RSA Archer Third Party Governance
Mitigate Third-Party Risks and Monitor Performance
Overview:
- Automate and streamline oversight of third-party relationships
- Get an accurate picture of third-party risk and prioritize the ones that matter most
- Fulfill regulatory obligations related to third-party management
Negative stories about third party relationships are in the headlines almost daily - faulty products from a supplier, cloud service outages, and a barrage of third party provider data breaches, to name a few. Organizations are more frequently using third party suppliers to deliver or augment their products and services, and those suppliers have third parties providing services to them.
As more and more third party products and services are used to conduct business, the frequency and impact of risk events and poor performance increases. In addition, the number, complexity and velocity of these risks are increasing. With so many relationships to track, the complexity of third party governance can be difficult to understand and manage. Most organizations simply do not have the staff and available resources to cope with this increased complexity. Unfortunately, this can often result in surprises that damage your business. Many times, pockets of vendor profiles, details of engagements, and performance data are spread across different teams within the organization, which means the business context and significance of third party relationships cannot be fully understood.
Without a consistent enterprise-wide framework for managing third party risk and performance, third party risks cannot be identified, assessed, evaluated, treated and monitored consistently across all of your business lines. As a result, it becomes difficult to find a single source of truth for third party risk and performance. Without a complete enterprise view of third party risks, your executive team does not have a clear picture to make business decisions.
Take Charge of Third Party Risk and Performance
By standardizing your third party risk and performance management process across the enterprise, you can establish a common language, measurements, controls, and processes to quickly understand, prioritize, and manage your risks. With this accurate view of third party risks, RSA Archer provides your executive team with an accurate picture of third party risk, to quickly allocate resources and make better business decisions.
Conclusion
With RSA Archer Third Party Governance, your organization has a central aggregation, visualization and management point for your third party governance program. By consolidating third and fourth party risk data from disparate risk repositories, RSA Archer Third Party Governance enables you to better understand, prioritize, and manage the entire third party lifecycle, and reinforce desired risk management accountabilities and culture while managing the program in an efficient and effective manner.
Benefits:
Elucidates Third-Party Relationships
Catalog and assess which third parties your organization is using and how much risk they pose. Understand your third- and fourth-party dependencies to prevent surprises.
Facilitates Third-Party Monitoring
Stay current with new or updated vendor relationships and monitor material changes to existing relationships. Ensure that no material risks exist.
Enables Consistent Management
Consistently evaluate third-party risks and apply controls, risk treatments and transfer techniques in accordance with your organization's risk tolerance.
Drives Accountability for Third-Party Risk
Track the individuals in your organization responsible for each vendor relationship, along with key contacts at each vendor company, in a single system.
Advantage:
RSA Archer Third Party Governance automates and streamlines oversight of vendor relationships. The solution facilitates key activities necessary to fulfill regulatory obligations and best practices across the entire third party management lifecycle as part of a governance, risk and compliance (GRC) program. You can capture prospective relationships, engage affected stakeholders, and assess contract risk, financial wherewithal, and inherent and residual risks across multiple risk categories. This enables you to enforce risk-based selection, establish performance metrics, and monitor and manage the program throughout the third party lifecycle.
Understand Your Third Party Relationships
Increasing use of third parties across your organization means you need the ability to catalog and assess which third parties your organization is using, as well as how much risk they pose. This is key in helping your business understand their third party dependencies and associated risk, and represents the first step in optimizing third party performance and preventing surprises and losses.
Make Decisions and Take Action
Make certain that decisions about third party risks are being made consistently and in accordance with the risk appetite and tolerance of the organization, and that appropriate risk treatments are implemented where appropriate. To minimize third party risk, you need to know that managers across the organization are consistently evaluating risk and applying controls and risk transfer techniques based on the organization’s risk tolerance. In the end, as the first line of defense, they should be accountable to take the appropriate action.
Monitor Third Party Relationships
With your organization relying on more and more third party resources, you need to be able to stay up to date with new or updated vendor relationships and monitor material changes occurring in existing third party relationships. No third party relationship is static and risks will continue to emerge and evolve. Ultimately, you need to ensure that no material risk exists with third party relationships.
Use Cases:
With RSA Archer Third Party Governance, you can capture prospective relationships, engage affected stakeholders, and assess contract risk, financial wherewithal, and inherent and residual risks across multiple risk categories. This enforces risk-based selection and establishes performance metrics. RSA Archer Third Party Governance automates and streamlines oversight of your vendor relationships by facilitating key activities necessary to fulfill regulatory obligations and best practices across the entire third party management lifecycle.
RSA Archer Third Party Governance provides several use cases to meet your specific business needs as you mature your third party risk and performance management program, including the following options.
Third Party Catalog
RSA Archer Third Party Catalog allows you to document all third party relationships engagements, and associated contracts, as well as the business units and named individuals in the organization that are responsible for each third party relationship. With RSA Archer, you can report on all third party information, including profiles, engagements, third party business hierarchy, contacts, facilities, accountable third party contacts, and more within a single repository.
Third Party Engagement
RSA Archer Third Party Engagement allows you to more fully document relevant information about the products and services you receive from third parties, including associating products and service engagements to the business processes they support, documenting fourth parties, proof of insurance, and master service agreements. This information provides a holistic understanding of your dependency on the third party. In addition, you can perform contract reviews, assess contract risk, and perform third party financial viability assessments and inherent risk assessments across multiple risk categories. Third Party Engagement helps you clearly understand the amount of inherent risk exposure you have to third parties.
Third Party Risk Management
RSA Archer Third Party Risk Management allows you to assess the governance and controls that third parties have in place around the engagements they are delivering to your organization. These assessments drive residual risk scores of third party engagements across several risk categories, including financial wherewithal, contract risk, compliance/ litigation, fidelity, information security, reputation, resiliency, strategic, sustainability, and fourth party risk. Assessment questionnaires are configurable and used to collect relevant supporting documentation for further analysis. The results of these questionnaires are factored into a determination of the third party’s overall residual risk profile, across all of the engagements they are delivering to your organization. Assessment findings can be automatically captured and managed, and exceptions and remediation plans can be established and monitored to resolution.
Third Party Governance
RSA Archer Third Party Governance allows you to monitor each third party’s performance. Metrics can be established around each engagement within four categories: Quality, Innovation, Performance, and Relationship. Metrics are depicted for each engagement and rolled up to the third party, to understand the third party’s performance across all of the engagements they deliver.
Documentation:
Download the RSA Archer Third Party Governance Datasheet (.PDF)