Data Governance

Archer Data Governance is designed to provide a framework to help organizations identify, manage, and implement appropriate controls around personal data processing activities. Archer Data Governance helps empower organizations to maintain an accurate inventory of processing activities, establish and apply documented controls around the usage of PII, and manage data retention requirements. Ensuring the accuracy, completeness, confidentiality, and transparency of PII and regularly assessing the data protection risks associated with its usage are also core tenets of the GDPR accountability principles.

For the key features and benefits of this use case, see the Data Sheet on the Archer Community: https://community.rsa.com/docs/DOC-40093

How Data Governance fits into a risk and compliance program

Data Governance is a use case in the Regulatory & Corporate Compliance Management solution area. The following sections describe the use cases that Data Governance requires as a prerequisite, which use cases you can upgrade to as your privacy program matures, and which use cases in other solution areas you can integrate for additional business context and functionality.

Prerequisite and next use cases

The following table shows how this use case fits into the overall Regulatory & Corporate Compliance Management solution area.

Issues Management Establish your business hierarchy Consolidate and coordinate findings and remediation plans from your data privacy program Manage exceptions with appropriate risk sign-off acceptance. Third Party Catalog Document your third parties, subsidiaries, and sub-subsidiaries Create third party engagements Document third party contracts	Data Governance Inventory your assets Assess processes to determine data controllers, data processors and data maps Track data retention schedules Maintain data notice and consent statements Identify data and asset owners	Privacy Program Management Assess processing activity risks through privacy impact assessments Assess high-risk processing activities through data protection projects and impact assessments Manage communications with regulators

Related use cases in other solution areas

The following table shows the use cases in other solution areas you can integrate for additional business context and functionality.
Use Case (Solution Area)	Primary Purpose(s) of the Relationship
Policy Program Management (Regulatory & Corporate Compliance Management) or IT & Security Policy Program Management (IT & Security Risk Management)	The Policies application enables your organization to tag applicable policies for tracking identified safeguards and corporate policies against processing activities. The Authoritative Sources application enables your organization to tag control procedures and control standards with the applicable sections of privacy regulations to show compliance.
Cyber Incident & Breach Response (IT & Security Risk Management)	The Data Breaches application allows your Privacy and Legal teams to have insight into breaches of personal or sensitive data that may need to be escalated to a regulator. Additionally, the entire Cyber Incident & Breach Response use case can help your organization understand, track, and manage security incidents and data breaches, especially as they relate to sensitive and personal data.
Third Party Engagement (Third Party Governance) or Third Party Governance (Third Party Governance)	These use cases can help your organizations manage your third party engagements and risk exposure. Managing a third party program is extremely important in protecting data and ensuring compliance with data privacy mandates.
IT Controls Assurance (IT & Security Risk Management)	This use case can help your organization assure compliance of the various safeguards identified within the Data Governance and Privacy Program Management use cases.
Top-Down Risk Assessment (Enterprise & Operational Risk Management)	This use case can help your organization understand the risks facing your privacy program and manage them appropriately.

Additional resources

The following resources are also available for this use case:

Get started