RSA Archer Reviews

Vendor: RSA

4.0 out of 5

38 reviews
92% willing to recommend

1,132 followers

What is RSA Archer?

RSA Archer is a solution designed to help your organization manage policies, controls, risks, assessments, and deficiencies across your lines of business. RSA helps you manage your digital risk with a range of capabilities and expertise including integrated risk management, threat detection and response, identity and access management, as well as fraud prevention.

Get the RSA Archer Buyer's Guide and find out what your peers are saying about RSA Archer, MEGA HOPEX, SecurityScorecard and more!

RSA Archer is the #1 ranked solution in top GRC solutions, #1 ranked solution in top IT Governance solutions, and #2 ranked solution in top IT Vendor Risk Management solutions. PeerSpot users give RSA Archer an average rating of 8.0 out of 10. RSA Archer is most commonly compared to MEGA HOPEX: RSA Archer vs MEGA HOPEX. RSA Archer is popular among the midsize enterprise segment, accounting for 56% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a educational organization, accounting for 51% of all views.

Helped 814,763 peers since 2012

Featured reviews

Raviteja Nekkanti

Senior Information Security Consultant at CGI

My use case is for security assessment. It's my daily task. I use it for security assessment in Azure. We have tickets where users need to submit details about an application, computer, or server. For Archer, my direct task is to assess the security risk of an application, infrastructure, or…

Read full review

Manash Banerjee

Technology Manager at Cognizant

I have seen some performance issues. For example, with the search criteria. When I'm searching with some of the IDs, it will return "FND_" and some finding numbers. Their search criteria is a bit cumbersome because I need to actually find what I need, but it's giving me a lot of other information. I have also experienced lagging when viewing an app configuration page, to see the controls associated with that particular app. I'm not certain whether it's a problem with Archer or with our implementation, but there are definitely some performance issues. We have a maintenance team responsible for the required maintenance. They handle new patches and some of the new framework rules and updates. They're also planning on implementing and integrating FedRAMP.

Read full review

Krishnendu Saha

Vice President at a financial services firm with 10,001+ employees

Many a time, data feeds create problems. We keep seeing that the feeds have not run on schedule or have failed, and that's why the reports were not processed or created. It probably also has something to do with the strength of our server. For example, in our production environment, the servers are more powerful. We have more memory space, so we don't see this issue very often, but in the test environments, where there are constraints in terms of server and memory space, we keep seeing this issue. There is no inbuilt alert in Archer to let us know that a data feed has failed or did not run for different reasons. So, we don't even get to know that a feed has not run until somebody reports it to us. This has been a problem all the time. Data feeds have always been a big headache for us because there is no feature to let us know if a feed has not run or has failed. If Archer had a feature to send us an email notification when a feed has failed, it would've been very helpful. This is the reason why our users are slowly moving away to another platform. Some of the modules that I have been managing are being moved to ServiceNow. Next year, a lot of our modules will be moved from RSA Archer to ServiceNow, and the data feed issue has been one of the main reasons. We have also had issues with API calls. API calls have always been a problem. Policy exception management is one of the modules that I was managing, and in this module, we had built a few API calls. We had a few API call issues where the API call had failed and records did not get created. Sometimes, records even got deleted. We had numerous calls with RSA Archer, and they always said that unless we reproduce the issue in a lower environment, they cannot help us, but the issue only happens in production, and it happens intermittently. It happens maybe once every two months or three months. We don't know why the API call is failing and the records are not getting created, deleted, or de-linked from the associated parent records. They couldn't provide us with any reason. If their issue resolution team was more proactive, it would have been helpful. This has been a major issue, and this is the reason that this function has been moved to a different platform earlier this year.

Read full review

RSA Archer mindshare

Product category:

As of November 2024, the mindshare of RSA Archer in the GRC category stands at 16.0%, down from 18.4% compared to the previous year, according to calculations based on PeerSpot user engagement data.

GRC

Key learnings from peers

Valuable Features

"It has various valuable features. For example, showing us if a control aligns with specific standards or frameworks helps us understand it better and verify its compliance."
"Archer has simplified our security audits. It's made it easier to raise and trigger questionnaires to customers."
"It has the best workload management features."

Room for Improvement

"The user interface needs work. There are many small text boxes, like credit card size's boxes, where we need to input a lot of text. You can't see what you're typing beyond the tiny window, so you have to scroll or type elsewhere and copy-paste it. It's very inconvenient."
"The ticket handling process could be improved."
"Its customization features could be better."

Pricing

"The pricing is okay. The licensing costs are very reasonable; it is very affordable to us."
"The solution’s pricing is moderate."
"The price of the solution is very affordable."

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our RSA Archer Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Educational Organization

51%

Financial Services Firm

12%

Computer Software Company

Manufacturing Company

Government

Energy/Utilities Company

Insurance Company

Healthcare Company

Retailer

Hospitality Company

Real Estate/Law Firm

University

Construction Company

Media Company

Comms Service Provider

Non Profit

Logistics Company

Outsourcing Company

Legal Firm

Engineering Company

Recreational Facilities/Services Company

Wholesaler/Distributor

Compare RSA Archer with alternative products

Learn more about RSA Archer

The solution also allows you to adapt a broad range of solutions to your requirements and is a good option for both big and small companies.

RSA Archer Features

RSA Archer has many valuable key features. Some of the most useful ones include:

Application builder
Advanced business workflow
System integration
Search, reports, and dashboards
Access control
Globalization
Audit management
Privacy program management
Security incident management

RSA Archer Benefits

There are many benefits to implementing RSA Archer. Some of the biggest advantages the solution offers include:

Taxonomy and data structure: With RSA Archer, you can build and maintain an inventory of personal data processing activities and assets, utilizing a purpose-built taxonomy and data structure.

Easy tracking: RSA Archer enables you to track data retention schedules and execute a checklist as it relates to processing activities.

Smooth management: By using RSA Archer, you can manage activities related to notifications and consents linked to the processing activity inventory.

Improve information assurance programs: RSA Archer enables agencies to improve information assurance programs for continuous monitoring and assessment and authorization.

Compliance: By providing compliance management, RSA Archer allows you to consolidate information from multiple regulatory bodies and establish a sustainable, repeatable, and auditable regulatory compliance program.

Business continuity: With RSA Archer, you can automate business continuity and disaster recovery planning to protect your organization in the event of a crisis.

Reviews from Real Users

Below are some reviews and helpful feedback written by PeerSpot users currently using the RSA Archer solution.

A Specialist, RSA Archer at a tech services company, says, “RSA Archer is a valuable tool because it can manage the end-to-end functioning of any enterprise GRC module, such as compliance and risk management or business continuity plans and the entire BCM module. RSA Archer also provides many out-of-the-box solutions, which are use cases derived from the standards for GRC or risk management, governance, and compliance. It provides an end-to-end mechanism for business users on a single platform. That includes reporting, managing workflow, creating documentation, or tracking a process where you need to get approval from the various levels within the organization's hierarchy.”

PeerSpot user Krishnendu S., Vice President at a financial services firm, mentions, "It is enterprise-wide accessible. So, it is very helpful for all the employees in our bank. They can log in and do their risk management activities. It has a few inbuilt modules that are helpful for doing risk management activities, such as issue management, risk identification, risk assessment, and policy exception management. It also has some inbuilt workflows inside these modules. They are also helpful."

A Sr. Internal Auditor at an energy/utilities company comments, "Its user interface is pretty neat, and there is flexibility in generating the data. You can customize reports at any level. You can directly get reports in Tableau format. If you want to generate statistical data, you can create reports with graphs. There is an adequate amount of flexibility for changing the format, the type of graphs, etc."

Another PeerSpot user, Manash B., Technology Manager at a tech services company, explains, "RSA is a very rich application. I like its adaptive suggestion, where based on your users and the class of data, it can actually recommend you the proper control to choose. For example, we have been using PCI DSS as an NIST. So based on application feedback, it will provide you with a suggestion on which control objective needs to be set. Based on that, you can make a decision—you don't need to take the suggestion, but you can customize that particular provided suggestion. RSA Archer's workflow is also good, in terms of process automation."

RSA Archer was previously known as Archer.