Q U I C K S TA R T Enterprise Risk Management Solution
Powered by Archer w w w. C o m p l yT e c . c o m
M o re t h a n eve r, e n te r p r i s e s w i s h i n g to a u to m a te s t r a te g i c d e c i s i o n m a k i n g a n d o p e r a t i o n a l re s i l i e n c y a re l o o k i n g fo r f a s t t i m e - to -va l u e . A l t h o u g h A rc h e r p rov i d e s a s i n g l e p l a t fo r m fo r m a n a g i n g m u l t i p l e d i m e n s i o n s o f r i s k , e n te r p r i s e c l i e n t s wa n t to g e t b a s i c fo u n d a t i o n s o f a r i s k p ro g r a m a d d re s s e d q u i c k ly. With this in mind, ComplyTec and RSA have put together an offering providing these foundational elements. The three components of our quick start solution are: Risk Catalog
• Record and track risks • E stablish accountability for risks • Facilitates a top-down, qualitative approach to assessing inherent and residual risk • E nables a three-level rollup of risk
Top-down Risk Assessments
• D ocument organization’s risks and controls • P erform risk assessments on new products and services, business processes, and mergers and acquisitions • E xecute automated risk assessment campaigns using pre-built forms • M anage and report on identified risk issues and remediation progress
Issues Management
• M anage issues generated by audit, risk, compliance, and other teams • E stablish the corporate structure and accountability • M anage findings, remediation plans and exceptions
These components will allow your enterprise to hit the ground running on risk management, giving them the power to accomplish the following:
IDENTIFY & PRIORITIZE RISKS AND ACCOUNTABILITIES
2
ComplyTec - ERM Solution
MANAGE RISK AND ESCALATE ISSUES
ENABLE DECISION MAKING WITH POWERFUL REPORTS
Benefits of our Quick start solution “We don’t have a long time to get a handle on this. We tried before with homegrown solutions and got partway there. We needed a more robust and complete solution that can scale with our business”
• Save cost by improving resource allocation • Reduce time to resolution on audit, risk and compliance issues • Avoid adverse risk events • Engage all stakeholders • Understand linkages between risks and business objectives • Standardize risk language
A SOLUTION WITH FAST TIME-TO-VALUE TO REDUCE OVERALL RISK W h a t ’s i n c l u d e d i n t h e E R M Q u i c k S t a r t e n te r p r i s e r i s k m a n a g e m e n t s o l u t i o n? • • • • • • • • • • • • •
Risk Catalog Top-Down Assessment Issues Management SaaS/Hosting fees - 1 Production and 2 Non-Production Instances Ability to link confidential and sensitive documents on local secure server Installation, set-up, and configuration Training for one administrator (or business user) Enterprise-wide license for companies with 1,000 or fewer employee’s with unlimited concurrent connections Unlimited records 50GB included (25GB increments available by block) Database Encryption – In-motion and at rest Enhanced 7 X 24-hour Support directly from RSA Dedicated backups
P ay m e n t O p t i o n s Option A - 36 Month lease Price: $2,866 USD * *Lease pricing is intended to be a good faith estimate and used for marketing purposes only. The actual rate and payment amount may vary and is subject to credit approval in addition to any terms and conditions that may be required. Option B - Subscription Price (USD): • Year 1: $60,825 • Year 2: $13,900 • Year 3: $13,900
ComplyTec - ERM Solution
3
Notes • S ee additional terms and conditions on page 5 • A ll pricing in USD and are intended to be an estimate for marketing purposes • 1 00% delivered remotely • O fficial quote + SOW to be provided • Single sign-on available at extra charge The ComplyTec Quick Start Enterprise Risk Management Solution comprises of the following deliverables: USE CASES Top-down Risk Assessment Risk Catalog Issues Management
APPLICATIONS AND DATA Business Processes Control Procedures Risk Hierarchy Risk Register Library Risk Register
P ro j e c t I m p l e m e n t a t i o n To help ensure successful delivery, a Complytec Professional Services consultant, or authorized agent, will work closely with Customer staff to perform the various Archer Foundation Use Case service tasks, which may include some or all of the following: • C urrent state assessment of hardware, software, and infrastructure and guidance to Customer on required or beneficial updates • R eview of standard use cases with Customer to assess suitability. Identify changes required • I mplement Use Case, which consists of the following per use case: • C reation and/or modification of up to 5 fields, 5 notification templates, 5 reports and dashboards, and 5 data-driven events for each application or questionnaire • Addition of up to 5 additional workflow stages (above the standard 2) for each workflow • Addition of up to twenty 20 users with standard group and role structure (for LDAP environment) • I mport of content repositories into each in-scope application for up to 3 environments (development, test. and production) using a template provided by ComplyTec to Customer • Validation of Use Case installation and configuration • 1 week period of End User Testing • D eployment of use cases into production • P rovide basic knowledge transfer for handoff • D eliver project completion form which may include a basic functional overview to demonstrate use case capabilities
D o e s yo u r e n t e r p r i s e re q u i re a s i m p l e s o l u t i o n t o u n d e r s t a n d , m a n a g e a n d m i t i g a t e r i s k ? D o yo u n e e d a q u i c k t i m e - t o -va l u e? T h e n C o m p lyTe c ’s E R M q u i c k s t a r t s o l u t i o n m ay b e r i g h t fo r yo u . 4
ComplyTec - ERM Solution
Te r m s a n d c o n d i t i o n s • • •
•
his offer is not a contract. Additional terms and T conditions may apply. Only official quotes and corresponding master agreement are binding S peak to your ComplyTec representative to receive a customized proposal and full terms and conditions P rices are intended to be an estimate for marketing purposes. They are based on companies that have 1,000 employees or less. Contact ComplyTec to discuss your situation. S ome of all services may be delivered
•
remotely Knowledge transfer relates to the architecture. planning and Archer product implementations (configuration. integration and applied rule sets) of a specific Customer’s security infrastructure environment and is not a substitute for formal Archer Education Services product course offerings. ComplyTec strongly encourages attendance at these courses to gain further insight into the product features, installation, configuration and administration.
C u s t o m e r Re s p o n s i b i l i t y • • • • •
rovide at least 1 technical contact with system P administration responsibilities and appropriate system/ information access privileges. R eviewing and agreeing on engagement objective. M ake appropriate system maintenance window(s) available for ComplyTec as needed to prepare equipment E nsure that all environment and operational requirements are met prior to commencement of the Services. P rovide access to the Customer’s systems and networks as necessary to perform the Services
• • • • •
during ComplyTec’s normal business hours, or at mutually agreed times. Provide support from technical support teams for all vendors and third parties as necessary. A ssume all responsibility for network connectivity, performance, and configuration issues. V erify that the equipment location (work site) is prepared to perform the engagement services. R espond in a timely fashion to questions posed by ComplyTec regarding the project. C omplete all planning and scheduling activities required by customer.
Service Schedule •
•
he anticipated Service start date is within thirty T (30) days, or a mutually agreed upon start date, after receipt and approval by ComplyTec of the Customer’s purchase order for this Service. Subject to Customer satisfying the “Customer
P ro j e c t S c o p e exc l u s i o n s / c h a n g e s •
Any additions or changes to the Project Scope must be mutually agreed upon by ComplyTec and the Customer in a separate ComplyTec Statement of Work detailing the proposed change on pricing and schedule, and other relevant terms.
Responsibilities” specified above, ComplyTec estimates that it will complete the Services within forty-five (45) days after the actual service start date.
•
Such changes include, but are not limited to: • Any additional activities not listed in this Service Brief. • Modification of the Customer’s application software. • Development of custom solutions including, without limitation, scripting.
F i xe d b i d s e r v i c e fe e a n d i nvo i c i n g s c h e d u l e •
• • •
he Services described in this Service Brief are T delivered during Complytec’s normal business hours (M-F, excluding ComplyTec/local holidays). U nless otherwise specified or agreed by Complytec, the Services are performed on consecutive days. I nvoices are issued upon ComplyTec’s receipt and approval of the Customer’s purchase order. Customer will provide a new or amended purchase order and shall pay additional amounts related to (i) performance of services
•
outside ComplyTec’s normal business hours or consecutive days, and (ii) reimbursement of any travel-related expenses beyond the one (1) trip included in the service. Customer shall have twelve (12) months from the date of ComplyTec’s invoice to use the Services described herein (“Service Period”). The Services shall automatically expire on the last day of the Service Period. Under no circumstances shall Customer be entitled to a credit or refund of any unused portion of the Services
ComplyTec - ERM Solution
5