SecurityScorecard

1. Ensure that your Archer system is at Archer Platform version 6.14.

2. Read and understand "Packaging Data" in the Archer Platform Help.

Installing a package requires that you import the package file, map the objects in the package to objects in the target instance, and then install the package. For more information, see Installing the Packages.

You must import and schedule each use case data feed that you want to use. See Setting Up Data Feeds for complete information.

Test the application according to your company standards and procedures, to ensure that the use case works with your existing processes.

There is no undo function for package installation. Packaging is a powerful feature that can make significant changes to an instance. Archer strongly recommends that you back up the instance database before installing a package. This process enables a full restoration if necessary.

An alternate method for undoing a package installation is to create a package of the affected objects in the target instance before installing the new package. This package provides a snapshot of the instance before the new package is installed, which can be used to help undo the changes made by the package installation. You must manually delete new objects created by the package installation.

1. From the menu bar, click > Application Builder > Install Packages.

2. In the Available Packages section, click Import.

3. Click Add New, then select the package file that you want to import.

4. Click OK.

5. The Available Packages section displays the package file and is ready for installation.

6. Click Install icon next to the package file

   1. Package mapping is not necessary. All components of the install will be new.  

   2. When prompted, click okay to the warning message that appears.

7. Select the following configuration for the installation:  

8. Click the Install Button  

1. From the menu bar, click > Application Builder > Install Packages.

2. In the Available Packages section, select the package you want to map.

3. In the Actions column, click for that package.

The analyzer runs and examines the information in the package. The analyzer automatically matches the system IDs of the objects in the package with the objects in the target instances and identifies objects from the package that are successfully mapped to objects in the target instance, objects that are new or exist but are not mapped, and objects that do not exist (the object is in the target but not in the source).

Note: This process can take several minutes or more, especially if the package is large, and may time out after 60 minutes. This time-out setting temporarily overrides any IIS time-out settings set to less than 60 minutes.

4. When the analyzer is complete, the Advanced Package Mapping page lists the objects in the package file and corresponding objects in the target instance. The objects are divided into tabs, depending on whether they are found within Applications, Solutions, Access Roles, Groups, Sub- forms, or Questionnaires.
   In each tab of the Advanced Mapping Page, review the icons next to each object to determine which objects you must map manually.

5. For each object that requires remediation you can map each item individually or map all object on a tab.

   To map each item individually, do the following.

   1. On the Target column, select the object in the target instance to which you want to map the source object.

   2. If an object is new or if you do not want to map an object, select Do Not Map from the drop-down list.

   3. Ensure that you map all objects to their lowest level. When objects have child or related objects, the parent object provides a drill-down link. You must map child objects before parent objects. For more details, see "Mapping Parent/Child Objects" in the Archer Platform Help.

   To automatically map all objects in a tab that have different system IDs but the same object name as an object in the target instance, do the following.

   1. In the toolbar, click Auto Map.

   2. Select an option for mapping objects by name.

      • Ignore case - Select this option to match objects with similar names regardless of the case of the characters in the object names.

      • Ignore spaces - Select this option to match objects with similar names regardless of whether spaces exist in the object names.

   3. Click OK. The Confirmation dialog box opens with the total number of mappings performed. These mappings have not been committed to the database yet and can be modified in the Advanced Package Mapping page.

   4. Click OK. To set all object in the tab to Do Not Map, in the toolbar, click Do Not Map. To undo the mapping settings for any individual object, in the Actions column, click Undo.

When all objects are mapped, the icon is displayed in the tab title. The icon is displayed next to the object to indicate that the object will not be mapped.

1. Verify that all other objects are mapped correctly.

2. (Optional) To save your mapping settings so that you can resume working later, see "Importing and Exporting Mapping Settings" in the Archer Platform Help.

3. Once you have reviewed and mapped all objects, click Execute.

4. Select I understand the implications of performing this operation and click OK.

The Advanced Package Mapping process updates the system IDs of the objects in the target instance as defined on the Advanced Package Mapping page. When the mapping is complete, the Import and Install Packages page is displayed.

Important: Advanced Package Mapping modifies the system IDs in the target instance. You will need to update any Data Feeds and Web Service APIs that use these objects, with the new system IDs.

All objects from the source instance are installed in the target instance unless the object cannot be found or is flagged to not be installed in the target instance. The Log Messages section provides a list of conditions that may cause objects not to be installed. The Package Installation Log section displays a log entry.

1. From the menu bar, click > Application Builder > Install Packages.

2. In the Available Packages section, locate the package file that you want to install, and click Install.

3. In the Selected Components section, click the Lookup button to open the Package Selector window.

   • To select all components, select the top-level checkbox.

   • To install only specific global reports in an already installed application, select the checkbox associated with each report that you want to install. Items in the package that do not match an existing item in the target instance are selected by default.

4. Under the Install Method drop-down menu, select an option for each selected component. To use the same Install Method for all selected components, select a method from the top-level drop-down list. If you have any existing components that you do not want to modify, select Create New Only. You may have to modify those components after installing the package to use the changes made by the package.

5. To deactivate target fields and data-driven events that are not in the package, in the Post-Install Actions section, select the Deactivate target fields and data-driven events that are not in the package checkbox. To rename the deactivated target fields and data-driven events with a user-defined prefix, select the Apply a prefix to all deactivated objects checkbox, and enter a prefix. This can help you identify any fields or data-driven events that you may want to review for cleanup post-install.

6. Click Install.

7. Click OK.

1. From the menu bar, click > Application Builder > Install Packages.

2. In the Package Installation Log tab, click the package that you want to view.

3. In the Package Installation Log page, in the Object Details section, click View All Errors. To view individual logs, in the Errors column of the log you want to view, click the Failures link or Warnings link. Clicking View All Errors, Failures, or Warnings opens the specific errors on a different page.
   

4. Click the Export icon to export the log file.

5. Click Close.

To facilitate the connection of your Third Party Profile records to the SecurityScorecard Portfolio records seven fields must be created. The SecurityScorecard Domain field is the only field that will accept user input (other fields are calculations), therefore you should configure the permissions of this field at this time.  

1. Add a new tab to the Default Tab Set named SecurityScorecard. 

2. Add a Section to the SecurityScorecard tab called SecurityScorecard Information. 

3. Add a second section called SecurityScorecard Monitoring.  

4. Create the SecurityScorecard Domain text field.

5. Create the SecurityScorecard Portfolio cross-reference field and select Company for the Available Reference.    

   1. Select the following field properties and options:

      1. Single Column

      2. Make this a calculated field

   2. Input the following configuration for the Calculation Properties.

      1. Matching Filters section:

         • ID - 1

         • Field Name - Domain

         • Operator - Field Value Match

         • Values - Third Party Profile: SecurityScorecard Domain

      2. Additional Related Filters section:

         • ID - 1

         • Field Name - Domain

         • Operator - Does Not Equal

6. Create a numeric field for Last 30 Day Score Change.  The field configuration is shown below.  

   1. Calculation (copy and paste this into the formula box):  REF([SecurityScorecard Portfolio],[Last 30 Day Score Change]) 

7. Create a values list field named SecurityScorecard Grade. The SecurityScorecard Grade field is a calculated values list.  The first step will be to create the field as a values list and save it with no calculation.  The calculation will be added in the last step. The process for adding images to the values is covered in “Installing SecurityScorecard Images”. After you have added values A, B, C, D, F and ? select Apply to save the record.  Go to the Options tab and add the calculation.  

   1. Calculation:  REF([SecurityScorecard Portfolio],[Grade])  

   2. Add the information in the General section

      • Name: SecuirtyScorecard Grade

      • Alias: SecuirtyScorecard_Grade

   3. In Values, add the Text and Images values for A, B, D, D, F, and ?.

   4. In Calculation Properties Formula type: REF([SecurityScorecard Portfolio],[Grade])

8. Create a numeric field called “SecurityScorecard Score”.  The field configuration is shown below.  

   1. Calculation: REF([SecurityScorecard Portfolio],[Score])  

      • Name: SecurityScorecard Score

      • Alias: SecurityScorecare_Score

      • Type: Numeric

      • Properties - select:

        • Format the numeric value using the thousand seperators

        • Make this a calculated field

   2. Calculation Properties: 

      • Formula: FEF([SecurityScorecardPortfolio],[Score])

      • Recalculations: As needed (Recommended)

      • Error Handling: Display Error

9. Create a cross-reference list field called SecurityScorecard Factors. 

   1. General Information:

      • Name: SecurityScorecard Factors

      • Alias: Security_Scorecard_Factors

      • Type: Cross-Reference

      • Available Reference: SecuirtyScorecard Portfolio

      • Associated Level: Factor

   2. Display Control: Grid

   3. Options: Make this a calculated field

   4. Calculation Properties - Additional Related Filters:

      • ID - 1

      • Field Name - Company Key

      • Operator - Does Not Equal

   5. Field to Display - SecurityScorecard Portfolio:

      • Name (Key)

      • Description

      • Grade

      • Score

      • Industry Grad

      • Industry Score

   6. Sorting:

      • ID - 1

      • Field - Name

      • Order - Ascending

10. Pull the fields on layout as shown in the image below.  SecurityScorecard Grade should span 2 rows.  The SecurityScorecard Monitoring field is a related records field that was created during the package installation process.  It will be located on the left in the list of fields off layout.  

Optional: Repeat the steps for the “Subsidiary” and “Sub-Subsidiary” levels of the Third Party Profile application if your organization utilizes these levels.

SecurityScorecard information related to the Third Party Profile record can be displayed within the Engagements application if desired. Create the NEW fields for the Engagements application by following the steps below.

1. We recommend that you add a new tab to the Default Tab Set named “SecurityScorecard”.  Create the new tab by selecting “New” in the Default Tab Set section.  After the tab is created, create a new section called “SecurityScorecard Information”.  

2. Create the SecurityScorecard Domain text field.  Select the arrow to the right of “Add New Field” then select TEXT from the list of field choices.  The images below show the field configuration.  

Calculation:  If( NOT( ISEMPTY( REF([Third Party],[SecurityScorecard Domain],[Third Party Profile]))), REF([Third Party],[SecurityScorecard Domain],[Third Party Profile]), If( NOT( ISEMPTY( REF([Third Party],[SecurityScorecard Domain],[Subsidiary]))), REF([Third Party],[SecurityScorecard Domain],[Subsidiary]), If( NOT( ISEMPTY( REF([Third Party],[SecurityScorecard Domain],[Sub-Subsidiary]))), REF([Third Party],[SecurityScorecard Domain],[Sub-Subsidiary]),NOVALUE())))  

3. Create the SecurityScorecard Portfolio cross-reference field.  Select “Add New Field” as directed in Step 3 then select “Cross-Reference” as the field type.  The remaining images in this step show the field configuration.
   

4. Create a numeric field for “Last 30 Day Score Change”.  The field configuration is shown below.  Calculation (copy and paste this into the formula box):  REF([SecurityScorecard Portfolio],[Last 30 Day Score Change]) 

5. The SecurityScorecard Grade field is a calculated values list.  The first step will be to create the field as a values list and save it with no calculation.  The calculation will be added in the last step.  Create a values list field and name it “SecurityScorecard Grade”.   

   1. The field configuration is shown below. Skip the options tab until you have completed the values tab.  The process for adding images to the values is covered here. After you have added values A, B, C, D, F and ? select “Apply” to save the record.  Now go to the “Options” tab and add the calculation.  

b. Calculation:  REF([SecurityScorecard Portfolio],[Grade])  

6. Create a numeric field called “SecurityScorecard Score”.  The field configuration is shown below.  The calculation is: REF([SecurityScorecard Portfolio],[Score])  

7. Create a cross-reference list field called “SecurityScorecard Factors”.  The field configuration is shown below.  

8. Pull the fields on layout as shown in the image below.  SecurityScorecard Grade should span 2 rows.  

    

9. Repeat the layout changes for the Layouts of the Engagements application to ensure a consistent user experience.  

Two of the values list fields within the SecurityScorecard solution require the Archer administrator to upload 10 local images to visualize the SecurityScorecard grades. Follow the steps below to upload the image files to your Archer instance:

Prerequisites:

• Download the SecurityScorecard_Archer_6.14.zip file from the Archer Exchange.

• Extract the SSC Images folder to your local hard drive.

1. Log into Archer.

2. Navigate to the Administration menu.

   a. Under Application Builder, select the Global Values Lists menu option.

3. Filter the list for the SSC: Company Grades global values list.

   1. Click into it the SSC: Company Grades global values list.

   2. Click the A value in the list.

   3. Click the Edit link under the Image.

4. For each image in the SSC Images folder perform the following steps:

   1. Click the Add New link in the Available Graphics pop-up.

   2. Click the Add New link in the upload pop-up.

   3. Select an image file from the SSC Images folder, then click the Open button.

   4. Click the OK button in the upload pop-up.

   5. Repeat steps a-d until all 10 images have been uploaded to the Archer server.

5. Review the list of images in the Graphic Selector pop-up, verify that the following images have been uploaded.
   

6. Once the image files are uploaded, click the Cancel button on the Graphic Selector pop-up.

1. Confirm with customer service that your API service is enabled.

2. Obtain an API token form the Settings page within the SecurityScorecard platform.

1. The next step is to determine the Portfolio ID of the SSC Portfolio that will be used to synchronize with Archer.

2. A SecurityScorecard Customer Success representative can assist, or you can copy and paste the Portfolio ID from the URL of the desired portfolio.

Before you upload a JavaScript file, you must configure JavaScript Transporter settings in the Archer Control Panel.

1. On the General tab, go to the JavaScript Transporter section.

   1. Open the Archer Control Panel.

   2. Go to Instance Management and select All Instances.

   3. Select the instance you want to use.

   4. On the General tab, go to the JavaScript Transporter section.

2. In the Max Memory Limit field, set the value to 2048 MB (2 GB).

3. In the Script Timeout field, set the value to 120 minutes (2 hours).

4. (Optional) If you want to allow only digitally signed JavaScript files in the data feed, enable Require Signature.

   1. In the JavaScript Transporter Settings section, select the checkbox Require Signature. A new empty cell appears in the Signing Certificate Thumbprints section

   2. In the Signing Certificate Thumbprints section, double-click an empty cell.

   3. Enter the digital thumbprint of the trusted certificate used to sign the JavaScript file.

      Important: If you enable Require Signature and specify no thumbprints, no JavaScript files will be accepted by the system.

   4. (Optional) If you want to add additional thumbprint sources, repeat steps 1-3 for each thumbprint.

   5. On the toolbar, click Save.
      

When running JavaScript data feeds, you can set the Archer instance to only allow digitally signed JavaScript files from trusted sources for security considerations.

For a certificate to be trusted, all the certificates in the chain, including the Root CA Certificate and Intermediate CA certificates, must be trusted on both the Web Server and Services Server machines.

Archer Technologies LLC certificate is not present on every machine’s root by default.

1. On the JavaScript file, right-click and select Properties.

   1. Click the Digital Signatures tab.

   2. From the Signature List window, select Archer Technologies LLC.

   3. Click the Details button.

   4. Click View Certificate.

   5. Click Install Certificate.

   6. Select Local Machine.

   7. Click Next.

   8. Select Place all certificates in the following store and click Browse.

      1. Select Trusted Root Certification Authorities and click OK.

      2. Click Next.

      3. Click Finish.

2. Upon successful import, click OK.

1. In the Archer Control Panel environment, open the Manage Computer Certificates program.

   1. Click Start.

   2. Type:  certificate

   3. From the search results, click Manage Computer Certificates.

2. Ensure that your trusted source certificates are in the Certificates sub-folder of the Trust Root Certification Authorities folder.

3. In the Certificates sub-folder, double-click the Archer Technologies LLC that contains the thumbprint you want to obtain.

4. Verify that the certificate is trusted.

   1. In the Certificate window, click the Certification Path tab.

   2. Ensure that the Certificate Status windows displays the following message:

      This certificate is OK

      Note: If the Certificate Status windows displays something different, follow the on-screen instructions.

5. Obtain the trusted certificate thumbprint.

   1. In the Certificate window, click the Details tab.

   2. Select the Thumbprint field.

      The certificate's digital thumbprint appears in the window.

   3. Copy the thumbprint.

After the work above has been completed, you will need to import and configure the four data feeds to facilitate the synchronization of SecurityScorecard data into your Archer instance. To do this, perform the following steps: 

Prerequisites:

• Download the SecurityScorecard_Archer_6.14.zip file from the Archer Community.

• Extract the DataFeeds folder on your local hard drive.

• User account to execute the data feeds (see Data Feed Account Setup below for specifications).

Data Feed Account Setup: 

• Create a new Archer user account:

1. Use a non-expiring security parameter for this account (recommended).

2. Generate a strong password (recommended).

3. Grant the user the “SSC: Administrator” access role (recommended). Account must have at CRUD access to the “SecurityScorecard Event Log” application.

• Make a note of the username and password for this account as they will be needed during the installation of the data feeds.

1. Log into Archer.

2. Navigate to the Administration menu. 

   1. Under Integration, select the Data Feeds menu option. 

3. Click the “Import” link in the Manage Data Feeds section.

4. Locate and select the SSC_0_Event_Log_Nightly_Cleanup.dfx5 file on your local hard drive and select it.

5. Archer will open the data feed in edit mode.

6. Admin Notifications (optional).

   1. Within the General tab you can setup an email notification to Archer administrators to advise of data feed execution success, warning and failures. Below are instructions on how to turn this on:

      1. Within the Notifications section on the General tab, select “Send job status notifications to selected users when jobs status changes”.

      2. Select the appropriate groups/users to receive the notification. 

7. Transport Configuration.

   1. Security section:

      1. Enter the “URL” within the Security section to the URL of your Archer instance.

   2. Transport Configuration section:

      1. Enter the “User Name” of the Archer account that will execute the data feed (see Data Feed Account Setup above for details).

      2. Enter the “Password” of the data feed account that will execute the data feed.

      3. Enter the “Instance” of your Archer environment.

8. Configure schedule (Recommended Frequency: Nightly).

   1. Click on the Schedule tab.

   2. In the Recurrences section enter the following information: (recommended).

1. Log into Archer.

2. Navigate to the Administration menu. 

   a. Under Integration, select the Data Feeds menu option.

3. Click the “Import” link in the Manage Data Feeds section.

4. Locate and select the SSC_1__Events_Nightly_Cleanup.dfx5 file on your local hard drive and select it.

5. Archer will open the data feed in edit mode.

6. Admin Notifications (optional).

   a. Within the General tab you can setup an email notification to Archer administrators to advise of data feed execution success, warning and failures. Below are instructions on how to turn this on:

   1. Within the Notifications section on the General tab, select “Send job status notifications to selected users when jobs status changes”.

   2. Select the appropriate groups/users to receive the notification. 

7. Transport Configuration. 

   a. Security section: Enter the “URL” within the Security section to the URL of your Archer instance.

b. Transport Configuration section:

1. Enter the “User Name” of the Archer account that will execute the data feed (see Data Feed Account Setup above for details).

2. Enter the “Password” of the data feed account that will execute the data feed. iii. Enter the “Instance” of your Archer environment.

8. Configure schedule (Recommended Frequency: Nightly).

   1. Click on the Schedule tab.

   2. In the Recurrences section enter the following information: (recommended).

1. Log into Archer.

2. Navigate to the Administration menu. 

   a. Under Integration, select the Data Feeds menu option.

3. Click the “Import” link in the Manage Data Feeds section.

4. Locate and select the SSC_2__Sync_Portfolio.dfx5 file on your local hard drive and select it.

5. Archer will open the data feed in edit mode.

6. Admin Notifications (optional).

   a. Within the General tab you can setup an email notification to Archer administrators to advise of data feed execution success, warning and failures. Below are instructions on how to turn this on:

   1. Within the Notifications section on the General tab, select “Send job status notifications to selected users when jobs status changes”.

   2. Select the appropriate groups/users to receive the notification. 

7. Transport Configuration. 

   1. Click on the Transport tab.

   2. In the Transport section select “JavaScript Transporter” for the Transport Method.

   3. In the Transport Configuration section click the Upload tab in the top right.

   4. Upload the “Sync_Portfolio.js” file.

   5. Click on the Transport tab.  In the Custom Parameters section, enter 5 Custom Parameters as follows:

      1. host           | Plain Text | api.securityscorecard.io

      2. api_key       | Plain Text | [Enter your API TOKEN] (see page 8 of this guide)

      3. portfolio     | Plain Text | [Enter your PORTFOLIO ID] (see page 8 of this guide) iv. verifyCerts |Plain Text | true or false

      4. proxy          | Plain Text | (optional)

9. Configure schedule (Recommended Frequency: Nightly).

1. Click on the Schedule tab.

2. In the Recurrences section enter the following information: (recommended).

   

1. Log into Archer.

2. Navigate to the Administration menu. 

   1. Under Integration, select the Data Feeds menu option.

3. Click the “Import” link in the Manage Data Feeds section.

4. Locate and select the SSC_3__Sync_Industry_Factor_Scores.dfx5 file on your local hard drive and select it.

5. Archer will open the data feed in edit mode.

6. Admin Notifications (optional).

   1. Within the General tab you can setup an email notification to Archer administrators to advise of data feed execution success, warning and failures. Below are instructions on how to turn this on:

      1. Within the Notifications section on the General tab, select “Send job status notifications to selected users when jobs status changes”.

      2. Select the appropriate groups/users to receive the notification. 

7. Transport Configuration 

   1. Click on the Transport tab.

   2. In the Transport section select “JavaScript Transporter” for the Transport Method.

   3. In the Transport Configuration section click the Upload tab in the top right.

   4. Upload the “Sync_Industry_Info.js” file.

8. Click on the Transport tab. 

1. In the Custom Parameters section, enter 3 Custom Parameters as follows:

   1. host           | Plain Text | api.securityscorecard.io

   2. api_key       | Plain Text | [Enter your API TOKEN] (see page 8 of this guide)

   3. portfolio     | Plain Text | [Enter your PORTFOLIO ID] (see page 8 of this guide) iv. verifyCerts |Plain Text | true or false

      v. proxy          | Plain Text | (optional)

      9. Configure schedule (Recommended Frequency: Nightly).

1. Click on the Schedule tab.

2. In the Recurrences section enter the following information: (recommended).

1. Log into Archer.

2. Navigate to the Administration menu. 

   a. Under Integration, select the Data Feeds menu option.

3. Click the “Import” link in the Manage Data Feeds section.

4. Locate and select the SSC_4__Get_Historical_Scores.dfx5 file on your local hard drive and select it.

5. Archer will open the data feed in edit mode.

6. Admin Notifications (optional).

   1. Within the General tab you can setup an email notification to Archer administrators to advise of data feed execution success, warning and failures. Below are instructions on how to turn this on:

      1. Within the Notifications section on the General tab, select “Send job status notifications to selected users when jobs status changes”.

      2. Select the appropriate groups/users to receive the notification. 

7. Transport Configuration.

   1. Click on the Transport tab

   2. In the Transport section select “JavaScript Transporter” for the Transport Method.

   3. In the Transport Configuration section click the Upload tab in the top right.

   4. Upload the “Get_Historical_Scores.js” file.

8. Custom Parameters:

   1. Click on the Transport tab 

   2. In the Custom Parameters section, enter 3 Custom Parameters as follows:

      1. host           | Plain Text | api.securityscorecard.io

      2. api_key       | Plain Text | [Enter your API TOKEN] (see page 8 of this guide)

      3. portfolio     | Plain Text | [Enter your PORTFOLIO ID] (see page 8 of this guide) iv. verifyCerts |Plain Text | true or false

         v. proxy          | Plain Text | (optional)

9. Configure schedule (Recommended Frequency: Nightly).

   1. Click on the Schedule tab.

   2. In the Recurrences section enter the following information: (recommended).

1. Import Log into Archer.

2. Navigate to the Administration menu. 

   a. Under Integration, select the Data Feeds menu option.

3. Click the “Import” link in the Manage Data Feeds section.

4. Locate and select the SSC_5__Get_Event_Logs.dfx5 file on your local hard drive and select it.

5. Archer will open the data feed in edit mode.

6. Admin Notifications (optional).

   1. Within the General tab you can setup an email notification to Archer administrators to advise of data feed execution success, warning and failures. Below are instructions on how to turn this on:

      1. Within the Notifications section on the General tab, select “Send job status notifications to selected users when jobs status changes”.

      2. Select the appropriate groups/users to receive the notification. 

7. Transport Configuration. 

   1. Click on the Transport tab.

   2. In the Transport section select “JavaScript Transporter” for the Transport Method.

   3. In the Transport Configuration section click the Upload tab in the top right.

   4. Upload the “Get_Historical_Logs.js” file.

8. Custom Parameters:

   1. Click on the Transport tab. 

   2. In the Custom Parameters section, enter 3 Custom Parameters as follows:

      1. host       | Plain Text | api.securityscorecard.io

      2. api_key   | Plain Text | [Enter your API TOKEN] (see page 8 of this guide)

      3. portfolio | Plain Text | [Enter your PORTFOLIO ID] (see page 8 of this guide) iv. verifyCerts |Plain Text | true or false

         v. proxy          | Plain Text | (optional)

9. Configure schedule (Recommended Frequency: Nightly).

   1. Click on the Schedule tab.

   2. In the Recurrences section enter the following information: (recommended).

Once the Data Feeds are configured, follow these steps to execute the Data Feed. Note that only one Data Feed can be executed at a time and any Data Feed with a Data Feed reference must be executed first. For example, if Data Feed 3 references Data Feed 2, then Data Feed 2 must be executed first.

1. Log into Archer.

2. Navigate to the Administration menu. 

   a. Under Integration, select the Data Feeds menu option. 

3. Execute the Data Feeds.

   1. Filter the list for “SSC”.

   2. Click into the “SSC 2: Sync Portfolio” data feed.

1. Navigate to the Schedule tab.

2. Click the Start button within the Immediate Processing section.

iii. Wait for the status marker to update to “Completed”.

c. Repeat the above steps for:

1. SSC 3: Sync Industry Factor Scores.

2. SSC 4: Get Historical Scores. iii. SSC 5: Get Event Logs in that order.

1. On the menu bar, click Show All.

2. Select SecurityScorecard in the leftmost column.

3. Select SecurityScorecard under the Solutions column.

4. Select SecurityScorecard Portfolio name in the last column.

5. Review the Company, Factor and Sub-Factor information loaded by the data feeds based on the portfolio id you entered during the configuration of the data feeds.

3. Select SecurityScorecard under the Solutions column.

4. Select SecurityScorecard Event Log name in the last column.

Review the Event Summary and Event Detail information loaded by the data feeds based on the portfolio id you entered during the configuration of the data feeds.

1. If you chose to install the 3 access roles during the package installation process (see appendix for Role based permissions and the Group assignments) the next step is to assign users to the 3 security groups. 

2. If you chose NOT to install the 3 access roles during the package installation process, manually configure role-based access for the 3 security groups, then assign users to the security groups.

1. Log into Archer.

2. Navigate to the Administration menu. 

   a. Under Application Builder, select the Questionnaires menu option. 

3. Select the SecurityScorecard Assessment from the Questionnaires list.

4. Select the Layout Tab.

5. In the Designer sub-tab Create new fields to configure, configure existing fields, and drag fields on and off layout to make them appear on the questionnaire.

6. In the Campaigns sub-tab (under Properties) click Auto-Generating Campaign to adjust the assignment. By default, this is set to the Relationship Manager.

1. Log into Archer.

2. Navigate to the Administration menu. 

   1. Under Application Builder, select the Questionnaires menu option. 

3. Select Applications under the Application Builder Section.

4. Select the SecurityScorecard Monitoring Application.

5. Click the Layout Tab.

6. Click the Actions sub-tab.

7. Select Notify: SecurityScorecard Alert.

8. This Notification currently sends the assigned Relationship Manager a notification if the SecurityScorecard score changed beyond the configured threshold for a vendor.

9. In the General Tab, Configure the template’s Letterhead and Body Layout.

10. In the Content tab, modify the text sent to the user in the Subject and Body Field.

    1. Use the Toolbar field to find autofill fields, reports or links to insert into the body.

11. In the Delivery tab. 

    1. Modify the email sender properties in the Email Properties section.

    2. Configure whether the multiple recipients receive individual emails in the Email Recipient Options section.

    3. List Recipients in the recipient section.

1. Log into Archer.

2. Navigate to the Administration menu. 

   1. Under Notifications, select the On-Demand Notification Templates menu option. 

3. Select the SecurityScorecard Vendor Invitation from the list.

4. In the General Tab Configure the template’s Letterhead and Body Layout.

5. In the Content tab modify the text sent to the user in the Subject and Body Field as needed.

6. In the Access tab modify the permissions of the on-demand template as needed, by default anyone with access to the Third Party Profile record will be able to send this notification.

7. To activate the On-Demand Notification Template, click on the General tab.

   1. Set the Status field to Active under the General Information section.

1. Log into Archer.

2. Navigate to the Administration menu. 

   1. Under Notifications, select the Scheduled Report Distributions menu option. 

3. Select SSC Scheduled Report Distribution from the list.

4. In the General Tab Configure the template’s Letterhead and Body Layout.

5. In the Content tab modify the text sent to the user in the Subject and Body Field as needed.

6. In the Delivery tab:

   1. Modify the email sender properties in the Email Properties section.

   2. Set the delivery schedule to configure when the email will be sent in the Delivery Schedule section.

   3. Configure whether the multiple recipients receive individual emails in the Email Recipient Options tab.

   4. List Recipients in the Recipient section.

7. To activate the Schedule Report Distribution, click on the General tab.

   1. Set the Status field to Active under the General Information section.

1. Log into Archer.

2. Navigate to the Administration menu. 

   1. Under Workspaces and Dashboards, select the Dashboards menu option. 

3. Select SecurityScorecard.

4. On the General tab. 

   1. Use the General information section to modify the name of the Dashboard or change the Description.

   2. Use the Layout Design Tab to format the Dashboard. Archer will provide a preview if this.

   3. Use the Documentation section to attach relevant files.

5. Click the Layout tab.

   1. Drag and drop the available iViews to the desired location or click Select iViews to insert additional iViews into the Dashboard.

6. In the Access tab select public to grant all users access to the Template or select private to restrict access to specified groups.

1. On the menu bar, click Show All.

2. Select the SecurityScorecard in the leftmost column.

3. Click SecurityScorecard under the Dashboards section. 

4. Here toggle between different iViews to find data visuals on current data.

5. In the Bottom 10 Companies iView you will find companies with the lowest scores.

6. In the Company Score Distribution iView you will find a distribution chart of company scores.

7. In the SecurityScorecard portfolio iView you can find the data related to all companies in the system.

8. In the Top 10 Risk Factors iView you can find a list of the Risk Factors that received the highest scores.

1. On the menu bar, click Show All.

2. Select SecurityScorecard in the leftmost column.

3. Click SecurityScorecard under the Solutions column.

4. Select the Search Icon next to the SecurityScorecard Portfolio application in the last column.

5. In the Keyword Search Section type in the company name whose domain you wish to find.

6. In the Fields to Display section, make sure that the Domain Field appears on the Rightmost Column name, Selected.

7. A valid search entry will return a chart with all relevant domains. 

1. On the menu bar, click Show All.

2. Select Third Party Management in the leftmost column.

3. Select Third Party Catalog under the Solutions column.

4. Select the Search Icon next to the Third Party Profile application in the last column.

1. In the Keyword Search section type in the company name for which you will input a Domain.

2. Click on the company name under the Third Party Name Column.

3. Click the Edit button at the top of the record.

4. Click on the SecurityScorecard Tab.

5. Enter the domain in the SecurityScorecard Domain Field.

6. Click the Save button at the top of the record.

7. The Third Party Profile will now contain the SecurityScorecard data based on the domain entered.

1. SecurityScorecard data loaded into a Third Party Risk profile, through the steps provided above, the same information can also be displayed on any engagement linked to the third party profile.

2. To find this data, in the menu bar, click Third Party Management.

3. On the Solutions column select Third Party Catalog.

4. On the Application Column Select Engagements.

5. Open an Engagement by clicking an Engagement Record on the list.

6. Right under the Relationship Contacts section, select the SecurityScorecard Tab from the row of tabs.

7. You will find the SecurityScorecard data which was linked to the Third Party Profile record.

8. Select the SecurityScorecard data.

1. On the menu bar, click Show All in the leftmost column.

2. Click SecurityScorecard Under the Solutions section.

3. Select SecurityScorecard Portfolio under Applications.

4. Select a SecurityScorecard Portfolio from the list.

5. Under the Industry Information section select the Factors tab.

6. You will see the company’s Grades for each respective Factor.

7. Click on the hyperlink text in the Factors grid to find more information about the Factor relating to the Company. In the Sub-factors section, you can find how the Company was graded at a more granular level.

8. Click on the Sub-Factor Title to learn more about the Sub-Factor and the company events that contributed towards the given Grade.

9. Click on an event located in the Events Section on the Sub-Factor page.

10. Here you can find additional information on the events that contributed towards a company’s given Grade.

11. Click the Event Log 

12. You will see all events that contribute to the factor grades.

13. Click on an Event to find additional information including which Factors and Sub-Factors were involved.

If you chose to install the SecurityScorecard Monitoring ODA during package installation, Archer can generate assessments or email notifications when user defined thresholds are breached. To setup a new monitoring plan follow these steps:

1. On the menu bar, click Show All.

2. Select SecurityScorecard in the leftmost column.

3. Select SecurityScorecard under the Solutions column.

4. Select the Create New Record Icon next to SecurityScorecard Monitoring in the last column.

5. Enter a name for the monitoring plan.

6. Select the Vendor monitored by SecurityScorecard.

7. Select the Type of monitoring.

   1. Issue Monitoring:

      1. Select an issue type.

      2. Select the Finding Count Threshold.

   2. Score Monitoring:

      1. Select the Measurement method.

      2. Enter the Score Threshold.

8. Select the Action(s) that should occur when the threshold is breached.

   3. Notification:

      1. Uses the “Notify: SecurityScorecard Alert” data driven event notification template.

   4. Assessment:

      1. Uses the “SecurityScorecard Assessment” questionnaire.

9. Click the "Save" button at the top of the screen to save.