Watch videos with subtitles in your language, upload your videos, create your own subtitles! Click here to learn more on "how to Dotsub"

Selling Issues Management

0 (0 Likes / 0 Dislikes)
Today, we're talking through the RSA Archer Issues Management Use Case. Just as water is the universal solvent, Issues Management is the universal use case. At the most basic level, every GRC effort a company undertakes has the need to resolve issues discovered. These issues include internal items such as: risks found during a risk assessment, failed controls, audit findings, or flaws found during a security incident. External items from vendors, regulators, and partners can also be tracked. While it may seem daunting, having findings is actually a proved point of an effective GRC program.

Once companies consolidate all of these findings into a single repository, the next step is to action them. This is most commonly done by accepting the risk, creating a remediation plan to address the risk, or requesting an exception for a period of time. Issues Management is one of the easier use cases to ask discovery questions about. Smaller companies tend to not have a formal system in place, while large companies tend to have multiple systems with each providing a narrow view into the overall picture.

Discovery questions for smaller companies revolve around the difficulty in reporting the status of issues. For example, what departments have the highest rate of acception requests? What’s the average time to remediate findings? Has this changed over time? Are you able to provide status of things like the number of issues with past due remediation plans? Discovery questions for large companies should be specific to find out where there is a gap in coverage and to determine what groups aren't quite as mature as the others. For example, ask, do the audit risk in compliance groups all use the same system to track issues? How do they share information? What metrics does the board use to determine if issues are being addressed across the company?

Key functionality of the RSA Archer Issues Management Use Case is consolidation. Consolidation of the issues' management process, a consolidated list of findings from IT and Security audits and assessments, as well as managed exceptions with appropriate risk sign off and acceptance were needed. Find out where the issues are coming from, how they are being actioned, and finally, how they are being reported to get a great overview of GRC at the company. How does the customer benefit? Identified issues are managed and mitigated into a more secure environment. They'll have stronger, quicker reactions to emerging risks.

As you get customers talking about how they managed their issues, you'll quickly find that this opens the door to discovering other areas of opportunity. The Issues Management Use Case is the starting point for so many customers, however, it's never the last step. Thank you.

Video Details

Duration: 3 minutes and 19 seconds
Language: English
License: All rights reserved
Genre: None
Views: 12
Posted by: william.duncan on Feb 6, 2018

Selling Issues Management

Caption and Translate

    Sign In/Register for Dotsub to translate this video.