRC platform market leader – chosen by one in two of the Fortune 100.


Initial Thoughts

After attending Archer Administration and Advanced Administration trainings, I was eager to start working with this industry-leading product.

Every day, software developers employ a wealth of products and techniques to solve the vital business problems of data integration, reporting, and security. New Archer developers easily welcome its built-in implementation of the aforementioned, as well as its deployment feature capabilities.

New Archer developers also can make use of the various online resource communities, which contain white papers, release notes, blogs, GRC initiatives, and much more. The richness of available documentation is initially exciting, and responsive support personnel and SMEs reach out via email and phone. After diving deeper into even the smallest of enhancements, however, these resources quickly give way to the always invaluable, hands-on development experience.

Since Archer development is ‘code-light’, the temptation exists for bold business-user-turned-developers to ‘have a go’ at soup to nuts solutions. Do not get me wrong – understanding the business is always vital to the success of any software solution, but these beginner developers can lose the forest in trees.

One should not take lightly the double-edged sword of ‘extremely configurable’ without a clear understanding of the fundamentals of GRC, software development life cycle, proven requirements analysis techniques and documentation standards, considerations for future state, maintenance, and testing. In addition, a clear notion of EMC RSA’s vision to best leverage Archer is paramount to maximizing any line of business’s investment.

With continued Archer development, I will be commenting on this subject more in the future.