Archer Request and Response Tracker

With the Archer Request and Response Tracker, users can import and track information requests, assign owners to provide responses and supporting evidence, and leverage a library of preapproved responses to reduce cycle time. Completed responses can be easily reviewed, approved, and exported using mail merge templates, allowing teams to deliver accurate, consistent, and timely responses back to requestors while maintaining a complete audit trail.

Archer Exchange: With the Archer Exchange, the Archer team has created a broad selection of supplemental, value-added offerings to help you get your unique risk management program on the right path, right from the start. You can leverage the Archer Exchange offerings to expand the use of Archer solutions into new business processes and address specific industry, geographic, regulatory, or technical requirements.

On this page

Release notes

Release Date

Release Version

Notes

May 2023

6.12

Recertification

August 2020

6.8

Initial Release

Overview

Organizations often face a high volume of information requests from internal teams, clients, vendors, and third parties. Managing these requests manually can lead to long response times, inconsistent or outdated information, duplicated effort, and limited visibility into ownership and status. When multiple departments are involved, information silos and tracking challenges become even more pronounced.The Archer Request and Response Tracker centralizes and automates the request and response lifecycle. It enables organizations to document requests, assign response ownership, manage approvals, and reuse preapproved content—all from a single, streamlined hub. By standardizing how requests are handled, organizations can respond faster, maintain consistency, and improve collaboration across teams.

  Key features and benefits

Archer Request and Response Tracker enables organizations to:

  • Document and track requests for information, proposals, and so on.

  • Import requests and assign ownership for response.

  • Document and manage responses and supporting evidence. 

  • Create and maintain a library for preapproved responses.

  • Export responses using mail merge template.

Benefits include:

  • Consistent and repeatable process for managing and tracking requests for information.

  • Ensure accountability and timeliness for responses through workflow automation.

  • Minimize information silos within the organization.

  • Reduce cycle time for responding to requests.

User guide

User: Request Manager

  1. Go to the Request Management record.

    1. From the menu bar, click Request and Response Tracker.

    2. Under Applications, click Request Management.

    3. Under More Options Ellipsis, click New Record.

  2. Fill in the following information in General Information section:

    1. Enter Request Name.

    2. Select Request Type for the request by clicking the down arrow next to the field and making your selection.

    3. If Request Type is External, select Request Category for the request by clicking the down arrow next to the field and making your selection.

    4. Enter the Request Description.

  3. Select user from the list in the Request Manager field by clicking Ellipsis from the Stakeholders section.

  4. (Optional) Select user from the list in the Request Approver and Watchers field by clicking Ellipsis from the Stakeholders section.

  5. Request Details Tab: Enter the contact details of the Requestor in Requestor Information section.

  6. (Optional) Scope must be defined by selecting the associated Business Units, Business Processes, Applications, Devices, Product and Services by clicking Ellipsis and selecting respective record in the Request Details tab.

  7. Select the Request Due Date, Responses Due Date and Date Issued by clicking the calendar icon next to the field.

  8. (Optional) Add attachments/documentation to the record by clicking the | Add New | button in the Supporting Documentation field.

  9. Once the record is complete, click Save in the Record Toolbar to save in record.

Users: Request Manager

  1. Go to the Requirements Management record.

    1. From the menu bar, click Request and Response Tracker.

    2. Under Applications, click Requirements Management.

    3. Under More Options Ellipsis, click New Record.

  2. Fill in the following information in General Information section:

    1. Enter Requirement Title, Requirement Number and Requirement Header.

    2. Select Requirement Category by clicking Ellipsis and making your selection.

    3. Enter the Requirement Description.

    4. Select the Requested Date and Expiration Date by clicking the calendar icon next to the field.

  3. Select user from the list in the Requestor field by clicking Ellipsis from the Stakeholders section.

  4. (Optional) Select user from the list in the Response Owner, Response Approver and Watchers field by clicking Ellipsis from the Stakeholders section.

  5. If available, select the applicable response from Standard Response field by clicking on | Lookup | button in Response Details tab.

  6. Select Response Status by clicking the down arrow next to the field and making your selection.

  7. Click Save in the Record Toolbar.

User: Request Manager

Note: A data import template “Requirements_Template.csv” is included in the Archer Request and Response Tracker package. The user must fill the data in the respective column of the spreadsheet in order to complete the data import.

  1. Go to the Requirements Management record.

    1. From the menu bar, click Request and Response Tracker.

    2. Under Applications, click Requirements Management.

    3. Under More Options, click Import.

  2. Browse the data import file “Requirements_Template.csv”

  3. Select Send Notifications in the Advanced Options section.

  4. Click Next.

  5. Choose Import type as “Create New Records” in the General Information section.

  6. Verify the Import Field Mapping.

  7. Click Next.

  8. Click Import.

User: Request Manager

  1. Go to the Requirements Management record.

    1. From the menu bar, click Request and Response Tracker.

    2. Under Applications, click Requirements Management.

  2. Select the record where Response Type is ‘Non-Standard’ and in ‘Not Started’ Overall Status.

  3. Click Edit in the top of the record.

  4. Select user from the list in the Response Owner field by clicking Ellipsis from the Stakeholders section.

  5. Click Save in the Record Toolbar. After saving the record, Response Owner receives a notification to provide Response.

User: Response Owner

  1. Select the Requirements record you want to provide response.

  2. Click Edit in the top of the record.

  3. Navigate to the Response Details tab.

  4. Enter Response Description.

  5. Add attachments/documentation to the record by clicking the | Add New | button in the Response Documents field.

  6. (Optional) Select the applicable document from Document Repository field by clicking on | Lookup | button in Response section.

  7. (Optional) Select associated Policies, Control Procedures, Evidence Repository, Contracts, and Engagements by clicking Ellipsis  and selecting respective record in the Related Records tab.

  8. (Optional) Select associated Findings, Remediation Plans and Exception Requests by clicking Ellipsis  and selecting respective record in the Related Records tab.

  9. (Optional) Add Comments to the record by clicking the | Add New | button in the Comments section.

  10. Once the response is complete, select ‘Submitted’ in the Response Status field value.

  11. Click Save in the Record Toolbar.

User: Request Manager/Response Owner

  1. Repeat Steps 1 to 3 from Create a new requirement.

  2. Select user from the list in the Response Owner field by clicking Ellipsis from the Stakeholders section.

  3. Click on Request Standard Response button in the top left of the screen.

User: Response Owner

  1. Select the Requirements record you want to provide response by clicking the Requirement Title under the Tasks section on your Task landing screen.

  2. Click Edit in the top of the record.

  3. Select user from the list in the Response Approver field by clicking Ellipsis from the Stakeholders section.

  4. Navigate to the Response Details tab.

  5. Enter Response Description.

  6. Add attachments/documentation to the record by clicking the | Add New | button in the Response Documents field.

  7. (Optional) Select the applicable document from Document Repository field by clicking on | Lookup | button in Response section.

  8. (Optional) Select associated Policies, Control Procedures, Evidence Repository, Contracts, and Engagements by clicking Ellipsisand selecting respective record in the Related Records tab.

  9. (Optional) Select associated Findings, Remediation Plans and Exception Requests by clickingEllipsisand selecting respective record in the Related Records tab.

  10. (Optional) Add Comments to the record by clicking the | Add New | button in the Comments section.

  11. Click Submit Response from the Actions dropdown at the top left of the screen.

User: Response Approver

  1. Select the Requirements record you want to review by clicking the Requirement Title under the Tasks section on your Task landing screen.

  2. Click Edit in the top of the record.

  3. Navigate to the Response Details tab.

  4. To Approve the response

    1. Review the information in the Response Details and Related Record tab.

    2. Click on Approve from the Actions dropdown at the top left of the screen.

  5. To request additional information from the Response Owner:

    1. Document the additional information requested in the Comments field.

    2. Click on Request Additional Information from the Actions dropdown at the top left of the screen.

  6. To Reject the response:

    1. Document the reason for rejecting the response in the Comments field.

    2. Click Reject from the Actions dropdown at the top left of the screen.

User: Response Owner

  1. Go to the Requirements Management record.

    1. From the menu bar, click Request and Response Tracker.

    2. Under Applications, click Requirements Management.

  2. Select the record where Response Type is ‘Standard’ and in ‘Completed’ Overall Status.

  3. Click Edit in the top of the record.

  4. Navigate to the Archive Response tab.

  5. Select ‘Yes’ in the Archive Standard Response? field value.

  6. Enter the details in Reason for Archive field.

  7. Click Save in the Record Toolbar.

Users: Request Manager

  1. Go to the Request Management record.

    1. From the menu bar, click Request and Response Tracker.

    2. Under Applications, click Request Management.

  2. Select the record in ‘In Progress’ status.

  3. Click Edit in the top of the record.

  4. Navigate to the Requirements Management tab and Enable Inline Edit.

  5. Inline Edit: Select Requirement Category field values by clickingEllipsismaking your selection in Requirements Management section.

  6. Inline Edit: Select Standard Response from the Lookup by clicking Ellipsisin the Requirements Management section.

  7. Inline Edit: Select Response Status field values by clicking the down arrow next to the field and making your selection in Requirements Management section.

  8. Click on Save Changes button at the top of the page or Save button at the end of the row in Requirements Management section.

  9. Click Save in the Record Toolbar to save in Request Management record. ​Count of total requirements, completed and remaining requirements values will be populated in Requirement Summary section.

  10. Make sure all Overall Status is Complete in the Requirements Management section.

  11. Select ‘Yes’ in the Request Completed? field value in Requirement Summary section.

  12. Enter the details in Final Outcome field.

  13. Click Save in the Record Toolbar.

User: Request Manager

  1. Go to the Request Management record.

    1. From the menu bar, click Request and Response Tracker.

    2. Under Applications, click Request Management.

  2. Select the record you want to export.

  3. Click Export.

  4. Select ‘Request Management: Mail Merge Template’.

    Important: If a security message displays when you attempt to download the file, change your browser security settings to allow downloads and pop-ups for Archer. If you are using Microsoft Internet Explorer, add Archer to the Local intranet zone.

  5. Click the Click here button to access the exported file.

  6. Click Open to open the exported file.

  7. Close the Export Complete message.

  8. Close the Export Options dialog box.

Administrator guide

Prerequisites (ODA & system requirements)

Components

Prerequisites
Archer Solution Area (s) Audit Management
Archer Use Case(s) This offering does not require any prerequisite use cases.
Archer Applications This offering does not require any prerequisite applications.
Uses Custom Objects No
Requires Archer On-Demand Application (ODA) Licenses Two (2) Archer On-Demand Application licenses required
Archer licensing N/A

Archer requirements

Archer Platform Release 6.12 and later
Supported Archer Environments

  • On-Premises

  • SaaS
   
   

Compatible use cases & applications - Related applications

Application

Use xase

Primary purpose of the relationship

Business Unit

 

Archer Issues Management, Archer Business Impact Analysis, Archer Third Party Catalog, Archer Policy Program Management, Archer Cyber Incident & Breach Response, Archer Key Indicator Management, Archer IT Asset Catalog, Archer Business Asset Catalog, Archer Federal Assessments & Authorizations, Archer Federal Continuous Monitoring

  • To relate Business Units that are impacted by the Request

Business Processes

Archer Audit Engagements & Workpapers, Archer Business Impact Analysis, Archer IT Risk Management, Archer Controls Assurance Program Management, Archer Data Governance, Archer Top-Down Assessment, Archer Policy Program Management, Archer IT Controls Assurance, Archer Business Asset Catalog, Archer Bottom-Up Risk Assessment, Archer Federal Assessments & Authorizations, Archer Federal Continuous Monitoring.

  • To relate Business Processes that are impacted by the Request

Applications

Archer Audit Engagements and Workpapers, Archer Business Continuity and IT Disaster Recovery Planning, Archer Third Party Governance, Archer IT Asset Catalog, Archer IT Controls Assurance, Archer IT Security Vulnerabilities Program, Archer IT Risk Management, Archer Cyber Incident & Breach Response, Archer Data Governance, Archer PCI Management, Archer Information Security Management System, Archer Operational Risk Management, Archer Federal Continuous Monitoring

  • To relate Applications that are impacted by the Request

Devices

Archer Audit Engagements and Workpapers, Archer Business Continuity and IT Disaster Recovery Planning, Archer Third Party Governance, Archer IT Asset Catalog, Archer IT Controls Assurance, Archer IT Security Vulnerabilities Program, Archer IT Risk Management, Archer Cyber Incident & Breach Response, Archer PCI Management, Archer Information Security Management System, Archer Data Governance, Archer Federal Continuous Monitoring

  • To relate Devices that are impacted by the Request

Products and Services

Archer Business Continuity and IT Disaster Recovery Planning, Archer Third Party Risk Management, Archer Cyber Incident and Breach Response, Archer Controls Monitoring Program Management, Archer Business Asset Catalog, Archer Controls Monitoring Program Management, Archer Bottom-Up Risk Assessment

  • To relate Products and Services that are impacted by the Request

Third Party Engagements

Archer Third Party Catalog, Archer Third Party Risk Management, Archer Third Party Engagement

  • To relate Engagements to the Response

Contracts

Archer Third Party Catalog

  • To relate Contracts to the Response

Control Procedures

Archer IT Controls Assurance, Archer Information Security Management System, Archer PCI Management, Archer IT Risk Management, Archer Controls Assurance Program Management, Archer Data Governance, Archer Top-Down Assessment, Archer Federal Assessments & Authorization

  • To relate impacted/in place Control Procedures to Response

Policies

Archer Policy Program Management

  • To relate Policies to the Response

Document Repository

Archer Documentation Request Tracking

  • To relate Document Repository to the Response

Evidence Repository

Archer IT Controls Assurance, Archer Controls Assurance Program Management

  • To relate Evidence Repository to the Response

Findings

Archer Issues Management

  • To relate Findings to the Response

Remediation Plans

Archer Issues Management

  • To relate Remediation Plans to the Response

Exceptions Requests

Archer Issues Management

  • To relate Exceptions Requests to the Response

Components

Architecture diagram

Process diagram

Applications

Application

Description

Request Management

The Request Management application captures the request, stakeholders, and status of the request and responses.

Requirements Management

The Requirements Management application captures the requirements, ownership and responses. It also contains the list of approved standard responses and their approval for use.

Personas & access roles

Function

Description

How many (per Information System)?

Optional / Required

 

Request Manager

Responsible for managing the request and assigning ownership to requests for information, gathering responses in a timely manner, and submitting requests back to the Requestor. They can also approve requests for standard responses.  Could be someone from Legal, Procurement, or a Business Manager.

One

 

Required

Response Owner

Responsible for providing responses to the request and submitting requests to standardize responses. This can be anyone from the organization that can provide the responses for requests.

Many

Required

Response Approver

Responsible for approval of standard responses and/or responses. This can be the Request Manager or someone with similar authority over the response.

One

Optional

Applications

Request Manager

Response Owner

Response Approver

Request Management

CRU*

R

RU*

Requirements Management

CRU*

CRU*

RU*

Business Units

R

R

R

Business Processes

R

R

R

Applications 

R

R

R

Devices

R

R

R

Products and Services

R

R

R

Engagements

R

R

R

Contracts

R

R

R

Control Procedures

R

R

R

Policies

R

R

R

Evidence Repository

R

R

R

Document Repository

R

R

R

Findings

R

R

R

Remediation Plans

R

R

R

Exceptions Requests

R

R

R

C = Create, R = Read, U = Update, D = Delete, * Indicates Record Permissions

Note: Assign members of the Request Manager, Response Owner, and Response Approver groups to the EM: Read Only and TM: Read Only groups under Enterprise Management and Third Party Risk Management to allow selection of Business Unit, Business Processes, Applications, Devices, Third Party Engagements, Products and Services, and so on.

Install Archer Request and Response Tracker

  1. Prepare for the installation.

    1. Obtain the installation package.

    2. Read and understand the "Packaging Data" topic in the Archer Platform Help.

    3. Apply the latest license file in the Archer Control Panel.

  2. Install the package.

  3. Test the installation. Test the application according to your company standards and procedures, to ensure that the use case works with your existing processes.

Install the package

Installing a package requires that you import the package file, map the objects in the package to objects in the target instance, and then install the package.

There is no Undo function for a package installation. Packaging is a powerful feature that can make significant changes to an instance. Back up the instance database before installing a package. This process enables a full restoration if necessary.

An alternate method for undoing a package installation is to create a package of the affected objects in the target instance before installing the new package. This package provides a snapshot of the instance before the new package is installed, which can be used to help undo the changes made by the package installation. New objects created by the package installation must be manually deleted.

  1. From the menu bar, click Admin menu > Application Builder > Install Packages.

  2. In the Available Packages section, click Import.
  3. Click Add New, then locate and select the package file that you want to import.
  4. Click OK.

    The package file is displayed in the Available Packages section and is ready for installation.

Important: This step is required only if FAR Regulatory Correspondence is already present in your system, and you are installing this package.

  1. From the menu bar, click Admin menu > Application Builder > Install Packages.

  2. In the Available Packages section, locate the package you want to map.
  3. In the Actions column, click Map package for that package.

    The analyzer examines the information in the package. The analyzer automatically matches the system IDs of the objects in the package with the objects in the target instance and identifies objects from the package that are successfully mapped to objects in the target instance, objects that are new or exist but are not mapped, and objects that do not exist (the object is in the target but not in the source).

    When the analyzer is complete, the Advanced Package Mapping page lists the objects in the package file and corresponding objects in the target instance.

  4. On the Advanced Mapping page, click to open each category and review the icons next to each object to determine which objects you must map manually.
    The following table describes the icons.

    Icon

    Name

    Description

    Awaiting mapping review

    Awaiting Mapping Review

    Indicates that the system could not automatically match the object or one of its children to a corresponding object in the target instance.

    Objects marked with this icon must be mapped manually.

    New objects should not be mapped. Select Do Not Map from the drop-down menu to clear this icon for an individual object, or click Do Not Map to clear the icon for all unmapped objects.

    Mapping completed

    Mapping Completed

    Indicates that the object and all children are mapped to objects in the target instance, or that they have been marked as Do Not Map. Nothing more needs to be done with these objects in Advanced Package Mapping.

    Note: You can run the mapping process without mapping all objects. The Awaiting mapping review icon is for informational purposes only.

  5. For objects awaiting mapping review, do one of the following:
    • To map each object individually, use the drop-down menu in the Target column to select the object in the target instance to which you want to map the source object. To leave an object unmapped, select Do Not Map in the Target column.
    • To automatically map all objects in a category that have different system IDs but the same object name as an object in the target instance, click Auto Map. Select whether to ignore case and spaces when matching object names. Click OK.
    • To mark all unmapped objects as Do Not Map, click Do Not Map.

  6. (Optional) Click Filter to enable filter fields that you can use to find specific objects in each mapping category. To undo your mapping selections, click Undo, then select whether to undo all mappings in the category or only the mappings on a single page. If you choose to undo all mappings, you will be returned to the categories list.

  7. (Optional) To save your mapping selections and return to the categories list without committing changes to the target instance, click Home.
  8. After you review and map all objects, click Execute.
  9. Select I understand the implications of performing this operation. Click OK.

    When the mapping is complete, the Import and Install Packages page displays.

    Important: Advanced Package Mapping modifies the system IDs in the target instance. You must update any Data Feeds and Web Service APIs that use these objects with the new system IDs.

All objects from the source instance are installed in the target instance unless the object cannot be found or is flagged to not be installed in the target instance. A list of conditions that may cause objects not to be installed is provided in the Log Messages section. A log entry is displayed in the Package Installation Log section.

  1. From the menu bar, click Admin menu > Application Builder > Install Packages.
  2. In the Available Packages section, locate the package file that you want to install, and click the file name or Import at end of the row to open the Options menu.
  3. In the Selected Components section, click the Lookup button to open the Package Selector window.
    • To select all components, select the top-level checkbox.
    • To install only specific global reports in an already installed application, select the checkbox associated with each report that you want to install.

    Note: Items in the package that do not match an existing item in the target instance are selected by default.

  4. Under the Translation Option drop-down menu, select an option for each selected component. To use the same Translation Option for all selected components, select a method from the top-level drop-down list.
    The Translation Option is enabled only when a language is selected.
    The following table describes the options.

    Option

    Description

    Full Install

    Installs the component and its translations from the selected languages.

    Translations Only

    Only installs the translations from the selected languages.

  5. Under the Install Method drop-down menu, select an option for each selected component. To use the same Install Method for all selected components, select a method from the top-level drop-down list.
    The following table describes the options.

    Option

    Description

    Create New Only

    Only creates new fields and other elements in the applications, questionnaires, workspaces, data feeds, and dashboards specified in the package file. This option does not modify any existing elements on your instance of Archer. This is useful when you want to add functionality to an existing application, questionnaire, workspace, dashboard, data feed, or access role, but you do not want to risk making any unwanted changes to the existing elements of workspaces, data feeds, or dashboards. iViews that are not currently on the dashboards that are selected for the package install are created.

    Note: The Create New Only option does not apply to access roles or languages.

    Create New and Update

    Updates all elements in the applications, questionnaires, workspaces, data feeds, and dashboards as specified in the package file. This includes adding new elements and updating existing elements. Existing iViews on the dashboards that are selected for the package install are updated, and iViews that are not currently on the dashboards that are selected for the package install are created.

    Note: The Create New and Update option does not apply to access roles or languages.

  6. Under the Install Option drop-down menu, select an option for each selected component. To use the same Install Option for all selected components, select an option from the top-level drop-down list.
    The following table describes the options.

    Option

    Description

    Do not Override Layout

    Installs the component, but does not change the existing layout. This is useful if you have a lot of custom fields and formatting in your layout that you do not want to risk losing.

    You may have to modify the layout after installing the package to use the changes made by the package.

    Note: The Do not Override Layout option does not apply to access roles or languages.

    Override Layout

    Updates the layout as specified in the package file, overwriting the existing layout.

    Note: The Override Layout option does not apply to access roles or languages.

  7. Click Continue to advance to the next object category in the Package Selector, and repeat steps 4 to 6. After reviewing all object categories, click OK.
  8. To deactivate target fields and data-driven events that are not in the package, in the Post-Install Actions section, select the Deactivate target fields and data-driven events that are not in the package checkbox. To rename the deactivated target fields and data-driven events with a user-defined prefix, select Apply a prefix to all deactivated objects, and enter a prefix. This can help you identify any fields or data-driven events that you may want to review for cleanup post-install.
  9. Click Install.
  10. Click OK.

  1. From the menu bar, click Admin menu > Application Builder > Install Packages.

  2. In the Package Installation Log section, click the package that you want to view.
  3. In the Package Installation Log page, in the Object Details section, click View All Errors.

    Note: To view individual logs, in the Errors column of the log you want to view, click the Failures link or Warnings link. Clicking View All Errors, Failures, or Warnings opens the specific errors on a different page.

  4. Click the Export icon to export the log file.
  5. Click Close.

For a list of packaging installation log messages and remediation information for common messages, see Package Installation Log Messages.

Task 6: Activate advanced workflow

  1. Go to the Applications page.

    1. From the menu bar, click Admin menu.

    2. Under Application Builder, click Applications.

  2. In the Applications section, select the Requirements Management Application.

  3. On the Advanced Workflow Tab, click ‘Activate’ in the top right corner of the page.

  4. Then click ‘Save Workflow’ in the top left corner of the page.

Certification environment

Date tested: May 2023

Product Name

Version Information

Operating System

Archer

6.12

Windows Server 2012