Business context

We have over 15 years of enterprise IT exposure: building data center IT infrastructure, deploying and configuring complex business applications (ERP, CRM, ECM), defining business continuity plans and deploying IT disaster recovery solutions for large organizations. The Vulnerability Scanning and GRC components came naturally as an added layer to the existing services offered.

RSA Archer Platform administration

We offer a fully managed platform management service. Expertware assigns a team dedicated to each RSA Archer platform implementation and ensures that customer's particular processes and IT landscape are well documented and monitored 24/7.

Standard activities part of the service agreement are:

• Manage existing data feeds loads, remediate where need it.
• Design, develop and use additional data feeds (referential data feeds, IT risk feeds, QA feeds, Process and Policy feeds, etc.)/
• Administration for authorization : per application, per field, enforce/break inheritance, validate controls so we grant business users access to specific data records and fields.
• Monitoring and remediation for RSA Archer platform services, performance, warning & errors.
• Ensure report data accuracy (freshness) and workflow actions completion.
• Design, develop solutions based on requests from business Owners (authorization, data imports, small changes in applications).
• Define and configure new reports, questionnaires (to map business processes with risks), forms, workflows.
• Troubleshoot, investigate and correct data feed errors.

Vulnerability scanning

To ensure good security posture companies perform continuously scans and assessments for their network, server and application vulnerabilities and security exposures.

Standard activities performed are:

Our added value

• Strong knowledge of infrastructure and application relationships.
• Deep understanding of data points required to be evaluated for Vulnerability Management risk analysis
• Capability to correctly qualify risks considering the existing infrastructure and processes interrelations.
• Strong understanding of the risk definition: top to bottom, bottom to top and ability to recommend the customers in the process of defining them.
• Broad business processes understanding: financial processes, logistics, incident and request management, customer services, sales, and distribution, etc.
• Capability to optimally map Policies to instances: per technology, per applications, per environment (DEV, TST, UAT)
• Experience to map Business Processes to Applications and controls: multiple asset items form an application that is influencing one or more business processes.
• Capability to qualify the vulnerabilities based on the technical landscape: not all systems are equals.
• Capability to recommend the customers defining and calculating risk profiles.

If you are searching for a long-term partner, capable of raising the quality and the integration between the vulnerability scanning toolset and the GRC platform, please contact us.