RSA Archer Reviews

We have four primary uses of the solution. My job role was mainly the administration of RSA Archer, in financial services for the public sector bank. Our main use cases were security incident management, mainly to the cyber security incident management, and also the governance risk and compliance part to the DRC part. The auditing and audit updates all were taken through the RSA Archer, and also the customer feedback. But mainly RSA Archer was used for inventory. 

At my organization, we used to have a manual process for every communication work. For example, security monitoring management and everything was happening through mail and was on Excel sheets, things like that. So after acquiring RSA Archer, we were able to have a single platform, a dedicated platform where we can get all our requirements. The solution has improved my organization by having everything combined into a single platform.

I have used a couple of other products for the same domain. As compared to Archer, this solution is a highly mature product. The interaction has highly improved, especially in the latest two updates. The flexibility of the application and the usability have improved a lot as well. That's what I think stands out for RSA Archer.

One area that could be improved with the solution is the administration part, the backend task. That is a bit complex; or rather, the user interface can be made easier. For the newcomer, Archer might seem a bit complex. But once you get used to that, it's all fine.

In the next release of the solution, I'd like to see more inbuilt applications. For example, I talked about our organization having security management. Those are custom applications built by our own team. These are not out-of-the-box applications.

I have a total of three years experience with RSA Archer.

After deployment, my company managed the solution. We've had multiple issues with RSA Archer. The database has gone down; the infrastructure on the application side had a couple of issues; sometimes the services went down. After upgrading to the latest version of the solution, they are more stable than the previous one and it is a lot better now.

I'm really satisfied with the performance. We have more than 1000 or 2000 current users on RSA Archer, and we haven't faced many problems.

It's really scalable because we have options to import users or applications automatically; there are options to import a large number of users. Last year, we had a merging of three banks, and the users of the other two banks were brought into our Archer. They had more then, about 1,000 to 1,500 users, and that was done within a month. We were able to integrate all applications and users. Scalability won't be an issue.

I have been in touch with Archer customer support a couple of times. I have had good experiences; I haven't faced many issues with them. But it will depend upon the company's contract with RSA. There are different support levels.

I haven't worked on the deployment of the solution, but I know the basics of the infrastructure. It's not highly complex, but it is complex as compared to other applications because, in addition to applications and databases, we have the services side as well.

Our deployment of the solution was done by a third-party.

The solution is not at all a cheap product. Whenever someone is planning to buy the RSA Archer application for their organization, the first thing is to understand whether they really need it or not. We have our in-built applications, but first, we need to check whether we require it or not. That is the main thing. The second thing is whether they have the technical people available who are able to handle Archer. Even if they have the product and all, there aren't many people in Archer. We always be making custom applications; we hardly use any built application. So we should have technical employees there.

Talking about my personal use, RSA Archer is one of the four tools which I have managed. And talking about in my organization, it is used extensively. The main core use was security incident management.

I would rate the solution an eight out of ten.

My role is as a developer or administrator of this tool, but I'm also a user. I work as a senior system developer and we are customers of RSA Archer. 

Previously, the process we required was carried out in Excel data with follow-up emails through Outlook and it was very difficult to track. After we implemented Archer, things worked a lot more smoothly, and rather than looking for things, the system sends a notification reminder. We can do everything within the tools; updating records and publishing them, maintaining approvals, reminders, reporting, and dashboards. 

Some of our clients who use Archer bring the activities scan and present data into Archer, and can then manage their workflow. They can see the overall risk rating, how it relates and where it's coming from, the device causing it, those kinds of things. They wouldn't have been able to do that without Archer. 

The tool is really well designed overall and you can develop any application, automate any workflow including the GRC work processes. Workflow can be automated very easily so that providing access and making changes are all relatively simple. I find that integrations are very easy in this tool. For example, bringing data from an external tool is easy and manageable. It also provides a single tool to manage all the different workflows and different processes. For example, you can perform risk management, policy compliance, audit, and all other processes. It's really a one-stop-shop and a great feature compared to what other tools offer. Finally, the core solution and library provided with the tool are great compared to other tools like ServiceNow, which still process metrics. I don't think they come close to Archer. 

Other tools, specifically designed for audit management have a better GUI than Archer. The problem with Archer is the business process. If you design in Archer you get a lot of tasks and a lot of information that gets congealed, which users don't like. The issues can be solved using the advanced workflow feature of Archer but it was only recently introduced and most clients are still using the old version to run the workflow.

If your process requests many tasks, many approvals, workflows, etc., then you're definitely going to see a lot of information in one sheet which makes the job harder. It's all dependent on your process. There are some flaws in the system, which are generally rectified over time but there is still room for improvement. I've previously given some feedback and, in general, there are a lot of complaints about the GUI. 

I've been using this solution for three years. 

The solution is very stable but as the data grows and the size of the database grows, you need to add additional servers or sources to manage latency. It creates a lot of logs and the data fills up if it's not properly maintained. It doesn't require daily maintenance but a clean-up is needed at least once a year. If you have really good hardware resources, you don't really need to do that.

The solution is easy to scale. Just add a server, then store the tool in it and then load balance it. It's not difficult. We have around 2,000 regular users and we're likely to increase that.

I think customer support is really good. There are some times when they don't have a solution to a new problem, something newly identified, but they submit it to the engineering team and ultimately it gets fixed. It can sometimes take a few months but I don't see any major issues with their support. I think they're pretty good.

The initial setup is reasonably straightforward. Deployment is generally carried out by one person. If a company wants to maintain segregation of duties, then multiple teams are necessary; one for development and another for deploying the change in production. Deployment time depends on the change you are pushing. If there are multiple items involved, the best option is to deploy the package. If the application has millions of records, then it will take longer to recalculate. If there's a smaller number of records, deployment can be done in a couple of hours. 

We've definitely seen a saving with the automation of the process. It saves time which can be spent on other activities. And, of course, that means a cost saving. 

I believe our licensing costs are around $100,000 for the tool and that possibly includes a basic solution that comes with the tool. If you then need another solution then there is an added cost for that. I don't know how that compares to the cost of other tools. 

For anyone trying to automate a data GI processor, Archer is a good product.

I rate the solution nine out of 10. 

My primary use cases of RSA Archer are for business resiliency, business continuity management, third party vendor management, IT risk management and some of the other governance and compliance applications. We are partners with RSA and I'm an Archer system administrator. 

There are many benefits to using Archer as a platform. Previously, all processes in the organization were scattered. Once Archer was implemented, everybody had a role to play. It was just a matter of logging in, doing the work, and moving the workflow to the next stage. Prior to Archer, all the work took place via emails or sharing of Excel files. Archer has streamlined everything and it's really helping the organization to manage potential risk and data security. Security is key these days.

I believe the record permissions and data import are the most flexible and user-friendly features because they enable all information to be available on the platform.

Compared to other GRC tools, RSA Archer is a little complex in the sense that even users need to have some knowledge of the tool. Without any knowledge, both users and developers will have a hard time. I'd like to see the access control part simplified. Reduced complexity in the Advance Workflow and on the front end part of the tool would be really helpful. 

System administrators have overall control over the system, but it would be good if they could get more control over Archer. Finally, Archer has the option of custom coding things not currently supported by RSA. If it were supported that would be a great innovation because clients have needs that are not adjustable or incorporated in the tool. All those changes require coding which increases complexity.

I've been using this solution for close to four years. 

I think the level of stability and performance is connected to the size of the organization. There can be issues when there is an Excel load in the system, or when there are too many users and too many processes running on the backend. Things can slow down and we've seen glitches and delays. If processing speed could be increased, that would likely solve the issue. 

Scalability is there but it's not easy. You need to be familiar with the system, which can take a couple of months. Once there's familiarity it becomes more user-friendly. It's not as easy as ServiceNow or OneTrust. Those are much lighter tools and easier to learn. Scaling should be more user-friendly. We currently have around 9,000 active users and I expect that to increase in the future.

Customer support is working well and I don't have any complaints about that. 

I have used ServiceNow but nowhere near as extensively as I've used Archer. The problem with GRC ServiceNow is that it has limited features, which is why we switched to Archer. It has better features and functionalities.

The initial deployment needs to be carried out in coordination with RSA because it's their product. It requires a web service, application service, database service, everything needs to be designed for the platform. It would be great to have some kind of video or technical demo to help with this. 

If the process of going from the ESC environment all the way to the production environment could be easier that would be really helpful because it's very likely that not all environments will be in sync in most organizations. Features are going to differ from the broad environment to the lower environment and while packaging, the features of the lower environment also come into the production environment. Maintaining synchronization takes a lot of time so if there could be some flexibility and ease, that would save a lot of time for the organization.

In terms of return on investment, I think the processes and management as far as risk and governance compliance is concerned, have been very effective. Achieving their objectives and tasks in a timely manner with all the necessary security and parameters along with streamlining is a return on investment. I'm unsure about the benefit in revenue, it's more about improving risk and the governance processes.

Archer is expensive compared to other GRC tools. The product is generally used in multi-national companies like JP Morgan, Morgan Stanley, Amazon, Goldman, or eCommerce. They all use Archer. The cost would be prohibitive for a small or medium-scale company. If Archer is looking at promoting this product, they need to work on the pricing because only large organizations can afford it. There are many additional costs involved so that if one needs to develop some features in the tool there is an additional charge; if you ask RSA for any kind of enhancement or development, they will charge you; and if you'd like some consultation in regards to the product, they will charge you for that too.

This is a really nice tool because the majority of what it provides is not offered by other solutions. It's a matter of learning the tool and accepting how it works with an open mind. Anyone using it will find it really helpful for the GRC processes.

I rate the solution seven out of 10. 

For Archer, today there is everything from risk management to looking at security and how to track all the security defects. We don't have Archer connected to ServiceNow. We had the better version when I was at Albertsons. Just before I joined UFG, we used it not only tracking deficiencies, but also doing all the risk work and all of the vulnerability management, but we tied it to ServiceNow so we could issue tickets and track stuff. That's the way to do it.

Our version is on-prem, which I used also used at Wells Fargo where we had it on-prem as well. I thought the best version we used was at Albertsons, we were in the cloud and we were using their stuff. To me, that's a better way to go. You want to keep it up to par, and you can't screw around with the data structures. It really keeps you current which is probably the best example so you get the best bang for your buck.

When you get it to work, then it's valuable to me. The part I liked about Archer was the risk assessment for deficiencies and being able to use it there. The part I don't like is what it takes to get it really working right. That's not trivial. You need people that really understand it, and you also have to get people to stop making changes to the data schema and the rules, because if they do that, then it defeats the whole purpose of Archer.

The problem is, and I've had years and years of experience using it, let's say decades of experience with it, and they keep changing it. It could be as much as two years or so and they change the product. My concern is when they go from module to module, what do they do? Is it consistent to what the industry wants? And they could also add some things and improve on their product for when we want to match up CVS to it and a few other things. And I think the training is hard. I think they need to emphasize that you take people and send them to training. But today with COVID, how do you do that?

I use RSA Archer on a daily basis. Some people in the Archer group call me a pain, they keep saying, "Well, we can't do this and we can't do that." I say, "Let me show you how it's done."

I have been using it since they first started. So that's got to be almost 15 years now. I knew it when it wasn't even Archer, when it was part of Ernst & Young's suite of risk products. And then Silver Shire took it out of there, formed his own company called Archer. And that's how it was developed. I go that far back with Archer. I've seen it evolve, and they keep changing modules, names, pricing. It's kind of fun to watch the industry.

In terms of stability, if you do it yourself, it can grow big depending on how you want to use it. I've seen and been in companies that want to do all this fancy stuff and all the rules and everything else and it just eats resources you could point at, being 20, 30 servers. It's big.

It's resource-hungry, that's the best way of putting it.

In terms of scalability, that's a problem. When you want it to scale, it costs you resources, just like that other product I hate, Splunk. I love the products, but not the resources they eat. It is expensive that way.

When you find the right one in tech support, it's good. They're all good, but some are better than others. When you're in a crunch, you want the best person right away. Guess what? I want it now. It's like a kid. I want it now.

I'd give tech support an eight to nine.

The initial setup is complex. It's not straightforward and never was.

It requires knowing what all the modules do, understanding what you want to do, and then finding the right people that can program it. And finding those experts is not trivial.

At one time, it was the only thing available. Now there are other products that I would consider.

Make sure you know what you want to really do and pick the right modules and do a lot of planning, planning, planning. It's like building a house. If you don't do the planning, when it comes down to trying to build it, you really get screwed or the team gets screwed. And I don't think people do a lot of planning.

On a scale of one to ten, I'd give RSA Archer an eight.

It's Archer - there are days when their stuff is awesome, there are other days when the frustration level is way too high.

It is used for enterprise risk audit, corporate compliance, and vulnerability reporting like threat management reporting. It is a whole suite that has different products depending on what you want to track and report on.

I do use the SaaS version, but I have also deployed it on-prem, and I also have experience with the original cloud version. The one that we deployed originally on the cloud was on AWS, but now they do everything on SaaS.

From my perspective, because I've always done it as a consultant, I do like the way it is configured. They've gone into changing the application builder interface, so it is even easier. When you're working with users, it is really easy to show them how to do things quickly and how to configure, change, and design stuff quickly.

Some of the error reporting isn't very clear. When you're looking for information on error codes, you got to do a lot of digging.

I've never seen any major issues.

Its scalability is very good. Because of the way they've set up their licensing, it's now very easy to scale, especially if you're using SaaS.

We have over 60,000 users across all departments. Some users just go to check the status. I would think it is being used extensively.

It has changed over the last six months, and it is a little bit more challenging. When you have to report an error, you can't really find a lot of detail online. You have to open a case file, and then after opening a case file, it does take some time for resolution. From one to five, I'm going to rate them a 3.5.

It is very straightforward. The documentation that they provide is clear in terms of the instructions that you have to follow through. It is very well documented. Most users and techs can follow it, even with very little experience.

For its deployment, usually, there are one or two people. You don't need more than that because it's a very easy product to upload. If you're doing it from scratch where you have absolutely nothing, it is about a half-day setup.

It requires very little maintenance. Their upgrade packages are pretty quick, and it is easy to do the upgrades. It is very user-friendly, and even if you have no tech background or you're a new Archer administrator, it is very easy to do.

Its ROI is quite high when you look at how long it takes for people to input stuff for compliance risk, vulnerability management, and threat management. The centralization of data allows you to get a pretty high return on your investment pretty quickly because it's really easy to implement. It doesn't take like a year. You can do it in less than two months, depending on the solution that you want to implement. The customization opportunities with reporting are also pretty high.

I am not 100% familiar with that, especially with their new model. I just know that the way they've licensed per user to scale is good.

I would advise others to know their requirements going in because there's so much flexibility with the product. You could over customize it just because it allows you to do so much, but sometimes too much of a good thing is not a good thing. If you know your requirements upfront, your road to success is short, but your return is high.

I would rate it a nine out of 10.

We use this solution for task management and reporting, with a focus on Risk Management services. We have this solution deployed on-premises.

Before we adopted this solution, everything was done in Excel. One of the main modules that we are using is the Risk Management module. We're in IT, and IT is a big domain, so if we have a lot of findings then the Excel worksheet would be passed between different people, and the data would be scrambled. Someone would later have to come back and bring all of the information together into one sheet. It was very hectic, troublesome, and time-consuming. We had a lot of things to take care of, and we needed a dedicated team just to bring the information together. We also needed expertise in terms of who can put the information together into a graphical format to make it easier for management to understand, as well as more general reporting.

Previously, we had almost zero reporting because of this hectic chaos. Now, we have all of the information right there, like a central repository. All of the risk owners have access to it. They can see their own and they can automatically fill in their actions and give us updates. With the central location, we have minimal resources required in order to prepare the review. We can export, report, create dashboards, drag and drop, etc. It has saved us a lot of effort.

The most valuable feature is the enterprise module, which provides the capability of having all of the information stored and linked with everything else. For me, that is eye-catching.

The dashboarding in this solution needs to be improved, specifically the graphics. I am trying to find other solutions because I want to create management dashboards. This product has its own built-in design capabilities and how to present things, but it doesn't have a bullet chart. The bullet chart is the best graph for my purposes, and it should be available for inclusion in the dashboards. We are doing audits and risk management, and there are timelines related to when things are due. All of that can be very easily seen in a bullet chart graph, but what is available now are pie charts, bar charts, and the simple information that is not as meaningful.

The reporting features are very basic, PowerPoint-like capabilities, that should be improved. They should be more like the features available in Power BI, or Tableau. As a workaround, I tried dumping the information from Archer into these two solutions, but it would be much better to have the functionality built-in.

When it comes to searching, the filtering process is not very intuitive. If I want to filter then I have to use too many buttons to get to what I'm trying to search for. If they can simplify the researching process then that would be good.

This solution is very, very stable.

This is a very scalable solution. After we implemented this solution, two different departments saw it and were impressed with the tool and how the work could be done centrally. We spoke with the vendor and added the scope for these departments. Now, it is centralized throughout the company.

We do plan to increase our usage of this solution. Its capabilities are almost infinite, but we're probably utilizing just twenty percent of it. We know its capabilities and what it can do, but there is a shortage in the availability of resources that can actually utilize the tool. There are perhaps three or four people that can use at least forty percent of the functionality.

We've assigned a task to a few team members so that someone can get a fresh look at how we can fully utilize it. It's a heavy tool and we want to use it. The problem is that it's just not that easy because you need someone who will actually understand the logic behind it, and also has the experience with the functionality. This is not expertise in the solution, but rather, the management. For example, we need someone who can understand the entire risk management flow in order for them to be able to use the tool efficiently.

Because of the vast differences in the domains being used in Archer, each team member is using a section of it. It's not really utilized how I want it, because I'm the leader of the team and I want to use this as the main tool for the entire IT department. However, I don't have the resources who can actually spend that much time to use it.

Technical support for this solution is very good.

We had one person as an expert that was providing level one and level two support for the solution. We had minimal occasions where we had to go to level three, which is to contact RSA directly. We did have some questions here and there, and we understood that the technical support team is very good at their job.

We did not use another solution prior to choosing this one. Everything was done using Microsoft Excel.

The initial setup of this solution was very complex because of our organization. We had to manually put in the entire organization and the functional design. We had multiple teams, departments, and divisions. It is a very mature organization that has more than seven thousand employees, and there are a lot of sections. We have gone through multiple re-organizations and still haven't had the time to actually change the structure in this solution, because of how complex it is. It was complicated and still is.

Deployment took a full year with dedicated resources. Seven people were involved in the deployment, each one working on a different thing. One was doing the logic, another was doing the structure, etc. We have very different models, including Risk Management, Audit, and Enterprise, so each person was working on something.

We hired a consultant to help us out with the deployment. After it was complete, we gave him a job and he came to work for us. Because it was so complex, we didn't have the resource in terms of someone to actually understand the tool because of how complicated it was to build it from scratch to match our organizational structure. It takes time for someone to understand the entire company, and since the integrators did that within the year, it was easier for us to bring him on board and then train people along the way.

We have seen ROI with this solution, although not directly. Before Archer, we needed people to come in to perform services for us. For example, if we needed to do risk management then we needed someone. They had to create the document, the module, and the framework, and then they come and do the assessment themselves. They are the ones that actually do the questioning, get the results, and give us the reports. That, itself, costs a lot of money because we have many services in IT.

Our on-premise expertise is aware of most of the things that are on the ground, but we just don't have the capacity to deal with all of them. So, we do it in small batches, here and there. We want people for cloud, people for risk management, people for audit, and people for compliance. Each of those different modules has a different price tag on it.

With this tool, once it was built and designed, we were able to use our own internal resources. We don't need to go outside. All of the questions are already there. The policies and procedures are already built-in, and you just need to tweak them a bit. So, it helps us just in understanding what's there, on the ground, and then we can mark our territory from there. Overall, it saves us a lot of money to be spent if we are taking care of these services individually.

We did evaluate other products back when I was in the metrics team. I was also looking into other tools just recently because we need the contract for the extension of the maintenance for another five years. So far, Archer has been the best. It stands out among the other tools that are coming into the market, and there is no comparison.

What really separates RSA Archer from the other solutions is the depth and richness of the different features and functionality that it has.

I've seen other tools that are very intuitive, easy to deploy, and easy to understand, but not as rich in functionality as RSA. This is the solution that I want to make the best use of, but I'm not prepared to do that because of the dashboarding. In three years, we will re-visit the evaluation process.

My advice for anybody considering this solution is that if you are a mature organization then this is the best tool to use. It has cross-disciplinary functionalities in which multiple teams can be using the same solution. Companies who are not yet mature, but want to develop, can use this tool as a baseline that will help them mature.

It has the entire process. It will help you streamline what you want, have visibility of what you need, and you can build up. Basically, it's a central repository for everything. We have enterprise architects who are interested in this solution because of the Enterprise module, and it's capabilities. Having all of the information connected, within itself, is the best value that you can have.

I, myself, wanted to become an expert and certified in using this tool. The only thing that stopped me was the lack of bullet chart capabilities in reporting. It's what is holding me back.

Without the support for bullet charts, the visibility that we need is lacking. For example, if there is a textual date like the 25th of April 2020, for us there is no visible representation of the date. A bullet chart will tell you how far it is, how far we have come already, and what the target is to get there. This is an amazing tool, but without that graphical representation, it just puts that aside. This is why I'm trying to find another tool that will compensate for that.

I would rate the closest runner-up to this solution a six out of ten, with all of the other solutions somewhere below that.

When it comes to this solution, I would rate it an eight out of ten.

RSA Archer is a governance tool, used especially for bank applications. At the same time, there is the NetWitness tool, a SIEM solution that was created by the RSA division. They have integrated the incident management, along with RSA Archer. Whenever the SIEM solution creates alerts, Archer can be triggered, and you can elect notifications to your mailbox. 

If you click on the link, it'll link to you the actual incident, what happened in cybersecurity. You can do a number of things, like a workflow and approval from the manager level.

The features help save a lot of time in the organization.

The most valuable features of RSA Archer are the asset management, risk management, and vendor management. It's a very simple tool that you can learn within a short period of time.

If I use an AGP, for the onboarding process, for example, I'll create a workflow. An item will go to my manager, the manager approves, and I'll automatically get an alert notification sent to me saying that you are being onboarded. 

You can also put a lot of limitations, like permissions and values, in the AGP. As a security person, that is important to me. You can use any number of groups and permission levels. Now I created vendor management and many people have different kinds of applications in the AGP. Many people are users, but that doesn't mean each particular person can access all the applications in the AGP; it'll be limited. At the same time, I also can give edit permissions at the system level.

One area that could be improved is the solution needs to go further with most of the APIs. They need to create multiple APIs and integrations, in my opinion. A few things can't be done from the RSA level and it's not user-friendly when you're working with the other tools. With the RSA products, it's very easy, because it's an inbuilt application. If you need to integrate the RSA products with another SIEM solution, then it doesn't work properly. You have to create a new API for that integration of Archer.

Beyond that, additional features would make the solution too complex. If additional features were added, the solution would need better sustainability and marketing. RSA would also need better online support. The solution would be more attractive with improvement to these items.

I've been working with RSA since 2013.

The stability and performance of the solution is good.

The solution is easy and simple to scale.

The initial setup is not complex; anyone can do it. Deployment should not take more than two people. The time it takes depends upon the cluster environment. If it's a single instance, you have only one database server, it shouldn't take more than four to five hours for the deployment. If it is a cluster with a lot of employees and a big organization, they'll have disaster recovery and more involved. In that case, it'll require at least two days or so.

We are involved in the integration of everything.

The license is costly for the solution, but the remaining setup and maintenance is a lot cheaper.

The RSA Archer tool is useful for governance listing, workflow, risk management, incident management, and auditing. It's a very easy methodology for senior management. In Archer, even though it's confidential data, you can store it in the proper way, and there were a lot of APIs which can integrate with Archer. For senior management, it'll trigger an alert and you'll see a project automatically to approve. You can do wonders with this tool, but you have to be very specific in your utilization.

If you only use two to three products in RSA, you're wasting a lot of money and people resources. You have to bring awareness; what is this tool? Show users the solutions that can be implemented.  

I would rate the solution an eight out of ten.

Archer is a repository tool that is leveraged by all the security teams across the firm. The analysts and architects use it to store their data and store the vulnerabilities, which are coming from other applications while scanning the devices and everything. 

My job is to integrate the other applications with this application and try to bring all the data from those applications in here and create a workflow, environment, and framework for the different teams to use those records or vulnerabilities to  make a decision on what they should do. It just makes their life easier.

We are using the solution on-premises, but we are going on the cloud next year.

The last project was for an investment group that was using Excel. Shifting their records from one position to another took approximately 15 minutes. In Archer, we created a workflow for them to leverage it, and they could send the single record with one click to one person within seconds. The whole process went from 15 minutes to two minutes to get the approval for the records. The main purpose of Archer is to just make it easy.

It is really valuable to me because there are a lot of things which I can do and learn from, especially different programming languages. It's not just built on one thing. There are multiple languages which I need to learn in order to run this. One is JavaScript. On the back end, it's C#.NET. On the server type, it's Java. Trying to figure out every single thing makes my knowledge grow more and more every day.

There is a platform called Archer Community where we can post our concerns and any areas that need to be improved, and they will reach out. Recently, we made a suggestion for cross references, like for one application to another. There were limitations there, so we're hoping that will be included in the next upgrade.

Whenever there's an upgrade, they'll just make changes to the application. RSA is a Dell company. Dell is the parent company, and RSA is under that.

There are performance issues and bugs here and there, but it hasn't been a real concern. Sometimes it's slow, but mostly it's on our computers and processors. We just need to delete some stuff there and put them back on the server.

It is very easy to scale. Right now, we have three teams using the solution. It's about 15 to 20 people.

We are responsible for maintenance. There's a team of 20 to 25 people dedicated to Archer. Once it goes to the cloud, then we won't be responsible for maintenance.

We have plans to increase usage in the future. We are talking to the different departments of the company. Archer is not like a business. It doesn't go outside the business because it's really a security tool, and it's just used by the security departments and different departments who are involved with security. It just involves the company. We're trying to leverage it to different departments and we'll see what happens.

They are good. They don't need any improvement, but sometimes they need some guidance. We have our documentation, so they can just refer to that.

Previously, they were purely on Excel files and getting data from the applications inside Excel or Word format. I think this is the first solution they went to, and this is the best tool for GRC, governance, risk, and compliance. There are other tools but they would be confusing for the business, so Archer is the best right now.

The setup process was really easy. You just have to package and install it. There were two or three people involved in the deployment. It took about a day.

I would rate this solution 8 out of 10. My advice is don't just stick to Archer. Learn different tools because it's just a tool in the end. It will be fully configured, and you won't have anything else to do. Go into the business side and try to learn the business.