Team Lead: IT Security Compliance at a energy/utilities company with 10,001+ employees
Aug 29, 2019
The most valuable feature is the enterprise module, which provides the capability of having all of the information stored and linked with everything else.
Integration is another great aspect of RSA Archer. From the beginning, integration has been a central focus for RSA, and Archer has always integrated well with most tools on the market today.
Vice President at a financial services firm with 10,001+ employees
Nov 26, 2021
It is enterprise-wide accessible. So, it is very helpful for all the employees in our bank. They can log in and do their risk management activities. It has a few inbuilt modules that are helpful for doing risk management activities, such as issue management, risk identification, risk assessment, and policy exception management. It also has some inbuilt workflows inside these modules. They are also helpful.
Sr. Internal Auditor at a energy/utilities company with 10,001+ employees
Dec 17, 2021
Its user interface is pretty neat, and there is flexibility in generating the data. You can customize reports at any level. You can directly get reports in Tableau format. If you want to generate statistical data, you can create reports with graphs. There is an adequate amount of flexibility for changing the format, the type of graphs, etc.
RSA is a very rich application. I like its adaptive suggestion, where based on your users and the class of data, it can actually recommend you the proper control to choose. For example, we have been using PCI DSS as an NIST. So based on application feedback, it will provide you with a suggestion on which control objective needs to be set. Based on that, you can make a decision—you don't need to take the suggestion, but you can customize that particular provided suggestion. RSA Archer's workflow is also good, in terms of process automation.
With RSA Archer, an admin can set permissions for a normal user to go directly to the tool they need to input some data. Admins can then go through that and approve some requests. Also, they can log in based on these kinds of permissions, including ticketing, service patches, or upgrades.
Vice President at a financial services firm with 10,001+ employees
Nov 26, 2021
There is no inbuilt alert in Archer to let us know that a data feed has failed or did not run for different reasons. So, we don't even get to know that a feed has not run until somebody reports it to us. This has been a problem all the time. Data feeds have always been a big headache for us because there is no feature to let us know if a feed has not run or has failed. If Archer had a feature to send us an email notification when a feed has failed, it would've been very helpful. This is the reason why our users are slowly moving away to another platform. Some of the modules that I have been managing are being moved to ServiceNow. Next year, a lot of our modules will be moved from RSA Archer to ServiceNow, and the data feed issue has been one of the main reasons.
The first improvement I would suggest for RSA Archer is a better search feature. The search criteria needs to be improved. Sometimes I do a search and the search doesn't return the exact item I'm looking for. RSA Archer could also be improved by being more user-friendly.
Maybe I have been using a limited version of RSA Archer, but I'm not sure whether it has ESG, environmental and social governance. In the next couple of years, ESG is the next feature that will be integrated into GRC tools. I would recommend RSA Archer adds ESG.
It would be nice if RSA Archer featured more customization. When customers are updating, they should be notified whether certain updates are optional. The install screen should not proceed to the next page unless we make some selections about which updates we want to install.
