Archer Third-Party Risk Management Release Notes

January 8, 2026

This release provides updates and fixes to the Third-Party Risk Management solution.

What's New?

Third Party Workspace

  • Added a link to the Issues Management Dashboard

Engagements

  • Updated the workflow to include the Create Documents data feed node. It creates third-party documentation requests based on the selected files needed in the due diligence checklist

Third Party Documents

  • Updated the Third Party Contact field to have more fields in the lookup reference to better identify the right contact

Contracts

  • Added the ability to mark child and parent contracts

September 2025

First official release of the consolidated version of third-party risk management.

This release streamlines third-party risk management by aligning engagements to a simplified, stage-based workflow that follows industry best practices—inherent risk, due diligence, and ongoing monitoring. Contracts have been restructured to emphasize the lifecycle and workflow of the contract itself, rather than static clause assessments, enabling a more dynamic and practical approach to vendor oversight. Redundant applications have been removed, with third-party metrics now consolidated into the core metrics framework to ensure consistency and reduce end-user confusion. Key enhancements to vendor collaboration include the ability to request documents directly through Engage for Vendor, as well as pre-configured Engage integrations for due diligence questionnaires and document requests—removing the need for manual setup after deployment. Additional improvements include tighter integration with Enterprise Risk Management through engagement-to-risk/control mapping, and a redesigned supplier request form that introduces a simpler risk assessment and eliminates unnecessary fields

What's New?

Third Party Profile

  • Created new roles aligned with new design principles

  • Streamlined layout and workflow

    • Removed the levels, to accommodate the subcontractor application created awhile back. Now the only level is the third party profile, and we removed the redundant subcontractor level.

    • Made the status calculated based on the status of the engagements

    • Added and removed several fields and sections based on user feedback

    • Added in-app instructions

    • Streamlined stakeholders to include two types, the TPRM analyst and the relationship owner

    • Consolidated the tabs to match other library applications. Tabs now focus on business context, risk management, compliance, resilience, and ongoing monitoring.

    • Removed extraneous assessments out of the core solution (Can be added through app-packs)

    • Simplified general instructions to track the specific required fields

    • Updated calculated fields to aggregate data from third parties

  • Created new reports and dashboards

  • Fixed and updated several calculated fields

  • Updated inherited and default record permissions to reflect new groups and cross references

  • Updated history log to include relevant fields and set retention period to 90 days

  • Update fields to be inline edit

  • Updated cross references grids to show appropriate values

Engagements

  • Created new roles aligned with new design principles

  • Streamlined layout and workflow

    • Made the status calculated based on the stage of the engagements, and fixed the calculation for reassessing (reassessing keeps in the “Active” status)

    • Added and removed several fields and sections based on user feedback

    • Added in-app instructions for each stage

    • Made a stage based workflow with the workflow tracker to match TPRM best practices

      • Identification

      • Inherent Risk

      • Due Diligence

      • Onboarding

      • Active

    • Organized the stages through tabs to make workflow and finding data easier

    • Greatly streamlined inherent risk assessment by creating an internal questionnaire which can be sent to the relationship owner. Removed the “Tabs within Tab” layout, and replaced with a repeatable questionnaire that can be sent out each time there is a reevaluation of the vendor

    • Created new risk rollup fields to match the newly created “Inherent Risk Questionnaire”

    • Repurposed the “Engagement Type” application to a “Due Diligence Checklist” which enables users to define what they need to collect from the vendor based on their inherent risk. This will trigger a data feed to automatically create records for each document needed during due diligence

    • Renamed "Engagement Risk Assessment” to Due Diligence Questionnaire to clarify the purpose and match client expectations.

    • Added a link to ERM risks by allowing third party teams to identify unique risks, as well as compensating controls that they plan to carry out in the case of deficiencies by the vendor

    • Removed the need for third party metrics and replaced the app with the metrics app from key indicator management, which is becoming a core application for all use cases

    • Created a “Lifecycle Management” tab to house all onboarding information and contracts. It can also handle terminations, which is now built into the flow.

    • Simplified general instructions to track the specific required fields

    • Updated calculated fields to aggregate data from third parties

  • Created new reports and dashboards

  • Fixed and updated several calculated fields

  • Updated inherited and default record permissions to reflect new groups and cross references

  • Updated history log to include relevant fields and set retention period to 90 days

  • Update fields to be inline edit

  • Updated cross references grids to show appropriate values

Subcontractors

  • Created new roles aligned with new design principles

  • Streamlined layout and workflow

    • Added and removed several fields and sections based on user feedback

    • Added in-app instructions

    • Added notifications sent from archer on launch for messages

  • Created new reports and dashboards

  • Fixed and updated several calculated fields

  • Updated inherited and default record permissions to reflect new groups and cross references

  • Updated history log to include relevant fields and set retention period to 90 days

  • Update fields to be inline edit

  • Updated cross references grids to show appropriate values

Third Party Document Repository

  • Created new roles aligned with new design principles

  • Streamlined layout and workflow

    • Made the status calculated based on the stage of the engagements, and fixed the calculation for reassessing (reassessing keeps in the “Active” status)

    • Added and removed several fields and sections based on user feedback

    • Added in-app instructions for each stage

    • Added ability to either attach a file or link to a file repository (Sharepoint, Onedrive, drive, etc.)

    • Updated expiration logic to alert the user if a document is expired

    • Simplified the request process to make it faster to get tasks out to vendors

    • Built in new “Engage” fields and set up engage for vendors out of the box

    • Dynamic workflow allows for users to either document (attach) files they have already received, or to send an Archer Engage request.

    • Updated workflow to handle review and approval, and works with engage submissions through an evaluate content node

    • Updated notifications for internal and external users

  • Created new reports and dashboards

  • Fixed and updated several calculated fields

  • Updated inherited and default record permissions to reflect new groups and cross references

  • Updated history log to include relevant fields and set retention period to 90 days

  • Update fields to be inline edit

  • Updated cross references grids to show appropriate values

Contracts

  • Created new roles aligned with new design principles

  • Streamlined layout and workflow

    • Added and removed several fields and sections based on user feedback

    • Added in-app instructions for each stage

    • Added ability to either attach a file or link to a file repository (SharePoint, OneDrive, drive, etc.)

    • Updated expiration logic to alert the user if a contract is expired

    • Added ability to flag contracts as “Auto-Renew”

    • Updated workflow to handle review and approval, with workflow tracker

    • Simplified general instructions to track the specific required fields

    • Updated calculated fields to work

    • Removed contract risk assessment

  • Created new reports and dashboards

  • Fixed and updated several calculated fields

  • Updated inherited and default record permissions to reflect new groups and cross references

  • Updated history log to include relevant fields and set retention period to 90 days

  • Update fields to be inline edit

  • Updated cross references grids to show appropriate values

Supplier Request Form

  • Created new roles aligned with new design principles

  • Streamlined layout and workflow

    • Added and removed several fields and sections based on user feedback

    • Added in-app instructions for each stage

    • Updated workflow, with workflow tracker

    • Greatly simplified the form for “New Requests”, only showing the business user what they need to submit a request, then the form expands intelligently based on the stage

    • Added decision workflow, with notifications alerting the user of the notification

    • Updated general risk assessment

    • Removed old process to identify third parties, which enabled end users to modify the third-party profile. Now we have a descriptive question asking about potential vendors, so the TPRM team maintains control over the third-party inventory

    • Updated notifications for internal and external users

  • Created new reports and dashboards

  • Fixed and updated several calculated fields

  • Updated inherited and default record permissions to reflect new groups and cross references

  • Updated history log to include relevant fields and set retention period to 90 days

  • Update fields to be inline edit

  • Updated cross references grids to show appropriate values

Due Diligence Checklist

  • Created new roles aligned with new design principles

  • Streamlined layout

    • Added and removed several fields and sections based on user feedback

    • Added in-app instructions

    • Expanded use from just insurance to all document types

    • Updated layout to only showcase four fields: name, description, if the engagement will need a DDQ, and a list of all document needed in this engagement

    • Made the engagement type reusable, or specific to one engagement

    • Made it work with a data feed that will auto create third party document record for each value selected in the list of documents needed

  • Created new reports and dashboards

  • Fixed and updated several calculated fields

  • Updated inherited and default record permissions to reflect new groups and cross references

  • Updated history log to include relevant fields and set retention period to 90 days

  • Update fields to be inline edit

TPRM - Inherent Risk questionnaire

  • Created a new questionnaire to simplify the reassessment and reportability of changes in inherent risk of engagements

  • Created new roles aligned with new design principles

  • Created layout and workflow

    • Added in-app instructions for each stage

    • Added workflow, with workflow tracker

    • Updated notifications for internal and external users

  • Created new reports and dashboards

  • Set inherited and default record permissions to reflect new groups and cross references

  • Updated history log to include relevant fields and set retention period to 90 days

Due Diligence questionnaire

  • Created new roles aligned with new design principles

  • Streamlined layout and workflow

    • Added and removed several fields and sections based on user feedback

    • Added in-app instructions for each stage

    • Updated to work OOTB with engage, by adding engage specific fields, and updated the Engage tab in application builder with the right details

    • Added workflow with workflow tracker that watches for engage submissions

    • Updated notifications for internal and external users

  • Created new reports and dashboards

  • Fixed and updated several calculated fields

  • Updated inherited and default record permissions to reflect new groups and cross references

  • Updated history log to include relevant fields and set retention period to 90 days

  • Update fields to be inline edit

  • Updated cross references grids to show appropriate values