RSA Archer Reviews

Our primary use case of this solution is for GRC. I work for a bank and we used this tool to audit our information security team and our cybersecurity team. We had our control library, regulatory requirements, and third-party risks on Archer. So basically, I would say audit, regulatory requirements, third-party risk management solutions, and all kinds of controls, including SOX. These are the integrations we had set up. Right now, it's deployed on-prem. 

This solution helped us with the centralization of our governance data, so we could house all of our controls in one place. We could use that central repository of all our controls to build our risk management strategy and our policy and governance. So we could use controls as a central library and build policy, and then build risk management around it. 

One of the most valuable features is the ease of use. The customizable forms and drop-downs are pretty easy to configure. Automated notifications is another feature that is nice. The whole workflow, basically—if you're going through a workflow process, the whole process is automated with notifications. Basically, it's a pretty straightforward, easy-to-understand interface. I've also had the chance to develop some backend configurations, which is straightforward as well, if you want to add a new field or anything. 

Archer could be improved by having more customization. I'm not sure if the backend processes have API calls and those kinds of seamless integrations, but from the front, some of the solutions are very out-of-the-box. It's not customizable, so that could be a little problematic since you have to use their features. In terms of the backend structure, I'm not too sure because I'm not a developer—I was an end user and product owner of Archer—and I don't quite know the backend and developmental features. But since it's an out-of-the-box solution, sometimes customization was challenging and support was a little problematic because we had to reach out to them all the time. 

I have been working with this solution for the past 18 months. 

We did have a few outages, but otherwise, I must say it's fairly reliable. 

For maintenance, there's an admin dashboard. It's a capability that is handed over to our user and admin has super user access. 

This solution is quite scalable. At that point, it really depends on the strategy. Since we had all our controls on Archer, it was easy for us to scale and deploy other applications or develop other applications seamlessly. But imagine you had your controls on a different application—if it was not on Archer and you had to scale, it would be challenging to move all your data into Archer and then scale. So that is something that could be challenging, but since our strategy was already Archer through and through, we did not find it difficult to scale. 

There are approximately 500 users, across all departments, using Archer. It is being used extensively at the moment. Right now, we don't have plans to increase usage, but I'm sure there's going to be organic growth. 

On a scale of one to five, I would probably rate support a three. I wouldn't say it's the best, but it's not bad either, in terms of both the response time as well as the support. 

We used SharePoint for a bit. We switched to Archer because the graph, user interface, and all that was better than SharePoint. I'm not too sure about the strategic decision because I wasn't with the organization back then, but I know that they wanted a centralized location for their governance, risk, and applications. 

I think the deployment process is pretty straightforward. The solution was deployed for us through a third-party consulting agency, so it wasn't Archer or RSA developers, but a third party that implemented the solution for us. During the time of deployment, we were in a CI/CD mode, so we always had new applications, customization, new fields getting added. 

A third party implemented the solution for us. 

If you are considering implementation, my advice would be to decide on a strategy first before you implement a solution. The solution is nice, but unless you have a strategy, I don't see the point in implementing it. 

I rate Archer a seven out of ten. 

We use the solution for administration and policy management purposes.

The solution's most valuable features are data feeds, templates, reports, dashboards, and workload management.

The solution’s customization features could be better. Its performance and scalability need improvement as well. 

We have been using the solution for two years.

I rate the solution's stability a five out of ten.

The solution’s scalability is low compared to OpenPages. At present, we have two users for it in our organization. We might increase the usage ahead.

We have received assistance from the solution’s technical support team many times.

Positive

Our clients migrated their work data from Archer to OpenPages for better performance and scalability.

We can deploy the solution on the cloud and premises as well. It depends on the client’s requirements. The process takes approximately two to three hours to complete. We develop a management module in the testing server. After a successful review from the client, we export the package to the production environment.

The solution’s pricing is moderate.

I rate the solution a five out of ten.

We have a partnership with RSA Archer and I'm a lead analyst and GRC for the company. 

We use this solution as a central repository. Instead of using various GRC options or other tools, we can use one platform with options to tailor the product to our needs. That's the benefit of using RSA Archer.  

I like the dashboards and reporting features; it's easy to gather reports quickly which is great when your VP is waiting for the KPIs. The solution is generic and it's great to have out-of-the-box workflows and concepts. I'm very satisfied with Archer, possibly because I've been using it for so long and I'm in my comfort zone. I know, for example, that ServiceNow GRC is more customizable but it's not as secure as RSA Archer.

I'm using a Mac and I can't get Archer to load in Safari. In addition, there are certain restrictions on API integrations, and it is not simple or straightforward. I'd like more customization and to be able to design our API integrations more easily, it would make a huge difference. We moved to SaaS because we wanted more integration and we wanted RSA to help with that. There has been some improvement but it's still not great. For no reason that we can figure out, there are issues with email; sometimes it works and sometimes it doesn't. We've raised that problem with RSA. There are some security concerns when it comes to authentications or DMZ or service accounts, which are still managed by RSA.

I've been working with various Archer solutions for about nine years. 

The SaaS version is stable. We have an Archer admin team that meets weekly with a representative from RSA so that any concerns or issues can be resolved as soon as possible. 90% of my work is on Archer and about 60% of the company are users of this product. 

The scalability of the solution is reasonable. 

I'm satisfied with the Archer support. 

I don't have a good recollection of the deployment process but we had three representatives from RSA and three or four engineers from a vendor contractor. Deployment probably took over six months, including the change from on-prem to SaaS. The solution hasn't required maintenance since we moved to SaaS. 

It's important to first look at the out of box workflow that RSA is offering, and then go for customization. Don't customize or overdo workflow because it degrades the overall Archer performance.

I rate this solution seven out of 10. 

I work with user management, policy management, enterprise management, risk management, and third-party management.

We are using its service version. We have to buy that license, and based on the license, they're providing us with the application.

It is a very friendly tool. We can easily understand what is going on inside the tool. I like this tool. We can work with the tool for the ERP platform. We can create automated applications based on the requirements.

It is very secure with three levels of access. We can give three levels of access in Archer. We can give access at the field level, application level, and code level. So, it is very secure.

There were so many problems that we had found. One time, the search index was not working. We also faced slowness in Archer, but I resolved this issue. The queue services were running on two servers, whereas they should have been running only on one server. There were also many duplicate records. I had to go and check the specific field and update that. After that, we removed all duplicate records from Archer.

We faced performance issues only in the lower version. The reason was that they were using only three servers and one database. We increased the services and RAM, and we had two application servers, three web servers, and one database. Whenever there are any performance issues, we need to check the jobs in the server backend. Sometimes, jobs are running for the last five days and that's why new jobs are not being picked up. In such cases, we have to prioritize the jobs that will go first and that will go second.

It is easy to scale. If we want to increase the number of users in Archer, we have so many tools. We can create more than 1,000 users in Archer at one time. We only need a license. 

Currently, more than 30,000 users are using Archer. We plan to keep using this solution. It is being used by so many companies.

When we face any issues related to the application, RSA is there immediately. We can raise a ticket and after that, they help us. Everything is fine in terms of support.

Previously, they were storing the data in Excel sheets, but when they wanted to move to Archer, based on the requirements, I created the fields, and I created the workflow and access control for that.

I have worked on SAP ERP in my previous company. I started to work on Archer after I moved to this company.

In our team, we have only three members. I am from India and two more people are from the US. Because our team size is very small, we have to perform every activity. We take care of the administrative work, development work, and support work. If anything happens in the system, we will check why it is happening and sort it out.

An application's deployment typically takes one month, but it will vary based on the requirement. If we are working on one application with more than 100 fields or critical workflows, it will take time. For fewer fields or workflows, we can create an application within a week, and we can move it to production.

It is not expensive. It is reasonable. We only pay for the licensing.

I would rate RSA Archer an eight out of 10.

My main use cases are risk assessment and policy use. I also use this solution to create on-demand applications.

RSA Archer allows you to implement government risk compliance and acts as a mechanism to ensure that the compliance policies and standards are met. It also documents every exception with proper reasoning. This makes auditing much more convenient.

The most valuable feature is the advanced workflow, which has totally ruled out any issues with data-driven events and which makes it easier to explain things to end-users because you can show them a screenshot of the workflow.

An area for improvement is Archer's use of Internet Explorer as a core browser due to its dependence on Silverlight, despite Microsoft ending its support for IE and moving to Edge. I would like to see an end to the use of Silverlight and IE and for Archer to add the ability to use any browser to make key changes and configurations. In addition, I would like for the new questionnaire feature to be developed further and for Archer to develop a proper built-in framework for working with organizations with sub-organizations and multiple companies.

I've been working with RSA Archer for 28 years.

Archer's performance could be improved - older versions can be very slow, and the application crashes from time to time.

Archer is easy to scale.

I have to contact technical support about once a month due to some issues with logging in. Generally, the team is responsive and proficient, though sometimes they can be a little slow to respond.

Initial setup is quite complex because every organization requires three instances of Archer, which requires changing the specific components for each instance and needs three teams to be involved in deployment. Deployment can take anywhere from a couple of hours to a full day or two, depending on how many different modules are being installed and the areas being impacted.

Archer is fairly highly-priced, especially for smaller companies.

If using the on-premises version of Archer, it's necessary to train at least a couple of people who can provide ongoing support. Prior to purchasing the product, make sure that you define your exact requirements and go over them with the RSA Archer team. I would rate this product as seven out of ten.

My primary use cases are IT risk management, policy management, IT compliance management, vendor risk management, and vulnerability management. 

RSA Archer allows you to create on-demand policies and custom solutions. It automates all our governance, risk, and compliance processes so that they can be easily managed and organized. Archer can build and automate workflows for anything that contributes to your risk.

The most valuable features of this solution are the ease of developing solutions and managing advanced workflows.

The main improvement I would like to see in the on-premises version is the amount of data the product can hold. You need to have a really good server to make it run if you have a large amount of data, which may be challenging for bigger organizations. Another improvement would be making more features available as APIs. There are also some automation issues - some areas are not truly automated but are only scheduled, requiring someone to be present to monitor the process, meanwhile using a lot of automation can slow the system. Finally, I would like to see more scope for developers to play around with the project - currently, it is so tightly coupled that you do not have many options compared to some other products.

I've been working with RSA Archer for ten years.

Assuming you stay within the limits stated in Archer's documentation, the stability is good. However, if you exceed their limits, you may need to play around with your power distribution to keep everything running smoothly. New patches or updates can also cause hiccups with stability.

The product is easy to scale.

Archer's technical support is pretty good - they are supportive, and their ticketing system provides real-time updates about any incidents that occur. The team also responds quickly to high-priority issues.

Setup was straightforward - for the on-premises version, the vendor sends an executable file, then you procure your resources and deploy yourself. The installation itself takes about twenty minutes at most, although preparation to install can take some time.

This product is at the higher end of the price scale, but it provides better, more accessible functionality and customization than cheaper products.

You don't need any experience with coding language to use this solution as it has drag-and-drop functionality. In two to three months, even non-technical people can be masters of the product. In addition, out-of-box solutions like risk management and policy management are really good. Maintenance is not a big problem, but if you heavily customize the product, you may need someone to keep an eye on those. I would also say that if you don't have your processes measured, don't jump directly into any of these products, including Archer. Make sure your processes are mature before implementing a product like this. I would rate this product as seven out of ten.

We use RSA Archer as an Information Security Management Systems Compliance solution in sectors such as business resiliency, operational and enterprise risk management, audit management, public sector, security and IT risk management, third-party governance, and regulatory compliance management.

RSA Archer GRC modules allow you to build efficient, collaborative enterprise governance, risk, and compliance (GRC) programs across IT, finance, operations, and legal domains. With RSA Archer, you can manage risks, demonstrate compliance, and automate business processes.

This solution allows us to define and automate business processes for streamlining the management of content, tasks, statuses, and approvals.

We are able to consolidate governance, risk, and compliance information of any type.

Archer seamlessly integrates data systems without requiring additional software.

Automate movement of data into and out of the platform to support data analysis, process management, and reporting.

I would like to have the ability to build and maintain an inventory of personal data processing activities and assets utilizing a purpose-built taxonomy and data structure.

Tracking data retention schedules and executing a checklist based on Article 30 requirements as it relates to processing activities would be a helpful addition.

Having the ability to manage activities related to notifications and consents linked to the processing activity inventory would improve this solution.

My primary use case of this solution is for government risk compliance, including risk management, cost reviews, and security management.

The risks which impact the organization or the IT section are presented in a well-displayed manner, which helps us to plan for, manage, or even mitigate risks. In short, Archer helps us plan our risk management very easily. 

The most valuable features are the advanced workflow and the dashboards. This tool can present data wonderfully to management, and it is easy for them to manage the risk plans.

An area for improvement would be the user interface. They could also offer more on-demand applications free of cost.

I've been using Archer for seven or eight years.

Archer has some performance issues when working on a single server. There is also a tendency for bugs to appear with every update.

I found this product easy to scale.

The tech support team is very good, but they need to be a little quicker to respond.

The complexity of the setup varies depending on the size of your network. With one server, installation is easy and shouldn't take a knowledgeable person more than three hours to complete.

We've seen a good return on investment in terms of time saved.

I would advise anyone thinking of implementing Archer to go for it. I would give this tool a score of eight out of ten.