Archer Announces Availability of Archer Exchange Offerings for February 2021

Archer announces availability of Archer Exchange offerings for February 2021.

Archer announces availability of Archer Exchange offerings for February 2021, which includes new and updated offerings:

• App-Packs – pre-built applications addressing adjacent or supporting Integrated Risk Management processes (e.g. niche, industry, geo-specific)
  • Archer Discussion Forum helps manage informal interactive communication within your organization.
  • Archer Project Management has been updated to only require two Archer on-demand applications and includes improved dashboards and enhanced records. 
  • Evalto Inactive User Reporting has been updated to enable support for Archer SaaS and Hosted customers along with easier configuration and improved reporting.
  • Templar Shield Anti-Money Laundering (AML) Rule Management provides a central repository for AML rules and thresholds, automates AML rule optimization, and helps reduce false positives for above-the-line or below-the-line transactions.

• Tools & Utilities - pre-built functions enabling administrators to more easily manage their Archer implementations
  • Archer Data Feed Initiator executes a data feed on-demand in the Archer user interface and triggers any associated data feeds.  

• Integrations - pre-built data exchange configurations bringing data into and pushing data out of the Archer Platform
  • Axonius Cybersecurity Asset Management has been updated to accommodate new Axonius API endpoints. Axonius Cybersecurity Asset Management integrates with the following use cases:
    
    • Archer Audit Engagements & Workpapers
    • Archer Third Party Governance
    • Archer Business Continuity & IT Disaster Recovery Planning
    • Archer IT Controls Assurance
    • Archer IT Security Vulnerability Program
    • Archer IT Risk Management
    • Archer Cyber Incident & Breach Response
    • Archer PCI Management
    • Archer Information Security Management System (ISMS)
    • Archer Data Governance
  • LexisNexis Regulatory Compliance data feeds and JavaScript file have been updated to improve performance, support Enhanced Content integration, and replace the expired JavaScript file. LexisNexis Regulatory Compliance integrates with the following use cases:
    • Archer Policy Program Management
    • Archer Corporate Obligations Management
  • LexisNexis Regulatory Compliance - Enhanced Content captures features/functionality from the Enhanced Content modules (Mandates/Regulator). LexisNexis Regulatory Compliance - Enhanced Content integrates with the Archer Policy Program Management use case.
  • Regology Regulatory Change Management enables Archer customers to leverage the regulatory information provided by Regology to efficiently manage their regulatory change workflows and conduct regulatory change reviews. Regology Regulatory Change Management integrates with the Archer Corporate Obligations Management use case. 
  • RiskRecon Own Enterprise Monitoring has been updated to add letter based scoring and incorporate changes made to the security domain structure. RiskRecon Own Enterprise Monitoring integrates with the following use cases:
    • Archer IT Security Vulnerabilities Program
    • Archer Third Party Security Risk Monitoring
  • RiskRecon Third Party Security Risk Monitoring has been updated to add letter based scoring and incorporate changes made to the security domain structure. RiskRecon Third Party Security Risk Monitoring integrates with the following use cases:
    • Archer Third Party Catalog
    • Archer Third Party Engagement
    • Archer Issues Management
  • Splunk> Phantom has been updated to support Archer Domain users. Splunk> Phantom integrates with the Archer Cyber Security and Breach Response use case.
  • Resigned JavaScript Files for the following:
    • AWS IAM Access Analyzer 
    • AWS Security Hub
    • LexisNexis Regulatory Compliance
    • LexisNexis Regulatory Compliance - Enhanced Content
    • Qualys Asset Discovery Integration 
    • Qualys Vulnerability Management
    • RiskLens Gen 3
    • RiskRecon Own Enterprise Monitoring 
    • RiskRecon Third Party Security Risk Monitoring
    • Tenable.sc Asset Discovery
    • Tenable.sc Vulnerability Management
    • Thomson Reuters Regulatory Intelligence Integration 
    • Unified Compliance Framework Common Controls Hub 
    • Wolters Kluwer Regulatory Data Feed 

• Content - pre-mapped collection of best-practice policies, control standards, legal and regulatory requirements, industry standards, and assessments
  
  • BIS Basel Committee on Banking Supervision has been updated to include a new authoritative source for BIS Basel Core Principles for Effective Banking Supervision. BIS Basel Core Principles for Effective Banking Supervision is used by banks as a benchmark for assessing the quality of their supervisory systems and for identifying future work to achieve a baseline level of sound supervisory practices. Note: The Archer Exchange has an existing offering for Basel II from the Bank for International Settlements (BIS). With this release, we are expanding the original Basel II overview page to encompass all BIS content, including both Basel II and the new authoritative source. 
  • California State Privacy Laws has been updated to include a new authoritative source for the California Privacy Rights Act. The California Privacy Rights Act expands current state consumer privacy laws and creates an omnibus privacy regulation for the state. This new regulation does not go into effect until January 2023 in order to give businesses time to prepare for it.
  • COGRIS Turkish Regulation on Banks' Information Systems and Electronic Banking Services is a new authoritative source developed by Archer Exchange Technology Partner, COGRIS. The Turkish banking regulation contains detailed rules on establishing and managing banking information systems, information security, outsource information system service procurement, and electronic banking services such as online, mobile, and phone banking services.
    
  • European Banking Authority (EBA) Guidelines on ICT and Security Risk Management  is a new authoritative source from the European Banking Authority (EBA) that provides guidelines for how financial institutions in the European Union should manage their information and communication technology and security risks.
  • European Banking Authority (EBA) Guidelines on Outsourcing Arrangements is a new authoritative source from the European Banking Authority (EBA). The guidelines explain specific provisions for financial institution governance frameworks regarding outsourcing arrangements and the related supervisory expectations and processes.
  • European Commission Ethics Guidelines for Trustworthy Artificial Intelligence is a new authoritative source from the European Commission that provides a set of seven key requirements that artificial intelligence systems should meet in order to be deemed trustworthy.
  • Institution of Engineering and Technology (IET) Cyber Security and Safety Code of Practice is a new authoritative source from the Institution of Engineering and Technology and the National Cyber Security Centre. The Cyber Security and Safety Code of Practice prescribes a series of principles designed to ensure safety and cyber security teams work together effectively to address the threat of cyber attacks.
  • National Institute of Standards and Technology Guidelines now includes an updated version of NIST SP 800-53 Revision 5 that is mapped to the Archer Control Standards Library. 
  • North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) has been updated to the most recent version. 
  • North American Electric Reliability Corporation (NERC) Standards has been updated to the most recent version.
  • Prudential Regulation Authority Internal Capital Adequacy Assessment Process (ICAAP) is a new authoritative source from the Bank of England Prudential Regulation Authority. The purpose of the ICAAP is to inform the Board of the ongoing assessment of a bank's risks, how the bank intends to mitigate those risks, and how much current and future capital is necessary having considered other mitigating factors.

The following offerings and features are being retired:

• Federal Energy Regulatory Commission (FERC) Data Feed Content Integration is no longer available or supported, as the FERC data feed technology has moved away from XML RSS feeds.

For additional documentation, downloads, and a listing of all Archer Exchange offerings, visit the Archer Exchange on RSA Link.