Information Security Management System

Archer Information Security Management System (ISMS) allows you to quickly scope your information security management system (ISMS) and document your Statement of Applicability for reporting and certification. You can also catalog individual resources related to your ISMS, including information assets, applications, business processes, devices, and facilities, and document and maintain related policies, standards, and risks. This centralized view of your ISMS makes it easier to understand asset relationships and manage changes to the infrastructure. Issues identified during assessments can be centrally tracked to ensure remediation efforts for gaps are consistently documented and monitored and effectively addressed.

For further overview, see the Data Sheet on Archer Community.

For the key features and benefits of this use case, see the Data Sheet on the Archer Community: https://community.rsa.com/docs/DOC-40093

Information Security Management System (ISMS) is a use case in the IT & Security Risk Management solution area. The following sections describe the use cases that ISMS requires as a prerequisite, which use cases you can upgrade to as your program matures, and which use cases in other solution areas you can integrate for additional business context and functionality.

The following table shows how this use case fits into the overall IT & Security Risk Management solution area.
Prereq, current, next use cases

Issues Management

  • Establish your business hierarchy
  • Facilitate findings and remediation workflows
  • Govern policies and supply PCI authoritative source content, Control Standards guidance, and related mappings

Policy Program Management

  • Reduce time and effort required to create, modify and manage policies

  • Reduce time required to research and identify key control requirements

  • Manage exceptions and governance through appropriate risk acceptance and sign-off

Information Security Management System

  • Document and monitor relevant risks

  • Document and track your ISMS

  • Report on overall state of your ISMS and streamline reporting

  • Implement policies and standards to ensure remediation of issues

PCI Management

  • Complete end-to-end visibility across all PCI-relevant business process risk and compliance activities
  • Reduce time spent researching requirements and chasing stakeholder responses and evidence
  • Increase control testing accuracy, completeness, and reporting coverage
  • Enhance issues tracking, with all issues automatically consolidating into a combined view

Additional resources

The following additional resources are available for this use case:

The following resources are also available for the IT & Security Risk Management solution area:

Get started