RSA Archer® Corporate Obligations Management
Create a centralized repository to gather, track, and respond to regulatory developments
- Respond to the ever-changing regulatory environment
- Implement a system of record for organizing regulatory intelligence
- Create clear linkages between changes in regulations and internal controls
Reduction in time to needed to modify policies in response to changing regulations
Less time and effort required to research control requirements
Improved ability to link regulatory requirements to internal controls and demonstrate compliance
Impact analysis, change and issue management controls for corporate compliance obligations.
Exception management and governance through appropriate risk acceptance and sign-off.
Regulatory intelligence feeds to drive review and response activities.
Regulatory Change Management
Implement workflow and change management based on regulatory changes.
HIPAA is really the regulatory requirement that we have to attest to. HIPAA does not give a lot of detail as to what IT security needs to do. It just makes general statements like 'Protect your information'. We can go to a framework that is a lot more prescriptive and gives us a lot more detail on how we can really accomplish that task, such as NIST. Archer enables us to map those two together, so whenever we attest to NIST we can also simultaneously attest to HIPAA.
Director of IT Security @ St. Luke's Health System