on 2018-04-2701:15 PM - edited on 2022-03-1001:53 PM by GloriaHigley
The Archer Control Standards library consists of over 1,200 best-practice control standards organized through a custom GRC taxonomy developed specifically to align with multiple best-practice external standards and benchmarks.
Control standards specify a particular course of action or response to a given situation. They are topical rather than tactical, serving as management level guidelines that provide specifications for the implementation of corporate policies intended to drive compliance with internal and external corporate objectives.
The Archer Control Standards library is linked to several other Archer libraries such as Policies, Authoritative Sources, and Control Procedures. This provides both a common connection fabric and aggregation point for measuring performance of policy and compliance activities. For example:
Control standard "ATCS-027: Risk Assessment Process" is mapped to hierarchical policy record 0 Risk Management Policy > 02.3 Risk Assessments > 02.3.01 Risk Assessment Process.
This same control standard is also cross-mapped to several hundred different authoritative source references, such as ("FFIEC Information Security Booklet > 0 Information Security Risk Assessment").
The mapping process enables organizations to:
Understand which controls they need to implement to comply from a regulation standpoint, or from a corporate policy and best practice
Identify and manage key stakeholder ownership and automate both the process of implementing industry standards across the organization, and training employees on those best
Simplify risk and compliance performance measurement and monitoring
This content is available in the following languages:
Mappings for the Archer Control Standard Library are mapped to policies and authoritative sources which are available in the Archer Policy Library and authoritative source content packs.
The Archer Control Standard Library is available with the use of the Archer Policy Program Management, Archer IT Policy Program Management, and/or Archer Authorization and Assessment use cases. No additional license is required.
For More Information
To learn more about the Archer Control Standard LibraryContent: