On this page
Architecture diagram
The following diagram shows the relationships between the applications in the Third Party Governance use case.
Note:
- Any connection to the perimeter of the Third Party Hierarchy means that the connection could be to any of the three levels within the Hierarchy: Third Party Profile, Subsidiary, or Sub-Subsidiary.
- Findings are automatically generated within Issues Management for all Assessments. Findings can also be generated manually across the solution, where appropriate.
Applications
|
Application |
Description |
|---|---|
|
Third Party Metrics |
The Third Party Metrics application allows you to document all of the performance indicators and SLA metrics related to each of the engagements being delivered by a third party. The overall performance of the third party is scored relative to each engagement, and the results across all of the third party engagements are rolled up to obtain an overall performance score for the third party. Performance metrics can be tracked against upper and lower thresholds, expected direction, and +/- 2 standard deviations from the historical mean. |
|
Third Party Metrics Library |
The Archer Third Party Metrics Library contains the pool of metrics that you commonly use, and allows you to avoid manual metric setup while enforcing consistency in your metrics program across all engagements. The third party metrics that you select from the library automatically populate the Third Party Metrics section of the Engagement record. |
|
Third Party Metrics Results |
The Third Party Metrics Results application enables you to capture the historical data of individual metrics, including the metric reporter, metric sources, metric date, and metric value, as well as any supporting documentation. |
|
Technologies |
The Technologies application provides a searchable and extensible repository of technology version information that can be leveraged to relate devices of like technology. Devices can be identified and grouped using one of the three tiered hierarchical values lists detailed:
Users can filter technologies that have been company approved and view reports detailing known vulnerabilities threatening their technologies. Note: The Technologies application is included in the Enterprise Catalog package. |
|
Applications |
The Applications application stores all software applications used by the organization to perform business operations. You can view how an application is used, the people that use it, and the devices on which the application is installed. You can also track the business impact, customer impact, and licensing details, and associate it with other aspects of the enterprise infrastructure. Note: The Applications application is included in the Enterprise Catalog package. |
|
Devices |
The Devices application serves as a central repository for knowledge, such as criticality, about IT devices and which applications they support. You can manage devices to ensure that they are protected according to management expectations. The application is also associated with other aspects of the enterprise infrastructure. Note: The Devices application is included in the Enterprise Catalog package. |
|
Storage Devices |
The Storage Devices application serves as a central repository for storage devices used within the infrastructure. Note: The Storage Devices application is included in the Enterprise Catalog package. |
Access roles and record permissions
|
Access Role |
Description |
|---|---|
|
Third Party: Administrator |
Serves as the administrator of the use case. This role has create, read, update, and delete access rights. The Third Party: Administrator is responsible for populating the Third Party Metrics Library. |
|
Third Party: 1st Line of Defense |
Provides the appropriate access levels within the use case to the first line of defense, such as Business Unit Owners, Business Unit Managers, and Relationship Managers. |
|
Third Party: Executive Management |
Provides the appropriate access levels within the use case to the executive team. |
|
Third Party: External Third Party |
Provides the appropriate access levels within the use case to external third parties, such as the Primary Third Party Contacts, Secondary Third Party Contacts, and Tertiary Third Party Contacts. |
|
Third Party: Legal And Procurement |
Provides the appropriate access levels within the use case to the legal and procurement team, such as the Procurement Group and Procurement Officer. |
|
Third Party: Risk Analysts
|
Provides the appropriate access levels within the use case to risk analysts. Risk analysts are responsible for associating metrics with engagements, activating metrics, and collecting metrics results. |
|
Third Party: 2nd Line of Defense |
Provides the appropriate access levels within the use case to the second line of defense, such as Business Unit Risk Owners. |
|
Third Party: Read Only |
Provides read-only access to the use case to personas who required limited access, such as a Funding Manager. |
For a complete list of access roles and detailed, page-level access rights, see the Data Dictionary.
For a complete list of application record permission fields, including which user/groups fields populate the fields and where the fields inherit permissions from, see the Data Dictionary.
Dashboards
|
Dashboard |
Description |
|---|---|
|
Third Party Task Driver |
The Third Party Task Driver dashboard contains quick links for frequent tasks and features relevant metrics to the current user, such as supplier request forms, risk assessments, contract reviews, and expiring contracts that are pending action. This dashboard also uses interactive charts to display data, such as third parties by relationship manager and contracts by third party, status, and expiration date. The Third Party Task Driver dashboard is available to all third party access roles because it is filtered by the current user. |
|
Third Party Process Manager |
The Third Party Process Manager dashboard displays items relevant to users such as relationship managers and procurement officers to help them determine how processes are functioning and identify areas for improvement. This dashboard features metrics, such as expiring contracts, contracts pending review, and metrics collections past due. This dashboard also uses interactive charts to show data, such as third parties by status and engagement distribution per business unit. Only users that are assigned to the Third Party: 1st Line of Defense, Third Party: Legal and Procurement, or Third Party: Administrator groups can view this dashboard. |
|
Third Party Management |
The Third Party Management dashboard provides critical third party information to help the executive team analyze the overall risk of third parties, identify low-performing third parties, and understand how third parties support crucial business processes. This dashboard uses interactive charts to display data, such as overall performance rating by third party, third party residual risk, contract distribution by third party, and budgeted vs. actual annual engagement spend per business unit. This dashboard also features metrics for active and expired contracts to give insight on which items require immediate action. Only users that are assigned to the Third Party: Administrator, Third Party: Executive Management, or Third Party: Read Only groups can view this dashboard. |
Data feeds
Note: For instructions on setting up the feed, see Setting Up Third Party Governance Data Feeds.
|
Data Feed |
Description |
|---|---|
|
Generate Third Party Metrics |
When you queue metrics from the Third Party Metrics Library in an Engagement record by selecting Queue Control Set, this scheduled data feed populates the Third Party Metrics section of the Engagement record with the queued metrics. |
Data Dictionary
The Third Party Governance Data Dictionary contains configuration information for the use case.
You can obtain the Data Dictionary for the solution by contacting your Archer Account Representative (rsa.com/customersupport).