SOLUTION BRIEF RSA ARCHER REGULATORY & CORPORATE COMPLIANCE MANAGEMENT

Similar documents
SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

SOLUTION BRIEF HELPING PREPARE FOR RISK ASSESSMENT & COMPLIANCE CHALLENGES FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

RSA ARCHER IT & SECURITY RISK MANAGEMENT

RSA ARCHER INSPIRE EVERYONE TO OWN RISK

COMPLIANCE TRUMPS RISK

SOLUTION BRIEF RSA ARCHER AUDIT MANAGEMENT

RSA Solution for egrc. A holistic strategy for managing risk and compliance across functional domains and lines of business.

MATURITY MODEL SNAPSHOT REGULATORY & CORPORATE COMPLIANCE MANAGEMENT

RSA ARCHER MATURITY MODEL: AUDIT MANAGEMENT

SOLUTION BRIEF HELPING ADDRESS GDPR CHALLENGES WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

SOLUTION BRIEF RSA ARCHER PUBLIC SECTOR SOLUTIONS

CONSULTING & CYBERSECURITY SOLUTIONS

ERM: Risk Maps and Registers. Performing an ISO Risk Assessment

Enterprise Compliance Management for Credit Unions

RSA. Sustaining Trust in the Digital World. Gintaras Pelenis

Ready for the GDPR, Ready for the Digital Economy Fast-Track Your Midsized Business for the Digital Economy While Addressing GDPR Requirements

How Can I Better Manage My Software Assets And Mitigate The Risk Of Compliance Audits?

RSA. Archer Risk Intelligence Index

Effects of GDPR and NY DFS on your Third Party Risk Management Program

Sustainable Identity and Access Governance

Optiv's Third- Party Risk Management Solution

Streamline Retail Processes with State-of-the-Art Master Data Governance

Simplify and Secure: Managing User Identities Throughout their Lifecycles

BlackLine Compliance

HCCA Audit & Compliance Committee Conference. February 29-March 1, Drivers of ERM. Enterprise Risk Management in Healthcare.

An Oracle White Paper March Access Certification: Addressing and Building On a Critical Security Control

The power of the Converge platform lies in the ability to share data across all aspects of risk management over a secure workspace.

Preparation Guide to the New European General Data Protection Regulation

WHITE PAPER THE RSA ARCHER BUSINESS RISK MANAGEMENT REFERENCE ARCHITECTURE

SOLUTION BRIEF RSA IDENTITY GOVERNANCE & LIFECYCLE SOLUTION OVERVIEW ACT WITH INSIGHT TO DRIVE INFORMED DECISIONS TO MITIGATE IDENTITY RISK

Improving Information Security by Automating Provisioning and Identity Management WHITE PAPER

Best Practices: Vendor Risk Questionnaires PROCESSUNITY WEBINAR SERIES

IBM Software July 2011 Thought Leadership White Paper. What is MRM, and why are marketers investing in this technology?

GDPR: Centralize Unstructured Data Governance Across On-premises and Cloud

EU-GDPR and the cloud. Heike Fiedler-Phelps January 13, 2018

Planning for the General Data Protection Regulation

5 Ways. to Cut. Market Data. Spend and IMPROVE WORKFLOW WHITE PAPER

Agile Master Data Management

Accenture Reporting and Analytics. Deliver actionable insights through a scalable and cost-effective model

a physicians guide to security risk assessment

Information and Communication Technologies Strategic Plan 2016/ /20

Thomson Reuters Regulatory Change Management

Solution Brief: Enterprise Compliance Management

US BANKING & CAPITAL MARKETS

HITRUST CSF Assurance Program. The Common Healthcare Industry Approach for Assessing Security and Reporting Compliance

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

Leveraging IT risk management to boost competitive advantage

risk management Regulatory Compliance in Community Bank: An Exercise in Risk Management By:

PARTNER SOLUTION BRIEF

7 Key Trends in Enterprise Risk Management

STRATEGIES FOR EFFECTIVELY WORKING WITH THIRD-PARTIES. September 2017

Gain strategic insight into business services to help optimize IT.

Improve Enterprise Application Adoption with User Experience Analytics

Achieving GDPR Compliance with Avature

OpenPages Internal Audit Management: Internal audit and its evolving role in GRC

Pega Upstream Oil & Gas Capabilities Overview

Solve for now. Build for next. The Deloitte Audit

HITRUST CSF Assurance Program

Data Integration for the Real-Time Enterprise

Veritas 360 Data Management Suite. Accelerating Digital Transformation Through Multi-Cloud Data Management.

Certified Identity Governance Expert (CIGE) Overview & Curriculum

How to Stand Up a Privacy Program: Privacy in a Box

Digital Testing and Controls Automation A transformative approach to automating your control environment

IBM Sterling B2B Integrator

Visualize, Analyze, and Transform Processes for Intelligent Procurement Operations

Making winning workforce decisions

Preparing for the General Data Protection Regulation (GDPR)

Business Resilience: Proactive measures for forward-looking enterprises

7 STEPS TO BUILD A GRC FRAMEWORK ALIGNING BUSINESS RISK MANAGEMENT FOR BUSINESS-DRIVEN SECURITY

Payment Card Industry Data Security Standard Compliance: Key Players and Relationships. By Jason Chan

Finance Division Strategic Plan

Making Contracting Easier for Legal. Mike Haysley, Consilio Jackson Mayes, Onit

Boards and internal audit: Working together to strengthen risk management

Mastering new and expanding financial services regulations and audits

Executive Teams and the Use of ISO in Decision Making. Scott Wightman, ARM-E National Director Gallagher ERM Practice

Regulatory Change Management

Environmental, Health and Safety Management

5-Step Guide For GDPR Compliance

Securing Intel s External Online Presence

Beyond Compliance. Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404

Productivity Management INTELLIGENT COLLABORATION SOLUTION

BRINGING DATA TO LIFE Increase your organization s digital IQ and optimize performance through data analytics

Going Beyond AIOps to Accelerate IT Transformation

Delivering Business-Critical Solutions with SharePoint 2010

Enterprise-Wide Security Transformation to Meet Escalating Regulatory Requirements

Quantifying the Value of Investments in Micro Focus Quality Center Solutions

Risk Based Process Safety Making a Step Change Improvement in Operational Excellence

Oracle Financial Services Data Foundation

The importance of a solid data foundation

Efficient Support for Internal Control Systems via a GRC Software Platform

WHITE PAPER RSA RISK FRAMEWORK FOR DYNAMIC WORKFORCE MANAGING RISK IN A COMPLEX & CHANGING WORK ENVIRONMENT

Operational Risk Management

Corporate egrc update

RSA Archer Compliance Management 5.2 Webcast

Drive down costs with better asset lifecycle management

Deloitte A Middle East Point of View - Summer 2018 Compliance

ISACA San Francisco Chapter

HCCA Compliance Institute : Intersection of Internal Audit & Compliance. April 17, Agenda. Where are we today?

DevSecOps Embedded Security Within the Hyper Agile Speed of DevOps

Transcription:

RSA ARCHER REGULATORY & CORPORATE COMPLIANCE MANAGEMENT

INTRODUCTION Your organization s regulatory compliance landscape changes every day. In today s complex regulatory environment, governmental and industry bodies make changes to laws, regulations and industry requirements frequently. Organizations that must comply with a variety of regulations face a daunting task in keeping abreast of these changes. From risk and regulatory compliance perspectives to data privacy concerns, businesses are compelled to establish processes for identifying regulatory changes and implementing measures and suitable processes to maintain compliance. However, with the growing amount of regulatory data coming in from a variety of sources and an increased focus on the processing of personally identifiable information (PII), it is difficult to identify, prioritize and respond to issues that impact your business. Departments, business owners or team leads often create unique ways to address policies and regulatory obligations required to run their organizations. The resulting proliferation of spreadsheets, emails and data repositories spread across the network contributes to a lack of coordination and accountability among the many different stakeholders. Many times, different policies and regulations require business units to provide control attestations that are the same or similar across multiple compliance initiatives. As priorities change and resources stretch, staff begins to tune out and ignore these compliance requests, which further exposes the organization to increased risk of fines and penalties due to noncompliance. 61 percent of organizations are performing risk assessments annually. Half of the respondents also stated they conduct enterprise-wide compliance risk assessments annually. Nearly a third of responses said they combined their compliance assessment with a larger ERM assessment. 2016 Compliance Trends Survey Compliance Week and Deloitte These disconnected processes impact the organization s productivity as team members spend time chasing down information to meet various organizational policy and reporting requirements. Ultimately, these inefficient processes steal valuable resources away from the strategic initiatives that are critical to growing and sustaining the business. DRIVE DOWN THE COST OF COMPLIANCE Your current approach to meeting regulatory and corporate compliance obligations is overwhelming resources, and there is no way to keep up the pace of regulatory change. How do you respond when executives ask for compliance updates? How difficult is it to provide them the visibility they require, and can it be provided quickly and consistently? By consolidating regulatory data into a centralized repository and establishing a sustainable and consistent process for managing regulatory change, you can quickly and accurately comply with your regulatory obligations. And because you have consolidated your compliance efforts, you can now provide the executive team with a complete picture of the state of compliance across the organization in real time. 2

THE RSA ARCHER REGULATORY & CORPORATE COMPLIANCE MANAGEMENT ADVANTAGE RSA Archer Regulatory & Corporate Compliance Management solutions allow you to consolidate information from multiple regulatory bodies, document their impact on the business and establish a sustainable, repeatable and auditable regulatory compliance and data privacy program. TAKE CONTROL OF REGULATORY REQUIREMENTS Managing the increasing velocity of new regulations and laws and prioritizing regulatory compliance activities is challenging. Resources can only react to current, known regulations and laws and are unable to proactively advise the organization about potential impacts from emerging, new and changing regulations. With RSA Archer, you can consolidate regulatory requirements into a consolidated repository and centralize news feeds from regulatory bodies into one searchable, standardized structure using prebuilt data feeds. Your organization can also document your regulatory impact analysis and supplement it with information from your research and internal requirements. This approach provides you with a clear and consolidated view of regulatory intelligence. It also allows you to map regulatory impacts across your entire organizational infrastructure by expanding your ability to manage and minimize the impact of regulatory change. The best thing for me about working with RSA is the fact that, as a control and compliance officer, I have access to all data I need. I can see what s happening, and where the organization has deficiencies. I can see what is done to cope with them. I can see whether or not management has accepted things correctly at the right levels and I can execute my control tasks much easier than in the past. Jans Jans Control & Compliance Officer Rabobank ADDRESS COMPLIANCE CONSISTENTLY In many organizations, it is common for each business unit, department and team to have very different approaches in dealing with corporate policies and regulations. Each team develops unique policies and tools, collects information and reports on compliance activities based on the way each interprets their obligations. This approach leads to duplication of common activities and burdens individuals with multiple requests for similar information. The end result is an organization lacking a clear, consistent, scalable and measurable method for meeting its regulatory compliance obligations. This leaves the organization vulnerable to fines, penalties and reputational damage due to compliance failures. RSA Archer enables you to standardize your policy, compliance management and data processing activities involving PII across the organization, establishing a common taxonomy for developing measurable risk and compliance goals, processes and controls. This allows you to prioritize and manage corporate policies and regulatory compliance initiatives quickly. By eliminating manual, nonscalable compliance activities, you can implement a consistent and repeatable process for managing new and changing regulations and rapidly determine the impacts of regulatory changes to the organization. 3

MEET REGULATORY AND COMPLIANCE OBLIGATIONS Organizations often do not have a complete view of the state of compliance without spending weeks sifting through controls, findings and other data. And your teams cannot offer an accurate compliance picture to your executive team or board at a moment s notice. The aggregate effect raises the risk of costly, public compliance exposures and erodes the organization s ability to pursue strategic objectives. The bottom line: without a solid understanding of the state of compliance across the organization, your executives jobs are on the line. This past year, we had a regulator exam where we were able to build reports and dashboards within Archer to meet the regulators pre-exam questionnaire. As a result, instead of two months they were only onsite for two weeks. 4 Melissa Taylor AVP, GRC Officer Berkshire Bank By consolidating and centralizing your regulatory data with RSA Archer, you can quickly produce real-time reports and user-specific dashboards to view regulatory news by provider, type and impact and monitor the overall status of the organization s regulatory compliance program. In addition, you can assign tasks to compliance staff in a consolidated system to monitor resource activities. You can also create exception requests, remediation plans and findings to correct any issues uncovered during the control testing process. This approach ensures that senior leadership always has a complete picture of the state of compliance and enables regulators to assess your organization s compliance to required obligations quickly. RSA ARCHER REGULATORY & CORPORATE COMPLIANCE MANAGEMENT With RSA Archer Regulatory & Corporate Compliance Management, you can obtain a clear view of the organization s state of compliance, enabling you to prioritize activities that address the regulatory requirements having the greatest impact on the business. Limiting overcompensating responses and wasted cycles preserves the ability to direct more resources back to strategic areas of the business. POLICY PROGRAM MANAGEMENT RSA Archer Policy Program Management provides the framework to help organizations establish a scalable and flexible environment to manage corporate and regulatory policies and ensure alignment with compliance obligations. This includes documentation of policies and standards, assigning ownership and mapping policies to key business areas and objectives. Organizations can effectively manage the entire policy development lifecycle process and gain the agility and flexibility to handle policy exceptions amidst an increasing volume of changes in a complex regulatory compliance landscape. CORPORATE OBLIGATIONS MANAGEMENT RSA Archer Corporate Obligations Management provides the necessary tools and capabilities to document external regulatory obligations. It enables you to establish a systematic review and approval process for tracking changes to those obligations, understanding the business impact and prioritizing a response. You can quickly and accurately deliver guidance to

senior management and the IT organization regarding regulatory and other compliance requirements the business must manage in conjunction with business operations. By improving the linkage between organizational compliance requirements and internal controls, compliance gaps are reduced and senior management gains better insight into issues impacting the business. Implementation of RSA Archer Corporate Obligations Management provides an agile policy framework to keep pace with changing business and IT compliance risk. HIPAA is really the regulatory requirement that we have to attest to. HIPAA does not give a lot of detail as to what IT security needs to do. It just makes general statements like Protect your information. We can go to a framework that is a lot more prescriptive and gives us a lot more detail on how we can really accomplish that task, such as NIST. Archer enables us to map those two together, so whenever we attest to NIST we can also simultaneously attest to HIPAA. Director of IT Security St. Luke s Health System CONTROLS ASSURANCE PROGRAM MANAGEMENT RSA Archer Controls Assurance Program Management offers a framework and taxonomy to systematically document the control universe and assess and report on the performance of controls at the business hierarchy and business process level. You can apply clear, accurate control guidance in support of any compliance objective. By improving the linkage between compliance requirements and internal controls, the business can better communicate and report on compliance obligations using a common taxonomy and language across the organization. With RSA Archer s agile and flexible compliance framework, compliance teams can manage regulatory change across the business proactively. CONTROLS MONITORING PROGRAM MANAGEMENT RSA Archer Controls Monitoring Program Management extends the foundation established with RSA Archer Controls Assurance Program Management with an approach to defining and managing separate compliance projects simultaneously. This includes tools to assess and report on the performance of controls across all enterprise asset levels and the ability to automate control assessments and to monitor continuously. Multiple compliance projects can be managed in concert with other strategic business activities. By consolidating organizational compliance projects into a single platform, business owners have visibility into critical risk and compliance data, enabling them to make fully informed, risk-based business decisions in support of organizational priorities. A single control universe can further align with extended corporate stewardship and responsibility goals and other strategic objectives. DATA GOVERNANCE RSA Archer Data Governance is designed to provide a framework to help organizations identify, manage and implement appropriate controls around personal data processing activities. RSA Archer Data Governance helps empower organizations to maintain an accurate inventory of processing activities, establish and apply documented controls around the usage of PII and manage data retention requirements. 5

Ensuring the accuracy, completeness, confidentiality and transparency of PII and regularly assessing the data protection risks associated with its usage are core tenets of data privacy principles highlighted in the GLBA (Gramm-Leach-Bliley Act), HIPAA (Health Insurance Portability and Accountability Act) and EU GDPR (General Data Protection Regulation). PRIVACY PROGRAM MANAGEMENT RSA Archer Privacy Program Management is designed to enable organizations to group processing activities for the purposes of performing data protection impact assessments and tracking regulatory and data breach communications with data protection authorities. Chief Privacy Officer, Data Privacy Officers and privacy teams are also enabled to benefit from a central repository of information needed to demonstrate commitment to GDPR compliance around the organization s privacy program. RSA Archer Privacy Program Management is designed to help organizations improve how they manage personal data processing activities, document communications with regulators and assess the privacy risk impact of managing PII. With better diligence and stronger programs in place, organizations are empowered to demonstrate conformance with compliance obligations. Establishing an effective privacy management program can also positively impact the organization s bottom line through reduced risk exposure to fines and penalties for noncompliance. CONCLUSION With the constant influx of new and changing regulations, your organization needs to understand which ones are relevant to the business. With RSA Archer Regulatory & Corporate Compliance Management, organizations can establish business context for compliance, identify and meet regulatory obligations, establish and implement compliance policies and standards, create and manage an integrated control framework and provide compliance visibility to the executive team. This reduces the risk of poor, misaligned IT and business practices, exposure to regulatory violations and operational compliance failures. 6

7 RSA and the RSA logo, are registered trademarks or trademarks of Dell Technologies in the United States and other countries. Copyright 2017 Dell Technologies. All rights reserved. Published in the USA. 09/17 Solution Brief H14989-1 RSA believes the information in this document is accurate as of its publication date. The information is subject to change without notice.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback