Archer Request and Response Tracker

Organizations are often inundated with requests for information. These requests can come from within the organization or external to the organization from their clients, third parties, vendors, and so on.  When the organization receives the request, it gathers the responses and returns them to the Requestor. For most organizations, this is a manual process and results in longer cycle times and outdated reports. The requests are often repeated and require the same response. Responses are required from multiple departments within the organization, making it difficult to track these requests and ownership of these responses resulting in information silos.  

The Archer Request and Response Tracker helps you document these requests and responses back to the Requestor. Requests are easily imported into Archer and assigned to owners to provide responses and supporting evidence.  Preapproved responses help minimize the cycle time of requests. Once responses are provided, the requests are easily exported and sent back to the Requestor.

On this page

Release notes

Archer Version

Published Date

Notes

6.8

August 2020

Initial Release

6.12

May 2023

Recertification

Overview of Archer Request and Response Tracker

Key features and benefits

The Archer Request and Response Tracker offering enables organizations to:

  • Document and track requests for information, proposals, and so on.

  • Import requests and assign ownership for response.

  • Document and manage responses and supporting evidence. 

  • Create and maintain a library for preapproved responses.

  • Export responses using mail merge template.

Benefits include:

  • Consistent and repeatable process for managing and tracking requests for information.

  • Ensure accountability and timeliness for responses through workflow automation.

  • Minimize information silos within the organization.

  • Reduce cycle time for responding to requests.

Prerequisites (ODA and system requirements)

Components

Prerequisites

Archer Requirements

Archer 6.12 and later

Requires On-Demand License

Yes. The Archer Request and Response Tracker App-Pack requires two (2) On-Demand Applications license.

Archer Applications

  • Request Management

  • Requirements Management

Compatible use cases and applications

Related applications

Application

Use Case

Primary Purpose(s) of the Relationship

Business Unit

 

Archer Issues Management, Archer Business Impact Analysis, Archer Third Party Catalog, Archer Policy Program Management, Archer Cyber Incident & Breach Response, Archer Key Indicator Management, Archer IT Asset Catalog, Archer Business Asset Catalog, Archer Federal Assessments & Authorizations, Archer Federal Continuous Monitoring

  • To relate Business Units that are impacted by the Request

Business Processes

Archer Audit Engagements & Workpapers, Archer Business Impact Analysis, Archer IT Risk Management, Archer Controls Assurance Program Management, Archer Data Governance, Archer Top-Down Assessment, Archer Policy Program Management, Archer IT Controls Assurance, Archer Business Asset Catalog, Archer Bottom-Up Risk Assessment, Archer Federal Assessments & Authorizations, Archer Federal Continuous Monitoring.

  • To relate Business Processes that are impacted by the Request

Applications

Archer Audit Engagements and Workpapers, Archer Business Continuity and IT Disaster Recovery Planning, Archer Third Party Governance, Archer IT Asset Catalog, Archer IT Controls Assurance, Archer IT Security Vulnerabilities Program, Archer IT Risk Management, Archer Cyber Incident & Breach Response, Archer Data Governance, Archer PCI Management, Archer Information Security Management System, Archer Operational Risk Management, Archer Federal Continuous Monitoring

  • To relate Applications that are impacted by the Request

Devices

Archer Audit Engagements and Workpapers, Archer Business Continuity and IT Disaster Recovery Planning, Archer Third Party Governance, Archer IT Asset Catalog, Archer IT Controls Assurance, Archer IT Security Vulnerabilities Program, Archer IT Risk Management, Archer Cyber Incident & Breach Response, Archer PCI Management, Archer Information Security Management System, Archer Data Governance, Archer Federal Continuous Monitoring

  • To relate Devices that are impacted by the Request

Products and Services

Archer Business Continuity and IT Disaster Recovery Planning, Archer Third Party Risk Management, Archer Cyber Incident and Breach Response, Archer Controls Monitoring Program Management, Archer Business Asset Catalog, Archer Controls Monitoring Program Management, Archer Bottom-Up Risk Assessment

  • To relate Products and Services that are impacted by the Request

Third Party Engagements

Archer Third Party Catalog, Archer Third Party Risk Management, Archer Third Party Engagement

  • To relate Engagements to the Response

Contracts

Archer Third Party Catalog

  • To relate Contracts to the Response

Control Procedures

Archer IT Controls Assurance, Archer Information Security Management System, Archer PCI Management, Archer IT Risk Management, Archer Controls Assurance Program Management, Archer Data Governance, Archer Top-Down Assessment, Archer Federal Assessments & Authorization

  • To relate impacted/in place Control Procedures to Response

Policies

Archer Policy Program Management

  • To relate Policies to the Response

Document Repository

Archer Documentation Request Tracking

  • To relate Document Repository to the Response

Evidence Repository

Archer IT Controls Assurance, Archer Controls Assurance Program Management

  • To relate Evidence Repository to the Response

Findings

Archer Issues Management

  • To relate Findings to the Response

Remediation Plans

Archer Issues Management

  • To relate Remediation Plans to the Response

Exceptions Requests

Archer Issues Management

  • To relate Exceptions Requests to the Response

Archer Request and Response Tracker components

Architecture diagram

Swim lane diagram

Applications

Application

Description

Request Management

The Request Management application captures the request, stakeholders, and status of the request and responses.

Requirements Management

The Requirements Management application captures the requirements, ownership and responses. It also contains the list of approved standard responses and their approval for use.

Personas and access roles

Function

Description

How many (per Information System)?

Optional / Required

 

Request Manager

Responsible for managing the request and assigning ownership to requests for information, gathering responses in a timely manner, and submitting requests back to the Requestor. They can also approve requests for standard responses.  Could be someone from Legal, Procurement, or a Business Manager.

One

 

Required

Response Owner

Responsible for providing responses to the request and submitting requests to standardize responses. This can be anyone from the organization that can provide the responses for requests.

Many

Required

Response Approver

Responsible for approval of standard responses and/or responses. This can be the Request Manager or someone with similar authority over the response.

One

Optional

Applications

Request Manager

Response Owner

Response Approver

Request Management

CRU*

R

RU*

Requirements Management

CRU*

CRU*

RU*

Business Units

R

R

R

Business Processes

R

R

R

Applications 

R

R

R

Devices

R

R

R

Products and Services

R

R

R

Engagements

R

R

R

Contracts

R

R

R

Control Procedures

R

R

R

Policies

R

R

R

Evidence Repository

R

R

R

Document Repository

R

R

R

Findings

R

R

R

Remediation Plans

R

R

R

Exceptions Requests

R

R

R

C = Create, R = Read, U = Update, D = Delete, * Indicates Record Permissions

Note: It is recommended that you assign members of the Request Manager, Response Owner, and Response Approver groups to the EM: Read Only and TM: Read Only groups under Enterprise Management and Third Party Risk Management to allow selection of Business Unit, Business Processes, Applications, Devices, Third Party Engagements, Products and Services, and so on.

Installing Archer Request and Response Tracker

Installation overview

Complete the following tasks to install the offering.

Task 1: Prepare for the installation

  1. Ensure that your Archer system meets the following requirements:

    • Archer Platform version 6.12

  2. Download the ODA install package from: https://www.archerirm.communty/s/exchange-downloads/archer-request-amp-response-tracker-app-pack-6-8-installation/ta-p/569148

  3. Read and understand the "Packaging Data" section of Archer Help.

Task 2: Install the package

Installing a package requires that you import the package file, map the objects in the package to objects in the target instance, and then install the package. See Installing the Application Package for complete information.

Task 3: Test the installation

Test the application according to your company standards and procedures, to ensure that the use case works with your existing processes.

Installing the package

Task 1: Back up your database

There is no Undo function for a package installation. Packaging is a powerful feature that can make significant changes to an instance. Archer strongly recommends backing up the instance database before installing a package. This process enables a full restoration if necessary.

An alternate method for undoing a package installation is to create a package of the affected objects in the target instance before installing the new package. This package provides a snapshot of the instance before the new package is installed, which can be used to help undo the changes made by the package installation. New objects created by the package installation must be manually deleted.

Task 2: Import the package

  1. Go to the Install Packages page.

    1. From the menu bar, click Admin menu.

    2. Under Application Builder, click Install Packages.

  2. In the Available Packages section, click Import.

  3. Click Add New, then locate and select the package file that you want to import.

  4. Click OK.

The package file is displayed in the Available Packages section and is ready for installation.

Task 3: Map objects in the package

  1. From the menu bar, click Admin menu > Application Builder > Install Packages.

  2. In the Available Packages section, locate the package you want to map.
  3. In the Actions column, click Map package for that package.

    The analyzer examines the information in the package. The analyzer automatically matches the system IDs of the objects in the package with the objects in the target instance and identifies objects from the package that are successfully mapped to objects in the target instance, objects that are new or exist but are not mapped, and objects that do not exist (the object is in the target but not in the source).

    When the analyzer is complete, the Advanced Package Mapping page lists the objects in the package file and corresponding objects in the target instance.

  4. On the Advanced Mapping page, click to open each category and review the icons next to each object to determine which objects you must map manually.
    The following table describes the icons.

    Icon

    Name

    Description

    Awaiting mapping review

    Awaiting Mapping Review

    Indicates that the system could not automatically match the object or one of its children to a corresponding object in the target instance.

    Objects marked with this icon must be mapped manually.

    New objects should not be mapped. Select Do Not Map from the drop-down menu to clear this icon for an individual object, or click Do Not Map to clear the icon for all unmapped objects.

    Mapping completed

    Mapping Completed

    Indicates that the object and all children are mapped to objects in the target instance, or that they have been marked as Do Not Map. Nothing more needs to be done with these objects in Advanced Package Mapping.

    Note: You can run the mapping process without mapping all objects. The Awaiting mapping review icon is for informational purposes only.

  5. For objects awaiting mapping review, do one of the following:
    • To map each object individually, use the drop-down menu in the Target column to select the object in the target instance to which you want to map the source object. To leave an object unmapped, select Do Not Map in the Target column.
    • To automatically map all objects in a category that have different system IDs but the same object name as an object in the target instance, click Auto Map. Select whether to ignore case and spaces when matching object names. Click OK.
    • To mark all unmapped objects as Do Not Map, click Do Not Map.

  6. (Optional) Click Filter to enable filter fields that you can use to find specific objects in each mapping category. To undo your mapping selections, click Undo, then select whether to undo all mappings in the category or only the mappings on a single page. If you choose to undo all mappings, you will be returned to the categories list.

  7. (Optional) To save your mapping selections and return to the categories list without committing changes to the target instance, click Home.
  8. After you review and map all objects, click Execute.
  9. Select I understand the implications of performing this operation. Click OK.

    When the mapping is complete, the Import and Install Packages page displays.

    Important: Advanced Package Mapping modifies the system IDs in the target instance. You must update any Data Feeds and Web Service APIs that use these objects with the new system IDs.

Task 4: Install the package

All objects from the source instance are installed in the target instance unless the object can not be found or is flagged to not be installed in the target instance. A list of conditions that may cause objects not to be installed is provided in the Log Messages section. A log entry is displayed in the Package Installation Log section.

  1. Go to the Install Packages page.

    1. From the menu bar, click Admin menu.

    2. Under Application Builder, click Install Packages.

  2. In the Available Packages section, locate the package file that you want to install, and click Install.

  3. In the Configuration section, select the components of the package that you want to install.

    • To select all components, select the top-level checkbox.

    • To install only specific global reports in an already installed application, select the checkbox associated with each report that you want to install.

Note: Items in the package that do not match an existing item in the target instance are selected by default.

  1. In the Configuration section, under Install Method, select an option for each selected component. To use the same Install Method for all selected components, select a method from the top-level drop-down list.

Note: If you have any existing components that you do not want to modify, select Create New Only. You may have to modify those components after installing the package to use the changes made by the package.

  1. In the Configuration section, under Install Option, select an option for each selected component. To use the same Install Option for all selected components, select an option from the top-level drop-down list.

Note: If you have any custom fields or formatting in a component that you do not want to lose, select Do not Override Layout. You may have to modify the layout after installing the package to use the changes made by the package.

  1. To deactivate target fields and data-driven events that are not in the package, in the Post-Install Actions section, select the Deactivate target fields and data-driven events that are not in the package check box. To rename the deactivated target fields and data-driven events with a user-defined prefix, select the Apply a prefix to all deactivated objects checkbox, and enter a prefix. This can help you identify any fields or data-driven events that you may want to review for clean up post-install.

  2. Click Install.

  3. Click OK.

Task 5: Review the package installation log

  1. Go to the Package Installation Log tab of the Install Packages page.

    1. From the menu bar, click Admin menu.

    2. Under Application Builder, click Install Packages.

    3. Click the Package Installation Log tab.

  2. Click the package that you want to view.

  3. In the Package Installation Log page, in the Object Details section, click View All Warnings.

Task 6: Activate advanced workflow

  1. Go to the Applications page.

    1. From the menu bar, click Admin menu.

    2. Under Application Builder, click Applications.

  2. In the Applications section, select the Requirements Management Application.

  3. On the Advanced Workflow Tab, click ‘Activate’ in the top right corner of the page.

  4. Then click ‘Save Workflow’ in the top left corner of the page.

Using Archer Request and Response Tracker

Task 1: Create a new request

User: Request Manager

  1. Go to the Request Management record.

    1. From the menu bar, click Request and Response Tracker.

    2. Under Applications, click Request Management.

    3. Under More Options Ellipsis, click New Record.

  2. Fill in the following information in General Information section:

    1. Enter Request Name.

    2. Select Request Type for the request by clicking the down arrow next to the field and making your selection.

    3. If Request Type is External, select Request Category for the request by clicking the down arrow next to the field and making your selection.

    4. Enter the Request Description.

  3. Select user from the list in the Request Manager field by clicking Ellipsis from the Stakeholders section.

  4. (Optional) Select user from the list in the Request Approver and Watchers field by clicking Ellipsis from the Stakeholders section.

  5. Request Details Tab: Enter the contact details of the Requestor in Requestor Information section.

  6. (Optional) Scope must be defined by selecting the associated Business Units, Business Processes, Applications, Devices, Product and Services by clicking Ellipsis and selecting respective record in the Request Details tab.

  7. Select the Request Due Date, Responses Due Date and Date Issued by clicking the calendar icon next to the field.

  8. (Optional) Add attachments/documentation to the record by clicking the | Add New | button in the Supporting Documentation field.

  9. Once the record is complete, click Save in the Record Toolbar to save in record.

Task 2: Create a new requirement

Users: Request Manager

  1. Go to the Requirements Management record.

    1. From the menu bar, click Request and Response Tracker.

    2. Under Applications, click Requirements Management.

    3. Under More Options Ellipsis, click New Record.

  2. Fill in the following information in General Information section:

    1. Enter Requirement Title, Requirement Number and Requirement Header.

    2. Select Requirement Category by clicking Ellipsis and making your selection.

    3. Enter the Requirement Description.

    4. Select the Requested Date and Expiration Date by clicking the calendar icon next to the field.

  3. Select user from the list in the Requestor field by clicking Ellipsis from the Stakeholders section.

  4. (Optional) Select user from the list in the Response Owner, Response Approver and Watchers field by clicking Ellipsis from the Stakeholders section.

  5. If available, select the applicable response from Standard Response field by clicking on | Lookup | button in Response Details tab.

  6. Select Response Status by clicking the down arrow next to the field and making your selection.

  7. Click Save in the Record Toolbar.

Task 3 (optional): Import the content into requirements management

User: Request Manager

Note: A data import template “Requirements_Template.csv” is included in the Archer Request and Response Tracker package. The user must fill the data in the respective column of the spreadsheet in order to complete the data import.

  1. Go to the Requirements Management record.

    1. From the menu bar, click Request and Response Tracker.

    2. Under Applications, click Requirements Management.

    3. Under More Options, click Import.

  2. Browse the data import file “Requirements_Template.csv”

  3. Select Send Notifications in the Advanced Options section.

  4. Click Next.

  5. Choose Import type as “Create New Records” in the General Information section.

  6. Verify the Import Field Mapping.

  7. Click Next.

  8. Click Import.

Task 4: Request a response

User: Request Manager

  1. Go to the Requirements Management record.

    1. From the menu bar, click Request and Response Tracker.

    2. Under Applications, click Requirements Management.

  2. Select the record where Response Type is ‘Non-Standard’ and in ‘Not Started’ Overall Status.

  3. Click Edit in the top of the record.

  4. Select user from the list in the Response Owner field by clicking Ellipsis from the Stakeholders section.

  5. Click Save in the Record Toolbar. After saving the record, Response Owner receives a notification to provide Response.

Task 5: Submit response

User: Response Owner

  1. Select the Requirements record you want to provide response.

  2. Click Edit in the top of the record.

  3. Navigate to the Response Details tab.

  4. Enter Response Description.

  5. Add attachments/documentation to the record by clicking the | Add New | button in the Response Documents field.

  6. (Optional) Select the applicable document from Document Repository field by clicking on | Lookup | button in Response section.

  7. (Optional) Select associated Policies, Control Procedures, Evidence Repository, Contracts, and Engagements by clicking Ellipsis  and selecting respective record in the Related Records tab.

  8. (Optional) Select associated Findings, Remediation Plans and Exception Requests by clicking Ellipsis  and selecting respective record in the Related Records tab.

  9. (Optional) Add Comments to the record by clicking the | Add New | button in the Comments section.

  10. Once the response is complete, select ‘Submitted’ in the Response Status field value.

  11. Click Save in the Record Toolbar.

Task 6: Request a standard response

User: Request Manager/Response Owner

  1. Repeat Steps 1 to 3 from Task 2.

  2. Select user from the list in the Response Owner field by clicking Ellipsis from the Stakeholders section.

  3. Click on Request Standard Response button in the top left of the screen.

Task 7: Submit standard response

User: Response Owner

  1. Select the Requirements record you want to provide response by clicking the Requirement Title under the Tasks section on your Task landing screen.

  2. Click Edit in the top of the record.

  3. Select user from the list in the Response Approver field by clicking Ellipsis from the Stakeholders section.

  4. Navigate to the Response Details tab.

  5. Enter Response Description.

  6. Add attachments/documentation to the record by clicking the | Add New | button in the Response Documents field.

  7. (Optional) Select the applicable document from Document Repository field by clicking on | Lookup | button in Response section.

  8. (Optional) Select associated Policies, Control Procedures, Evidence Repository, Contracts, and Engagements by clicking Ellipsisand selecting respective record in the Related Records tab.

  9. (Optional) Select associated Findings, Remediation Plans and Exception Requests by clickingEllipsisand selecting respective record in the Related Records tab.

  10. (Optional) Add Comments to the record by clicking the | Add New | button in the Comments section.

  11. Click Submit Response from the Actions dropdown at the top left of the screen.

Task 8: Approve standard response

User: Response Approver

  1. Select the Requirements record you want to review by clicking the Requirement Title under the Tasks section on your Task landing screen.

  2. Click Edit in the top of the record.

  3. Navigate to the Response Details tab.

  4. To Approve the response

    1. Review the information in the Response Details and Related Record tab.

    2. Click on Approve from the Actions dropdown at the top left of the screen.

  5. To request additional information from the Response Owner:

    1. Document the additional information requested in the Comments field.

    2. Click on Request Additional Information from the Actions dropdown at the top left of the screen.

  6. To Reject the response:

    1. Document the reason for rejecting the response in the Comments field.

    2. Click Reject from the Actions dropdown at the top left of the screen.

Task 9: Archive standard response

User: Response Owner

  1. Go to the Requirements Management record.

    1. From the menu bar, click Request and Response Tracker.

    2. Under Applications, click Requirements Management.

  2. Select the record where Response Type is ‘Standard’ and in ‘Completed’ Overall Status.

  3. Click Edit in the top of the record.

  4. Navigate to the Archive Response tab.

  5. Select ‘Yes’ in the Archive Standard Response? field value.

  6. Enter the details in Reason for Archive field.

  7. Click Save in the Record Toolbar.

Task 10: Complete request

Users: Request Manager

  1. Go to the Request Management record.

    1. From the menu bar, click Request and Response Tracker.

    2. Under Applications, click Request Management.

  2. Select the record in ‘In Progress’ status.

  3. Click Edit in the top of the record.

  4. Navigate to the Requirements Management tab and Enable Inline Edit.

  5. Inline Edit: Select Requirement Category field values by clickingEllipsismaking your selection in Requirements Management section.

  6. Inline Edit: Select Standard Response from the Lookup by clicking Ellipsisin the Requirements Management section.

  7. Inline Edit: Select Response Status field values by clicking the down arrow next to the field and making your selection in Requirements Management section.

  8. Click on Save Changes button at the top of the page or Save button at the end of the row in Requirements Management section.

  9. Click Save in the Record Toolbar to save in Request Management record. ​Count of total requirements, completed and remaining requirements values will be populated in Requirement Summary section.

  10. Make sure all Overall Status is Complete in the Requirements Management section.

  11. Select ‘Yes’ in the Request Completed? field value in Requirement Summary section.

  12. Enter the details in Final Outcome field.

  13. Click Save in the Record Toolbar.

Task 11: Export mail merge document

User: Request Manager

  1. Go to the Request Management record.

    1. From the menu bar, click Request and Response Tracker.

    2. Under Applications, click Request Management.

  2. Select the record you want to export.

  3. Click Export.

  4. Select ‘Request Management: Mail Merge Template’.

    Important: If a security message displays when you attempt to download the file, change your browser security settings to allow downloads and pop-ups for Archer. If you are using Microsoft Internet Explorer, add Archer to the Local intranet zone.

  5. Click the Click here button to access the exported file.

  6. Click Open to open the exported file.

  7. Close the Export Complete message.

  8. Close the Export Options dialog box.

Certification environment

Date tested: May 2023

Product Name

Version Information

Operating System

Archer

6.12

Windows Server 2012