PCI Management

Archer PCI Management enables organizations to streamline the compliance process, simplify stakeholder participation, and reduce overall compliance effort and cost. It allows organizations to jumpstart a PCI compliance program by conducting continuous assessments and providing visibility for managing and mitigating risk. Archer PCI Management guides merchants through the completion of relevant self-assessment questionnaires (SAQs). It also provides packaging and export of compliance program results and attestation articles in a properly formatted PCI Report on Compliance (ROC) for easy submission and review.

For the key features and benefits of this use case, see the Data Sheet on the Archer Community: https://community.rsa.com/docs/DOC-40093

Archer PCI Management is a use case in the IT & Security Risk Management solution area. The following sections describe the use cases that PCI Management requires as a prerequisite, which use cases you can upgrade to as your program matures, and which use cases in other solution areas you can integrate for additional business context and functionality.

Prerequisite and next use cases

This following table shows how this use case fits into the overall IT & Security Risk Management solution area.
Prereq, current, next use cases

Issues Management

PCI Management

IT Risk
  • Establish your Business Hierarchy.
  • Facilitate findings and remediation workflows.
  • Govern policies and supply PCI authoritative source content, Control Standards guidance, and related mappings.

IT & Security Policy Program Management

  • Decrease time required to research and identify key control requirements.
  • Ability to link regulatory requirements to internal controls.
  • Provides governance framework and taxonomy.
  • Cardholder Data Environment management workflows.
  • Complete content library to facilitate assessments.
  • Manage findings and remediations.
  • PCI DSS compliance.
  • Pre-built risk and threat assessments to manage risk assessment processes.
  • Improve visibility and reporting of IT risk throughout the enterprise.

IT Controls Assurance

  • Consolidate issues management process.
  • Centralize tracking of gaps and remediation activities for compliance issues.

Related use cases in other solution areas

The following table shows additional features that are available if you have the specified use cases licensed.

Application

Use Cases

Primary Purpose(s) of the Relationship

Third Party Profile

Third Party Catalog

Links the Third Party Profile application to the CDE Scope application to enable users to identify third parties that may be processing cardholder data.

Evidence Repository

IT Controls Assurance

Controls Assurance Program Management

Links the Evidence Repository application to the Master Controls and Control Procedures applications to enable users to track evidence collection for controls they want to continuously monitor.

Additional resources

The following additional resources are available for this use case:

The following resources are also available for the IT & Security Risk Management solution area:

Get started