(The latest in our new “GRC Best Practices” series is a contribution from Melissa Cohoe, Iceberg’s Director of Implementation & Integration. Here’s an excerpt from her article. You can sign up to our Risk Intelligence Newsletter for updates when new articles from this series are posted.)
A successful GRC program is one which evolves with your organization, adapting to your users, your stakeholders, and your industry. With RSA Archer, many organizations spend a lot of time (and resources) planning for the initial implementation, but not enough time considering how to properly support and update their program once it is in production.
So how do you build a team to properly sustain your Archer program? What skills should you be looking for? How should you develop your resources? Here are some pointers based on our work with Archer customers and our own experience in building Iceberg’s team. I’ve broken it down into four areas:
- Understanding Archer – How is it like traditional coding technologies and how does it differ?
- Ingredients for a valuable Archer resource – What skills should you look for? Do they need Archer experience?
- Archer training and mentoring – Even when a resource is trained in Archer, they need to know the specifics of the implementation. What’s the best way to support that?
- Creating institutional memory – What are some strategies to create a framework that your team can refer to, and avoid having all that knowledge sit in the mind of a single person?