RSA Archer Reviews

Our primary use case of this solution is for GRC. I work for a bank and we used this tool to audit our information security team and our cybersecurity team. We had our control library, regulatory requirements, and third-party risks on Archer. So basically, I would say audit, regulatory requirements, third-party risk management solutions, and all kinds of controls, including SOX. These are the integrations we had set up. Right now, it's deployed on-prem. 

This solution helped us with the centralization of our governance data, so we could house all of our controls in one place. We could use that central repository of all our controls to build our risk management strategy and our policy and governance. So we could use controls as a central library and build policy, and then build risk management around it. 

One of the most valuable features is the ease of use. The customizable forms and drop-downs are pretty easy to configure. Automated notifications is another feature that is nice. The whole workflow, basically—if you're going through a workflow process, the whole process is automated with notifications. Basically, it's a pretty straightforward, easy-to-understand interface. I've also had the chance to develop some backend configurations, which is straightforward as well, if you want to add a new field or anything. 

Archer could be improved by having more customization. I'm not sure if the backend processes have API calls and those kinds of seamless integrations, but from the front, some of the solutions are very out-of-the-box. It's not customizable, so that could be a little problematic since you have to use their features. In terms of the backend structure, I'm not too sure because I'm not a developer—I was an end user and product owner of Archer—and I don't quite know the backend and developmental features. But since it's an out-of-the-box solution, sometimes customization was challenging and support was a little problematic because we had to reach out to them all the time. 

I have been working with this solution for the past 18 months. 

We did have a few outages, but otherwise, I must say it's fairly reliable. 

For maintenance, there's an admin dashboard. It's a capability that is handed over to our user and admin has super user access. 

This solution is quite scalable. At that point, it really depends on the strategy. Since we had all our controls on Archer, it was easy for us to scale and deploy other applications or develop other applications seamlessly. But imagine you had your controls on a different application—if it was not on Archer and you had to scale, it would be challenging to move all your data into Archer and then scale. So that is something that could be challenging, but since our strategy was already Archer through and through, we did not find it difficult to scale. 

There are approximately 500 users, across all departments, using Archer. It is being used extensively at the moment. Right now, we don't have plans to increase usage, but I'm sure there's going to be organic growth. 

On a scale of one to five, I would probably rate support a three. I wouldn't say it's the best, but it's not bad either, in terms of both the response time as well as the support. 

We used SharePoint for a bit. We switched to Archer because the graph, user interface, and all that was better than SharePoint. I'm not too sure about the strategic decision because I wasn't with the organization back then, but I know that they wanted a centralized location for their governance, risk, and applications. 

I think the deployment process is pretty straightforward. The solution was deployed for us through a third-party consulting agency, so it wasn't Archer or RSA developers, but a third party that implemented the solution for us. During the time of deployment, we were in a CI/CD mode, so we always had new applications, customization, new fields getting added. 

A third party implemented the solution for us. 

If you are considering implementation, my advice would be to decide on a strategy first before you implement a solution. The solution is nice, but unless you have a strategy, I don't see the point in implementing it. 

I rate Archer a seven out of ten. 

I'm an administrator for RSA Archer and a consultant, so I create platforms for various businesses based on their requirements. RSA Archer is a GRC tool, so RSA Archer controls and regulates different enterprise GRC solutions and IRM modules. I create those platforms for various business users according to their specifications. They provide us with the storyline, and then we advise them on ways to use RSA Archer to manage their processes. And then, once that is done, we create an RSA Archer platform.

RSA Archer has updated its UI many times. And the UI is now much more rich and user-friendly. That's one of the major things that they have changed recently. Our business users are much more comfortable with the latest UI. Also, the reporting mechanism inside RSA Archer is another thing that is very user-friendly. And all the business users, in most of the cases I've seen that they are very comfortable in using the reporting tools.

RSA Archer is a valuable tool because it can manage the end-to-end functioning of any enterprise GRC module, such as compliance and risk management or business continuity plans and the entire BCM module. RSA Archer also provides many out-of-the-box solutions, which are use cases derived from the standards for GRC or risk management, governance, and compliance. It provides an end-to-end mechanism for business users on a single platform. That includes reporting, managing workflow, creating documentation, or tracking a process where you need to get approval from the various levels within the organization's hierarchy. 

Integration is another great aspect of RSA Archer. From the beginning, integration has been a central focus for RSA, and Archer has always integrated well with most tools on the market today. RSA Archer has its own APA that can be integrated into any other tools using Dorknet, Java, or any other language you can think of. So the APAs are excellent and easy to work with. 

RSA is also increasing the scope of customization. When using a tool, consultants like us might need to customize it because the out-of-the-box solution does not perfectly match the client's requirements. So RSA is quickly incorporating those customizations and allowing us various ways to do that. In doing so, RSA is opening up more areas where Archer can be used. Vendor management is the latest example. They have already added one vendor management module. I'm not entirely familiar with it, but it can be integrated with other tools directly on a real-time basis. So that's one feature, which is very new to Archer, and I think it's going to be a breakthrough.

There are many small things that need improvement but on the whole, it is much better now than it was when I first started using it six years ago. They are putting out updates almost every day. The latest version came out just a few days ago, so they are constantly making minute fixes and tweaks based on input from different users. Users like us are developing applications on the tool, so when we have an issue, we open a ticket with RSA directly. If it is a new issue and they can't fix it, then they log it and provide a solution in the next release of their tool. They're also planning to move to a completely cloud-based solution, so they are providing all the support for RSA Archer to be easily hosted on the cloud and everything.

I've been working with RSA Archer for the last six years.

Performance is always an issue with any coding system. And RSA Archer used to have more performance issues. It was completely on-prem, so there were some slowdowns because of that. However, they've upgraded their backend systems, the codes, supporting database structures, etc. So the speed has picked up lately. They have improved in the last few releases, and I hope they will also continue to do that. 

We have various mechanisms to scale up. For example, we already have the lab configuration in RSA Archer, so we can use their lab to get that directory from the organization. And whenever it changes or updates, that's automatically reflected in RSA Archer too. So that is a very straightforward thing and easy to maintain also. And we plan to increase usage. My company is an RSA Archer partner, so they're always looking to increase the number of projects in RSA Archer. 

RSA technical support is good. They're very approachable and provide quick solutions. Sometimes there may be a delay, but only if it is a very complex problem or one they might not have encountered earlier. 

RSA Archer is very deployment friendly because it is quick and straightforward. Migration and deployment aren't too complicated. RSA Archer can do it more quickly than most other GRC tools in the market right now, like SAP GRC. RSA Archer is one or two steps ahead because the migration is pretty smooth and can be done very quickly. One person can handle it pretty easily, but it also depends on the level of customization you want. Whenever we are customizing a tool, we need a specialist. So during migration, the senior consultants monitor what the team is doing and the others supervise. But if we're talking about how easy it is, then one or two people can easily do it.

Then there is the regular maintenance, but it's more accurate to say "enhancement" than "maintenance." Every time the user has a new requirement, we need to add those things into our resources. So it's pretty easy to do if you have two or three environments with you, development, UAT, QA, production, etc. The migration is pretty quick, so it's easier to manage from the maintenance point of view.

We've seen a return with RSA Archer. My organization started with a single project in RSA Archer, and now we are handling multiple businesses at multiple levels and doing several different projects in RSA Archer. And the clients are returning customers. They want to get into RSA Archer as much as they can.

RSA Archer might be a bit expensive for small companies because it's a vast tool. It provides many built-in solutions and functions that can meet all of a company's GRC needs. So, ultimately, it is cost-effective because it offers tools that serve a variety of functions. It is costly, but if you are a big company, the decision is pretty straightforward in terms of the cost versus the service Archer provides.

The licensing scheme has several levels, and you can purchase additional licenses depending on your needs. So you can opt to get only a license for the use cases that apply to your organization. You don't need to buy the entire thing, so that is a good thing.

I rate RSA Archer eight out of 10. Nothing is perfect and every day RSA is perfecting its own tool, so I rate it eight. It is one of the best GRC tools on the market at the moment. But, every day new tools are emerging. For example, ServiceNow is one of RSA Archer's strongest competitors. They are also coming up with their own ASA application use case. But I would say that RSA Archer is a much more mature GRC tool, and it stacks up well against other GRC platforms like SAP GRC and IBM Openpages. So in that sense, I would say Archer is a more mature tool with good services that can be helpful for your organization. I would recommend it. 

I am developing applications in Archer from RSA (Rivest, Shamir, and Adelman). It is quite easy to implement the application. You just configure the workflow, define the forms and how the data is processed in the application. Everything can be configured without coding. You can use a code also to create special functionalities, but it is easy to do almost everything without coding at all.  

It gives me the opportunity to create custom security applications easily.  

The most valuable part of the product is the ease-of-use.  

I am currently using an older version of the product so my installation is not current. There have already been two new versions of Archer released after the version I have. I use 6.5 and 6.6 and 6.7 have been released. These two are minor releases. They are not really affecting the inner workings of how to do tasks but improving certain features like the interface. When I am creating applications I like to have what I know is a stable and familiar version of the product, so I do not automatically upgrade to the newest versions available.  

Because I have not upgraded, the graphical user interface is not the current one. It is not very modern and as user-friendly as it could be. I heard that the new versions have improved the graphical interface very much in this respect, and it should no longer be a problem at all. So, for now, I have some issues with the interface for this version but it may already be repaired and simplified in the new versions that exist.  

One thing I might like added is the ability to record a workflow in another application. It is really a sort of very technical thing and it is possible to do it in other ways, but adding this to the product could really help with the simplification of creating new workflows. This could make it easier, to implement some technical things.  

I have been using RSA Archer for one year.  

I have not experienced any problems with the stability of the product. It works as expected in accordance with the resources and feedback I received from my IT department. It can use a SQL server, a web server, or whatever I need. There is no problem with lag or overuse of resources on the server.  

The product is flexible and scalable. The processes that are created with the product are going to be used by every manager in this company. That is a total of about forty to sixty people right now.  

As far as how extensively I will use RSA Archer in development, everything I develop is per request. When somebody requests functionality, I am the one responsible for implementing it. It is not really possible to predict how often or how many requests come in or how complicated they will be. Usually, I am using it at least a few days every month. But I may be asked to implement an application that the other employees may use daily.  

I had a few problems initially understanding the sample they showed for the implementation. Once I contacted support they told me a few things to try and sent me links to additional documentation. When I read about it, I was able to easily resolve the issues I was having. When I was then also introduced to the community, I was able to continue to quickly solve any problems I had. There is a huge community of users that is quite active and can help other users to solve issues. It is great when others who have already solved similar problems in real life share their knowledge about how to solve those problems in your own environment.  

But in general, from my experiences, I would rate the support at RSA as very good.  

Another benefit is that — although there are many features already — you can propose new features directly to the company. There is a place in the user community to propose those features where they can be discussed. If they are popular features with users, they are implemented. So you can ask for anything and if you have an idea which is good — something which is required by others — it is usually implemented. I have recommended about four or five features that are in the process of being considered. It is a really good way for the company to guide their efforts in improving the product.  

A similar product that we used before RSA Archer was LDRPS (Living Disaster Recovery Planning System). We had to move from LDRPS to the RSA product because LDRPS went to the cloud. The security requirements of our management and of our customers are generally that they do not want to have very critical information on the cloud. In some cases, they can not have it there at all. We have to use a tool that is possible to install on-premises. When we were evaluating solutions, I was testing several of the products. I chose RSA Archer because it met this requirement and other needs we had for flexibility.  

I chose RSA Archer because I was tasked to find a tool that could implement business continuity planning. Archer can implement more processes in many ways, so it not difficult to implement anything from incident management to business continuity, to change management. Anything somebody asks me to do, they provide the requirements and it is really easy to implement it in this. On top of that, it is easy to customize.  

So this is the reason why we chose Archer. It is easy to implement, it is easy to change the workflow, and it is easy to customize the processes.  

Archer can be set up for use in very small environments and you can use one tool for several installations. It can be installed on several servers concurrently, so every server might be configured to have special features and styles and the instances of the installations cooperate together to provide the functionality of the tool. So the complexity of the setup depends on how large an environment you have. At this moment, I have experience only with very small environments, running the product on one computer. But the product also has great documentation. Just using the documentation alone I was able to install the product really easily and get it up and running on the one server.  

It took me a little more than one day to install. The deployment really depends on the use case. The use case is processing or the kind of process you are creating. For example, processing may need to analyze requirements supplied by customers. The more requirements and more processes you need in Archer the more complex the setup will be. Usually, it takes a few days to create a process. I would say on average that processes are implemented in five days. The options and features that the tool has are really quite vast. There are lots of features and every company only chooses to use some of them, which they license and use separately. It can be compared to something like Jira.  

I did not have to consider using an outside vendor for the installation and I was able to complete the install by myself with the help of the documentation.  

Many tools that I tested had processes wired into the application without any option to change them. When I needed to fill requirements that differed even slightly from what was already implanted in the tool I would need to make a workaround or need to implement another tool. This would not have been the best way to go about what I would need to accomplish regularly.  

For people considering this product, they have to be sure that it is a product that could really do what they need it to do. Mostly any workflow can be implemented in the process in the application if they want to build it. The best thing would probably be that they should just try it and see. I would definitely recommend this product, but it may not be the tool everyone likes the best.  

On a scale from one to ten where one is the worst and ten is the best, I would rate RSA Archer as a nine-out-of-ten.  

We use RSA Archer to connect to the purchasing department so that vendors can sell new projects, and we can connect these sales to our project management. This solution connects both areas to develop demand and activities, allowing us to control technical resources and manage hours. RSA Archer also helps with Project Builder and Microsoft Project to check activities, start and finish times, and layered activities.

The solution has helped our organization manage our internal and external activities.

The price of the solution is very affordable.

The financial area of RSA Archer has room for improvement. I would like to be able to send invoices to our customers through the solution.

I have been using the solution for three years.

I give the stability an eight out of ten.

We have 100 people using the solution. I give the scalability an eight out of ten.

Technical support is the best.

Positive

The initial setup is straightforward. The deployment required five people.

I have seen a return on investment.

I give the price a five out of ten.

I give the solution an eight out of ten.

I recommend the solution to others.

We have a partnership with RSA Archer and I'm a lead analyst and GRC for the company. 

We use this solution as a central repository. Instead of using various GRC options or other tools, we can use one platform with options to tailor the product to our needs. That's the benefit of using RSA Archer.  

I like the dashboards and reporting features; it's easy to gather reports quickly which is great when your VP is waiting for the KPIs. The solution is generic and it's great to have out-of-the-box workflows and concepts. I'm very satisfied with Archer, possibly because I've been using it for so long and I'm in my comfort zone. I know, for example, that ServiceNow GRC is more customizable but it's not as secure as RSA Archer.

I'm using a Mac and I can't get Archer to load in Safari. In addition, there are certain restrictions on API integrations, and it is not simple or straightforward. I'd like more customization and to be able to design our API integrations more easily, it would make a huge difference. We moved to SaaS because we wanted more integration and we wanted RSA to help with that. There has been some improvement but it's still not great. For no reason that we can figure out, there are issues with email; sometimes it works and sometimes it doesn't. We've raised that problem with RSA. There are some security concerns when it comes to authentications or DMZ or service accounts, which are still managed by RSA.

I've been working with various Archer solutions for about nine years. 

The SaaS version is stable. We have an Archer admin team that meets weekly with a representative from RSA so that any concerns or issues can be resolved as soon as possible. 90% of my work is on Archer and about 60% of the company are users of this product. 

The scalability of the solution is reasonable. 

I'm satisfied with the Archer support. 

I don't have a good recollection of the deployment process but we had three representatives from RSA and three or four engineers from a vendor contractor. Deployment probably took over six months, including the change from on-prem to SaaS. The solution hasn't required maintenance since we moved to SaaS. 

It's important to first look at the out of box workflow that RSA is offering, and then go for customization. Don't customize or overdo workflow because it degrades the overall Archer performance.

I rate this solution seven out of 10. 

My main use cases are risk assessment and policy use. I also use this solution to create on-demand applications.

RSA Archer allows you to implement government risk compliance and acts as a mechanism to ensure that the compliance policies and standards are met. It also documents every exception with proper reasoning. This makes auditing much more convenient.

The most valuable feature is the advanced workflow, which has totally ruled out any issues with data-driven events and which makes it easier to explain things to end-users because you can show them a screenshot of the workflow.

An area for improvement is Archer's use of Internet Explorer as a core browser due to its dependence on Silverlight, despite Microsoft ending its support for IE and moving to Edge. I would like to see an end to the use of Silverlight and IE and for Archer to add the ability to use any browser to make key changes and configurations. In addition, I would like for the new questionnaire feature to be developed further and for Archer to develop a proper built-in framework for working with organizations with sub-organizations and multiple companies.

I've been working with RSA Archer for 28 years.

Archer's performance could be improved - older versions can be very slow, and the application crashes from time to time.

Archer is easy to scale.

I have to contact technical support about once a month due to some issues with logging in. Generally, the team is responsive and proficient, though sometimes they can be a little slow to respond.

Initial setup is quite complex because every organization requires three instances of Archer, which requires changing the specific components for each instance and needs three teams to be involved in deployment. Deployment can take anywhere from a couple of hours to a full day or two, depending on how many different modules are being installed and the areas being impacted.

Archer is fairly highly-priced, especially for smaller companies.

If using the on-premises version of Archer, it's necessary to train at least a couple of people who can provide ongoing support. Prior to purchasing the product, make sure that you define your exact requirements and go over them with the RSA Archer team. I would rate this product as seven out of ten.

My primary use cases are IT risk management, policy management, IT compliance management, vendor risk management, and vulnerability management. 

RSA Archer allows you to create on-demand policies and custom solutions. It automates all our governance, risk, and compliance processes so that they can be easily managed and organized. Archer can build and automate workflows for anything that contributes to your risk.

The most valuable features of this solution are the ease of developing solutions and managing advanced workflows.

The main improvement I would like to see in the on-premises version is the amount of data the product can hold. You need to have a really good server to make it run if you have a large amount of data, which may be challenging for bigger organizations. Another improvement would be making more features available as APIs. There are also some automation issues - some areas are not truly automated but are only scheduled, requiring someone to be present to monitor the process, meanwhile using a lot of automation can slow the system. Finally, I would like to see more scope for developers to play around with the project - currently, it is so tightly coupled that you do not have many options compared to some other products.

I've been working with RSA Archer for ten years.

Assuming you stay within the limits stated in Archer's documentation, the stability is good. However, if you exceed their limits, you may need to play around with your power distribution to keep everything running smoothly. New patches or updates can also cause hiccups with stability.

The product is easy to scale.

Archer's technical support is pretty good - they are supportive, and their ticketing system provides real-time updates about any incidents that occur. The team also responds quickly to high-priority issues.

Setup was straightforward - for the on-premises version, the vendor sends an executable file, then you procure your resources and deploy yourself. The installation itself takes about twenty minutes at most, although preparation to install can take some time.

This product is at the higher end of the price scale, but it provides better, more accessible functionality and customization than cheaper products.

You don't need any experience with coding language to use this solution as it has drag-and-drop functionality. In two to three months, even non-technical people can be masters of the product. In addition, out-of-box solutions like risk management and policy management are really good. Maintenance is not a big problem, but if you heavily customize the product, you may need someone to keep an eye on those. I would also say that if you don't have your processes measured, don't jump directly into any of these products, including Archer. Make sure your processes are mature before implementing a product like this. I would rate this product as seven out of ten.

The solution is an integrated platform. We use it for risk management, mitigation and integration. 

I like that the solution has the ability to export data and provide us with daily reports. 

I have found all the features to be valuable, including those involving reporting, the dashboard, notifications, email modules, the database and data input.

There are many issues which Archer needs to work on, including those involving the database and the UI. I find the tech support to be inadequately knowledgeable. 

As I am a developer and responsible for providing production support, I do not have personal knowledge of the pricing. However, my colleagues claim that it is very expensive in comparison with other tools. 

As concerns the stability, we have not encountered any bugs, glitches or performance issues. 

Starting from the outset, we have employed very few applications, the current number being just shy of 50. 

The tech support should be more knowledgeable. 

We did not use a different solution prior to RSA Archer, which we have been with for a long time. 

As relates to the deployment process, I found the new packaging thing to be a bit complex, although it is fine. I got used to it. 

The length of the process varies with the number of applications. 

One person is required to set up the solution. The solution must be maintained. 

As I am a developer and responsible for providing production support, I do not have personal knowledge of the pricing. However, my colleagues claim that it is very expensive in comparison with other tools.

There are presently between 50 and 100 people making use of the solution in our organization. 

The solution comes with very good features. If they could just fix a couple of things then this solution would make a very good evergreen tool. 

I rate RSA Archer as a seven out of ten.