Archer Strategy & Vision

November 17

1 ©2022©2022
RSA Security
RSA Security
LLC orLLC
its affiliates.
or its affiliates.
All rights
All rights
reserved.
reserved. C O N F I D E N T I A L
 The expectations of risk management have changed

ENGAGE ACROSS YOUR COMMUNICATE RISK IN EXPECTATIONS ACROSS

BUS INES S OPERATIONS BUSINESS TERMS RIS K DOMAINS

Companies achieve better Risk quantification is essential to Stakeholders expect organizations

outcomes with broad participation establish priorities and evaluate to prepare for risks and quantify
from first line business operations business practices. their financial, strategic, and
and third parties. societal impacts.

2 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

 Archer Strategic Pillars

Holistic Integrated Modern Cloud Advanced

Risk Management Technology Analytics

3 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

Archer Strategic Pillars
Operational Resilience
Areas of Focus

Risk Quantification

Environmental, Social & Governance

User Experience

4 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

Operational Resilience

5 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

 Building Operational Resilience

Conducted Annually

Identify Map Scenario Conduct Self-

Set Impact
Important Dependencies Analysis & Assessment
Tolerances
Services Testing

6 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

 Level 1
Business Resiliency

Product/Service Dependency Impact Scenario Annual

Criticality Mapping Tolerances Analysis Assessment
Assessment

7 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

 Level 1
Business Resiliency

Level 2
Third Party Risk Management

Supply Chain Third Party Third Party Zero-Day Archer

Cataloging Metrics Resilience Vulnerabilities Engage
Assessment

8 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

 Level 1
Business Resiliency

Level 2
Third Party Risk Management

Level 3
Enterprise & Operational Risk

Metrics Relationship Resilience Mapbox Resilience

Visualization Scorecard Integration Assessment

9 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

Risk Quantification
Archer Insight

10 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

 Risk management is critical to
achieving strategic business goals.
A recent survey of executive teams
Quantification is conducted by NACD found that they
the most are dissatisfied with current approaches
to evaluating risks.
effective means
of risk Nearly 50% of board members believe
the risk information they are presented
measurement. with does not enable them to draw the
correct conclusions.

11 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

What types of Insight does Archer bring?

How are risk drivers, What is the level of risk in Which efforts to mitigate
controls, risks and each part of my business? exposure are most
consequences related? important?

ANALYSIS AGGREGATION VISUALIZATION

12 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

 How are risk drivers, controls, risks and impacts all related?

RISK

RISK CONSEQUENCES
DRIVERS

PREVENTIVE MITIGATING
CONTROLS CONTROLS
13 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L
What types of Insight does Archer bring?

How are risk drivers, What is the level of risk in Which efforts to mitigate
controls, risks and each part of my business? exposure are most
consequences related? important?

ANALYSIS AGGREGATION VISUALIZATION

14 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

What is the aggregated level of risk in each part of my business?

RISK
LIKELIHOOD

POTENTIAL
FINANCIAL
LOSS
ORGANIZATIONAL IMPACTS
ENTITIES

15 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

What types of Insight does Archer bring?

How are risk drivers, What is the level of risk in Which efforts to mitigate
controls, risks and each part of my business? exposure are most
consequences related? important?

ANALYSIS AGGREGATION VISUALIZATION

16 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

 Which risks rely most on our efforts to mitigate exposure?

RESIDIUAL
RISK IMPACT
SCORE
The tail indicates the amount
of mitigation in place. The
longer the tail, the more
reliant on risk prevention or
mitigation efforts.

17 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

What types of Insight does Archer bring?

How are risk drivers, What is the level of risk in Which efforts to mitigate
controls, risks and each part of my business? exposure are most
consequences related? important?

ANALYSIS AGGREGATION VISUALIZATION

18 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

ESG

19 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

 ESG

Supply Chain Ethics

Emissions

Water Biodiversity Work Practices Privacy Systemic Risk Incident Mgmt

Environmental Social Governance

20 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

 ESG is critical to achieving
strategic business goals

Organizations with
A survey by the University of Oxford*
robust ESG found that 88% of companies with
practices achieve robust ESG practices achieved better
better operational operational performance
performance The same study also reviled that 80% of
companies with strong sustainability
practices positively influence their
stock price

* Oxford University - Smith School of Enterprise and the Environment “From the Stockholder to the Stakeholder:
How Sustainability Can Drive Financial Outperformance.”
21 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L
Archer ESG Offering

Collect Metrics
Materiality Align to ESG Report on Metric
from
Assessment Standards Performance
Stakeholders

22 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

Archer’s ESG Vision
How can I evaluate How can I provide How can I ensure
How do I collect How can I plan and accurate disclosure long term strategic
and predict ESG risk
and aggregate execute a transition and reporting to performance
against climate
my ESG data to net-zero stakeholders
scenarios

Metrics Transition Scenario Corporate Performance

Collection Planning Analysis Reporting & Long-Term
Viability

23 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

Why ESG should be part of
your GRC Program ESG Risks and Controls

Third Party Risk

Controls Assurance over

ESG Disclosures

Credit Risk

24 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

 User Experience

25 ©2022©2022
RSA Security
RSA Security
LLC orLLC
its affiliates.
or its affiliates.
All rights
All rights
reserved.
reserved. C O N F I D E N T I A L
Collaboration is Critical

Drive Engagement More Effective Scalable

▪ Business users on the front line ▪ Risk teams must have better
often see risks, issues and incidents information from across the
as they occur. organization to enable effective
▪ Risk teams have struggled to get risk management.
input from executives, consumers, ▪ Executives and Board members
customers, contractors, or increasingly involved in risk
employees. management need better insights
to make decisions.
▪ Organizations are complex,
changing and growing and you
need a solution that adapts.
▪ Business users, risk teams and
others must develop better “risk
muscle-memory” to build risk
management into the way the
organization operates.

26 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

 User Experience

▪ Point 21 ▪ Point 3

Archer Engage nextGen Dashboard nextGen Risk Experience

27 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

Archer Engage

28 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

 The Importance of Archer Engage

Modern and intuitive user Capture key data for Broad stakeholder
experience complete picture of risk participation

Archer Engage delivers a modern, consumer Archer Engage captures data that feeds directly Archer Engage drives streamlined collection of
app-like experience to the infrequent user into the main Archer implementation to risk data from key cross-functional
to ensure active engagement in helping the provide a complete and accurate picture to stakeholders and third parties for analysis and
enterprise manage risk. support strategic business decisions. treatment.

29 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

30 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L
What’s Next? Supporting Comments on
Assessments

Support for Multiple Languages

In-flight Status and Progress updates

31 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

nextGen Dashboards

32 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

33 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L
34 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L
Future Capabilities

Dashboard Filters

35 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

Future Capabilities

Collaboration

36 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

Future Capabilities

Trending

37 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

Future Capabilities

Executive Summary

38 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

nextGen Risk Experience

39 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

Key Design Principles

1. Provide configurability for business 4. Provide seamless navigation that

processes without sacrificing experience. provides visibility into the big picture and
help me understand how things are related.
2. Leverage modern design and aesthetics
that meet expectations and are accessible. 5. Make it as effortless as possible. Guide
me through the complex and make it easy to
3. Deliver context sensitive experiences. find what I’m looking for.
The right experience for the right person, at the
right time, for the right context.

40 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L

41 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L
42 ©2022 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L