Document all of your organization’s third-party relationships and associated contracts, as well as the business units and named individuals in your organization who are responsible for each relationship. Use a single repository to aggregate all third-party information.
Leverage a series of risk assessment questionnaires to assess third parties’ control environments and collect relevant supporting documentation for further analysis. Analyze the results of these questionnaires to determine your organization’s residual risk across several categories.
Perform integrated third-party risk and performance management. Document performance metrics and service level agreement metrics for each third-party product and service to ascertain whether each engagement is delivering expected performance.
Gain a holistic understanding of your organization’s dependency on various third parties across all of your business units. Catalog the products and services they deliver to your organization according to each business process and business unit they support.
"We chose RSA Archer because of its ability to bring several platforms together. We can tie our vendor due diligence into the risks and controls surrounding that vendor, and then tie it into business continuity so that we know if a vendor fails what the impact would be to the bank. ... That ability to create a sort of GRC universe at Berkshire Bank was what attracted us to the [RSA] Archer tool."
RSA Archer Maturity Models guide organizations through the journey from baseline risk management to optimized processes that balance opportunities and risks. View the Maturity Model Snapshot to discover the stages of maturing your third-party management.