RSA Archer Reviews

We use RSA Archer to connect to the purchasing department so that vendors can sell new projects, and we can connect these sales to our project management. This solution connects both areas to develop demand and activities, allowing us to control technical resources and manage hours. RSA Archer also helps with Project Builder and Microsoft Project to check activities, start and finish times, and layered activities.

The solution has helped our organization manage our internal and external activities.

The price of the solution is very affordable.

The financial area of RSA Archer has room for improvement. I would like to be able to send invoices to our customers through the solution.

I have been using the solution for three years.

I give the stability an eight out of ten.

We have 100 people using the solution. I give the scalability an eight out of ten.

Technical support is the best.

Positive

The initial setup is straightforward. The deployment required five people.

I have seen a return on investment.

I give the price a five out of ten.

I give the solution an eight out of ten.

I recommend the solution to others.

We use Archer as a risk management portal. We've customized Archer to follow the Sherwood Applied Business Security methodology for governance and risk assessment. We don't use the compliance module much.

The main benefit is that we can automate risk management. The whole purpose of having Archer is to automate governance, risk, and compliance. Previously, we used to do everything in Excel sheets and Notepad. It was mostly manual. We'd send emails to people and collect information. Once you have Archer, you can automate all these processes.

I like how Archer requires very little programming ability. A person with minimum coding experience can configure the necessary fields in Archer. It's more of a drag-and-drop solution. 

When we have to do formulas or some other type of calculation in Archer, it sometimes doesn't work correctly. The fields don't display right, and we have to contact RSA Archer support to fix things. I think the calculation components are a bit complicated.

I've been using RSA Archer every day for the past six years.

RSA Archer's overall performance is good. It slows down at times whenever a script or some process is running in the backend. Sometimes our users have complained about the speed.

Scaling up RSA Archer is a straightforward process. You just need to upgrade your hardware and software. We have about 80 end-users working on Archer now. 

We've opened several tickets with RSA, and they're settled pretty quickly. The experience has always been good. 

When we started working with Archer, it was more or less the only product in the field that could do GRC automation. A few have been launched since then, but we've only ever worked with Archer.

Deploying RSA Archer is effortless. You just need to make a database backup of Archer and keep it somewhere. Then you can install Archer on any server and load the backup. Everything from A to Z comes back. It's restored, and you don't have to do anything. It's a straightforward process. The initial installation takes three hours, and two technicians can handle the job. 

After installation, it doesn't need much maintenance. We periodically deploy some security patches on the operating system, make backups, and cross-verify if the backup is working correctly or not. 

The initial purchase is cheap. You pay a nominal price to start then renew the license annually. You also must buy a license for each module. I'm not too fond of that aspect of the licensing model. You buy the elephant and then spend more money to feed the elephant.

I rate RSA Archer seven out of 10. To anyone thinking about deploying Archer, I would suggest exploring other products in the market as well. Archer is a bit costly compared to its competitors. 

I'm an administrator for RSA Archer and a consultant, so I create platforms for various businesses based on their requirements. RSA Archer is a GRC tool, so RSA Archer controls and regulates different enterprise GRC solutions and IRM modules. I create those platforms for various business users according to their specifications. They provide us with the storyline, and then we advise them on ways to use RSA Archer to manage their processes. And then, once that is done, we create an RSA Archer platform.

RSA Archer has updated its UI many times. And the UI is now much more rich and user-friendly. That's one of the major things that they have changed recently. Our business users are much more comfortable with the latest UI. Also, the reporting mechanism inside RSA Archer is another thing that is very user-friendly. And all the business users, in most of the cases I've seen that they are very comfortable in using the reporting tools.

RSA Archer is a valuable tool because it can manage the end-to-end functioning of any enterprise GRC module, such as compliance and risk management or business continuity plans and the entire BCM module. RSA Archer also provides many out-of-the-box solutions, which are use cases derived from the standards for GRC or risk management, governance, and compliance. It provides an end-to-end mechanism for business users on a single platform. That includes reporting, managing workflow, creating documentation, or tracking a process where you need to get approval from the various levels within the organization's hierarchy. 

Integration is another great aspect of RSA Archer. From the beginning, integration has been a central focus for RSA, and Archer has always integrated well with most tools on the market today. RSA Archer has its own APA that can be integrated into any other tools using Dorknet, Java, or any other language you can think of. So the APAs are excellent and easy to work with. 

RSA is also increasing the scope of customization. When using a tool, consultants like us might need to customize it because the out-of-the-box solution does not perfectly match the client's requirements. So RSA is quickly incorporating those customizations and allowing us various ways to do that. In doing so, RSA is opening up more areas where Archer can be used. Vendor management is the latest example. They have already added one vendor management module. I'm not entirely familiar with it, but it can be integrated with other tools directly on a real-time basis. So that's one feature, which is very new to Archer, and I think it's going to be a breakthrough.

There are many small things that need improvement but on the whole, it is much better now than it was when I first started using it six years ago. They are putting out updates almost every day. The latest version came out just a few days ago, so they are constantly making minute fixes and tweaks based on input from different users. Users like us are developing applications on the tool, so when we have an issue, we open a ticket with RSA directly. If it is a new issue and they can't fix it, then they log it and provide a solution in the next release of their tool. They're also planning to move to a completely cloud-based solution, so they are providing all the support for RSA Archer to be easily hosted on the cloud and everything.

I've been working with RSA Archer for the last six years.

Performance is always an issue with any coding system. And RSA Archer used to have more performance issues. It was completely on-prem, so there were some slowdowns because of that. However, they've upgraded their backend systems, the codes, supporting database structures, etc. So the speed has picked up lately. They have improved in the last few releases, and I hope they will also continue to do that. 

We have various mechanisms to scale up. For example, we already have the lab configuration in RSA Archer, so we can use their lab to get that directory from the organization. And whenever it changes or updates, that's automatically reflected in RSA Archer too. So that is a very straightforward thing and easy to maintain also. And we plan to increase usage. My company is an RSA Archer partner, so they're always looking to increase the number of projects in RSA Archer. 

RSA technical support is good. They're very approachable and provide quick solutions. Sometimes there may be a delay, but only if it is a very complex problem or one they might not have encountered earlier. 

RSA Archer is very deployment friendly because it is quick and straightforward. Migration and deployment aren't too complicated. RSA Archer can do it more quickly than most other GRC tools in the market right now, like SAP GRC. RSA Archer is one or two steps ahead because the migration is pretty smooth and can be done very quickly. One person can handle it pretty easily, but it also depends on the level of customization you want. Whenever we are customizing a tool, we need a specialist. So during migration, the senior consultants monitor what the team is doing and the others supervise. But if we're talking about how easy it is, then one or two people can easily do it.

Then there is the regular maintenance, but it's more accurate to say "enhancement" than "maintenance." Every time the user has a new requirement, we need to add those things into our resources. So it's pretty easy to do if you have two or three environments with you, development, UAT, QA, production, etc. The migration is pretty quick, so it's easier to manage from the maintenance point of view.

We've seen a return with RSA Archer. My organization started with a single project in RSA Archer, and now we are handling multiple businesses at multiple levels and doing several different projects in RSA Archer. And the clients are returning customers. They want to get into RSA Archer as much as they can.

RSA Archer might be a bit expensive for small companies because it's a vast tool. It provides many built-in solutions and functions that can meet all of a company's GRC needs. So, ultimately, it is cost-effective because it offers tools that serve a variety of functions. It is costly, but if you are a big company, the decision is pretty straightforward in terms of the cost versus the service Archer provides.

The licensing scheme has several levels, and you can purchase additional licenses depending on your needs. So you can opt to get only a license for the use cases that apply to your organization. You don't need to buy the entire thing, so that is a good thing.

I rate RSA Archer eight out of 10. Nothing is perfect and every day RSA is perfecting its own tool, so I rate it eight. It is one of the best GRC tools on the market at the moment. But, every day new tools are emerging. For example, ServiceNow is one of RSA Archer's strongest competitors. They are also coming up with their own ASA application use case. But I would say that RSA Archer is a much more mature GRC tool, and it stacks up well against other GRC platforms like SAP GRC and IBM Openpages. So in that sense, I would say Archer is a more mature tool with good services that can be helpful for your organization. I would recommend it. 

We customize this solution for our clients. We take all their requirements and prepare the design and format by creating fields, notifications, access controls and workflows. We use all the management features that the solution provides to support our clients. We are customers of RSA Archer and I'm a senior consultant. 

The Advanced Workflow feature is one of the most valuable and user-friendly. We used to have to write multiple calculations. With Advanced Workflow, things are much easier for the developer and end user. It's a robust feature that allows users to easily identify what they're doing and where they are. We're able to create multiple layers with a specified functionality that gives an understanding of what is required as well as increased flexibility. Archer provides good security, enabling access where necessary. It's also a useful reporting tool, clearly showing functional data and, when needed, the ability for comparison. The default dashboard shows daily activities that are easily captured allowing for information to be extracted. 

In the current version, RSA is a little slow mainly because of Silverlight which I believe has been removed in the next version. We have some issues using .NET because migrating requires retraining the custom object every time; it's a manual change which is challenging. For that reason, we don't use the custom object. What's needed is a valueless field, where we can drag and drop, add some values and the process is automatic. I'd also like to see an 'approved' button incorporated in the notifications for updates. It would save time and make life easier for the end users.  

I've been using this solution for 11 years. 

This solution is very easy to scale and easy for new users to understand.

Because we use most of the modules we're paying a lot to get good support. We interact with someone from RSA on a weekly basis and deal with any issues on the platform.

The initial setup is straightforward when you understand the system. We put our new users in the sandbox environment and get them to play around with it before setting out our requirements. It can be a bit of a challenge initially but not for long. It's not a common platform and is different from other tools. Once our users are implementing, it's a very smooth process for them. We have a total of seven developers, four are in-house and three are on contract. 

Deployment time depends on the use case; if it's a large implementation, it can take between six and nine months. The solution needs maintenance because of the updates and that often results in patching needs. We're using Archer on a daily basis. 

I'm not sure about the cost of the solution but every year we purchase additional on-demand applications. Archer offers a package that allows the purchase of 10 on-demand applications. You can purchase more than that and the price goes up accordingly. I believe these purchases come with two years of maintenance support. 

This is a good solution compared to others in the market because it is more secure. It's suitable for any size company although smaller companies will only need to use certain modules with larger organizations using multiple modules. This is a one-stop storage device that you can access from anywhere. 

I rate this solution nine out of 10. 

My primary use case for this solution is for the customizing and compliance system, especially for the first standard, ISO 27001, related to the information security management system.

RSA Archer has reduced the time and effort required for meetings because every person or department can enter their asset register by themselves. It's also useful that to get information on the spot, you don't need to have it in an Excel sheet to make it a compiler or a function. It is also a unified product, meaning that every person can enter any font or type of equation they need. It records information for several years, which means if I need to fix any observation from the past five years, I can do so on the system on the spot. Finally, it provides intelligent suggestions for solutions and risk management.

The most valuable feature of this solution is that risk mitigation and risk register are very easy - it's very simple to enter the data.

I would like to see a version of the product customized for small businesses, perhaps something cloud-based on a monthly basis. I would also like the product to be more easily integrated with the Arabic language. 

I have been using RSA Archer for around two years.

This product is 100% stable, without a lot of bugs.

The solution is scalable.

The setup was complex, taking around three to six months.

I used a vendor team.

First of all, we have gained time back that was previously wasted in management meetings. Secondly, approving any risk is much quicker with this solution, requiring only one click. RSA Archer has given us a return of investment on both time and money.

The product is expensive, and there are additional costs if you need to integrate more licenses or want more features.

Before choosing RSA Archer, I evaluated MetricStream.

I totally recommend RSA Archer for anything related to ERC for mid-to-large-sized businesses. I wouldn't recommend it for small businesses as it is very expensive. I would rate this solution as ten out of ten

The solution is an integrated platform. We use it for risk management, mitigation and integration. 

I like that the solution has the ability to export data and provide us with daily reports. 

I have found all the features to be valuable, including those involving reporting, the dashboard, notifications, email modules, the database and data input.

There are many issues which Archer needs to work on, including those involving the database and the UI. I find the tech support to be inadequately knowledgeable. 

As I am a developer and responsible for providing production support, I do not have personal knowledge of the pricing. However, my colleagues claim that it is very expensive in comparison with other tools. 

As concerns the stability, we have not encountered any bugs, glitches or performance issues. 

Starting from the outset, we have employed very few applications, the current number being just shy of 50. 

The tech support should be more knowledgeable. 

We did not use a different solution prior to RSA Archer, which we have been with for a long time. 

As relates to the deployment process, I found the new packaging thing to be a bit complex, although it is fine. I got used to it. 

The length of the process varies with the number of applications. 

One person is required to set up the solution. The solution must be maintained. 

As I am a developer and responsible for providing production support, I do not have personal knowledge of the pricing. However, my colleagues claim that it is very expensive in comparison with other tools.

There are presently between 50 and 100 people making use of the solution in our organization. 

The solution comes with very good features. If they could just fix a couple of things then this solution would make a very good evergreen tool. 

I rate RSA Archer as a seven out of ten. 

My primary use case varies depending on the requirements, but uses include working on email notifications, fetching data feeds, and working on feed managers.

Archer allows us to define the progress of the organization's processes and helps build the right cyclic process and improve the current structure. We also track a lot and transfer a lot of vendors and users, and Archer has a repository that allows us to collect that data step by step. It also makes auditing easier.

The most valuable features of RSA Archer are notifications, workflow routing, and data filtering.

An area for improvement is the turnaround time for advice from the support team. In the next release, I would like to see a maturity rating feature that would provide industry ratings and information on the market.

I have been using this solution for about a year and a half.

Stability has improved over time, but there's still a lot of latency with some features, like looking up or checking the database.

This solution is scalable.

The tech support team's turnaround time is often slow.

Previously, I have used Aravo, and currently, I'm using Process Utility.

The initial setup was fairly straightforward as we were given hands-on training. Deployment took around three months.

When implementing Archer, I recommend looking through the videos supplied and making use of the free sessions that Archer provides. I would rate this product as six out of ten.

Our primary use case of this solution is for GRC. I work for a bank and we used this tool to audit our information security team and our cybersecurity team. We had our control library, regulatory requirements, and third-party risks on Archer. So basically, I would say audit, regulatory requirements, third-party risk management solutions, and all kinds of controls, including SOX. These are the integrations we had set up. Right now, it's deployed on-prem. 

This solution helped us with the centralization of our governance data, so we could house all of our controls in one place. We could use that central repository of all our controls to build our risk management strategy and our policy and governance. So we could use controls as a central library and build policy, and then build risk management around it. 

One of the most valuable features is the ease of use. The customizable forms and drop-downs are pretty easy to configure. Automated notifications is another feature that is nice. The whole workflow, basically—if you're going through a workflow process, the whole process is automated with notifications. Basically, it's a pretty straightforward, easy-to-understand interface. I've also had the chance to develop some backend configurations, which is straightforward as well, if you want to add a new field or anything. 

Archer could be improved by having more customization. I'm not sure if the backend processes have API calls and those kinds of seamless integrations, but from the front, some of the solutions are very out-of-the-box. It's not customizable, so that could be a little problematic since you have to use their features. In terms of the backend structure, I'm not too sure because I'm not a developer—I was an end user and product owner of Archer—and I don't quite know the backend and developmental features. But since it's an out-of-the-box solution, sometimes customization was challenging and support was a little problematic because we had to reach out to them all the time. 

I have been working with this solution for the past 18 months. 

We did have a few outages, but otherwise, I must say it's fairly reliable. 

For maintenance, there's an admin dashboard. It's a capability that is handed over to our user and admin has super user access. 

This solution is quite scalable. At that point, it really depends on the strategy. Since we had all our controls on Archer, it was easy for us to scale and deploy other applications or develop other applications seamlessly. But imagine you had your controls on a different application—if it was not on Archer and you had to scale, it would be challenging to move all your data into Archer and then scale. So that is something that could be challenging, but since our strategy was already Archer through and through, we did not find it difficult to scale. 

There are approximately 500 users, across all departments, using Archer. It is being used extensively at the moment. Right now, we don't have plans to increase usage, but I'm sure there's going to be organic growth. 

On a scale of one to five, I would probably rate support a three. I wouldn't say it's the best, but it's not bad either, in terms of both the response time as well as the support. 

We used SharePoint for a bit. We switched to Archer because the graph, user interface, and all that was better than SharePoint. I'm not too sure about the strategic decision because I wasn't with the organization back then, but I know that they wanted a centralized location for their governance, risk, and applications. 

I think the deployment process is pretty straightforward. The solution was deployed for us through a third-party consulting agency, so it wasn't Archer or RSA developers, but a third party that implemented the solution for us. During the time of deployment, we were in a CI/CD mode, so we always had new applications, customization, new fields getting added. 

A third party implemented the solution for us. 

If you are considering implementation, my advice would be to decide on a strategy first before you implement a solution. The solution is nice, but unless you have a strategy, I don't see the point in implementing it. 

I rate Archer a seven out of ten.