SW tester / Support, Helpdesk / Test Manager at ICZ a.s.
Real User
Top 10
Jul 10, 2025
While it provides benefits in terms of security, the pricing is a bit higher than customers typically expect. It would be helpful if RSA Archer had the capability for two-way integration because, in any information technology area, having the ability to provide feedback is beneficial. It could facilitate the process back to the operational level. Dashboards are usually effective, but while visibility from the dashboard level is good, drill-down details may be difficult to access, as they don't seem to have direct support for this drill-down. Dashboards are not an issue, but navigating from the dashboard to details could be challenging.
Information Security Specialist at Dubai Health Authority
Real User
Top 20
Jan 15, 2025
If the user needs to fill data, they need to go to one page and then to the next page if they can reduce the number of clicks to perform some activities and would like RSA to improve in this area. Additionally, while the AI features are emerging, it's not yet up to the market standard.
The user interface needs work. There are many small text boxes, like credit card size's boxes, where we need to input a lot of text. You can't see what you're typing beyond the tiny window, so you have to scroll or type elsewhere and copy-paste it. It's very inconvenient. So, improving the user interface would be beneficial.
System Integrator at a non-profit with 501-1,000 employees
Real User
Feb 1, 2023
The technology's a little outdated. They need to get a little bit more updated. AuditBoard and Workiva, as examples, are built on later or newer versions of the technology stacks and just have a little bit more to offer and a little bit easier to implement and integrate. Archer's just a little bit, in the current structure, older. that said, obviously, it has the most sophistication of any of the platforms out there. There are no features that need to be added. It's really making the technology more current and upgrading the technology stack to where it works a little bit more seamlessly and efficiently. Being an older technology, some of the integrations and some of the things you need to do are a little harder and a little bit more old school, if you will, than a little bit of the open-style integrations that you have today with some of the newer tools.
I am not at the level to show someone how to improve whatever features they have. They are good if they work. They are better now than previous versions. I am working on version 5, and they are now on version 6.9. They have made significant progress. There should be an in-built feature that allows live data from vulnerabilities and threats from reliable sources to be streamed directly through their data field. RSA can provide that kind of service, providing real-time data, vulnerability, and threats, without any local, asking for a contribution from someone else. I would like to see real-time data, from vulnerabilities, and threats.
Is there any plan for Arabic Locale in Archer? Also when we extract reports with Arabic text in fields, the PDF report is converting the text from right to left which completely changes the meaning. Is there any workaround?
There is some lag and instability with the platform when using the cloud version. I would also like the look and feel of the layout to be updated and made more customizable.
Sr. Internal Auditor at a energy/utilities company with 10,001+ employees
Real User
Dec 17, 2021
The dashboard that is a part of the RSA Archer could be more aesthetic. There should be a way to export and get data from the system in PDF or PowerPoint presentation format. This would be a great addition.
Cyber security consultant at a financial services firm with 1,001-5,000 employees
Consultant
Nov 29, 2021
Archer could be improved by having more customization. I'm not sure if the backend processes have API calls and those kinds of seamless integrations, but from the front, some of the solutions are very out-of-the-box. It's not customizable, so that could be a little problematic since you have to use their features. In terms of the backend structure, I'm not too sure because I'm not a developer—I was an end user and product owner of Archer—and I don't quite know the backend and developmental features. But since it's an out-of-the-box solution, sometimes customization was challenging and support was a little problematic because we had to reach out to them all the time.
Principal Consultant at a tech services company with 10,001+ employees
Real User
Nov 8, 2021
The main improvement I would like to see in the on-premises version is the amount of data the product can hold. You need to have a really good server to make it run if you have a large amount of data, which may be challenging for bigger organizations. Another improvement would be making more features available as APIs. There are also some automation issues - some areas are not truly automated but are only scheduled, requiring someone to be present to monitor the process, meanwhile using a lot of automation can slow the system. Finally, I would like to see more scope for developers to play around with the project - currently, it is so tightly coupled that you do not have many options compared to some other products.
In the current version, RSA is a little slow mainly because of Silverlight which I believe has been removed in the next version. We have some issues using .NET because migrating requires retraining the custom object every time; it's a manual change which is challenging. For that reason, we don't use the custom object. What's needed is a valueless field, where we can drag and drop, add some values and the process is automatic. I'd also like to see an 'approved' button incorporated in the notifications for updates. It would save time and make life easier for the end users.
GRC Archer Consultant at a tech services company with 10,001+ employees
Real User
Oct 29, 2021
Compared to other GRC tools, RSA Archer is a little complex in the sense that even users need to have some knowledge of the tool. Without any knowledge, both users and developers will have a hard time. I'd like to see the access control part simplified. Reduced complexity in the Advance Workflow and on the front end part of the tool would be really helpful. System administrators have overall control over the system, but it would be good if they could get more control over Archer. Finally, Archer has the option of custom coding things not currently supported by RSA. If it were supported that would be a great innovation because clients have needs that are not adjustable or incorporated in the tool. All those changes require coding which increases complexity.
It would be nice if RSA Archer featured more customization. When customers are updating, they should be notified whether certain updates are optional. The install screen should not proceed to the next page unless we make some selections about which updates we want to install. That feature should be implemented in Azure so that users are aware. There is also an issue with managing records. If we add or remove records, something has to be updated. Something has to be developed in this subform so that if a developer unexpectedly removes the total recorder linked to the parent record, it doesn't interrupt the connection. They have to come up with a solution for that. Previously, we used RSA Archer to review data events. For example, we have a feature called Subscription Notification that was called Generate Notification. The letterhead was changed after migration, so we needed to update the letterhead manually. In Service Pack 2 6.9, links were embedded. So if we edited STTP, we had to remove the double slashes at the beginning of the address and update them to use only one slash. However, it is not recommended practice, so currently they're still updating that. We have notified the RSA team, and they are working on that.
Vice President and Risk Management at a financial services firm with 10,001+ employees
Real User
Dec 9, 2020
The problem is, and I've had years and years of experience using it, let's say decades of experience with it, and they keep changing it. It could be as much as two years or so and they change the product. My concern is when they go from module to module, what do they do? Is it consistent to what the industry wants? And they could also add some things and improve on their product for when we want to match up CVS to it and a few other things. And I think the training is hard. I think they need to emphasize that you take people and send them to training. But today with COVID, how do you do that?
Security Specialist at a tech consulting company with 1-10 employees
Consultant
Jan 12, 2020
I am currently using an older version of the product so my installation is not current. There have already been two new versions of Archer released after the version I have. I use 6.5 and 6.6 and 6.7 have been released. These two are minor releases. They are not really affecting the inner workings of how to do tasks but improving certain features like the interface. When I am creating applications I like to have what I know is a stable and familiar version of the product, so I do not automatically upgrade to the newest versions available. Because I have not upgraded, the graphical user interface is not the current one. It is not very modern and as user-friendly as it could be. I heard that the new versions have improved the graphical interface very much in this respect, and it should no longer be a problem at all. So, for now, I have some issues with the interface for this version but it may already be repaired and simplified in the new versions that exist. One thing I might like added is the ability to record a workflow in another application. It is really a sort of very technical thing and it is possible to do it in other ways, but adding this to the product could really help with the simplification of creating new workflows. This could make it easier, to implement some technical things.
I would like to have the ability to build and maintain an inventory of personal data processing activities and assets utilizing a purpose-built taxonomy and data structure. Tracking data retention schedules and executing a checklist based on Article 30 requirements as it relates to processing activities would be a helpful addition. Having the ability to manage activities related to notifications and consents linked to the processing activity inventory would improve this solution.
Head OT Risk Management & Compliance at Abu Dhabi National Oil Company
Real User
Top 20
Aug 29, 2019
The dashboarding in this solution needs to be improved, specifically the graphics. I am trying to find other solutions because I want to create management dashboards. This product has its own built-in design capabilities and how to present things, but it doesn't have a bullet chart. The bullet chart is the best graph for my purposes, and it should be available for inclusion in the dashboards. We are doing audits and risk management, and there are timelines related to when things are due. All of that can be very easily seen in a bullet chart graph, but what is available now are pie charts, bar charts, and the simple information that is not as meaningful. The reporting features are very basic, PowerPoint-like capabilities, that should be improved. They should be more like the features available in Power BI, or Tableau. As a workaround, I tried dumping the information from Archer into these two solutions, but it would be much better to have the functionality built-in. When it comes to searching, the filtering process is not very intuitive. If I want to filter then I have to use too many buttons to get to what I'm trying to search for. If they can simplify the researching process then that would be good.
RSA Archer is a solution designed to help your organization manage policies, controls, risks, assessments, and deficiencies across your lines of business. RSA helps you manage your digital risk with a range of capabilities and expertise including integrated risk management, threat detection and response, identity and access management, as well as fraud prevention.
The solution also allows you to adapt a broad range of solutions to your requirements and is a good option for both big and small...
While it provides benefits in terms of security, the pricing is a bit higher than customers typically expect. It would be helpful if RSA Archer had the capability for two-way integration because, in any information technology area, having the ability to provide feedback is beneficial. It could facilitate the process back to the operational level. Dashboards are usually effective, but while visibility from the dashboard level is good, drill-down details may be difficult to access, as they don't seem to have direct support for this drill-down. Dashboards are not an issue, but navigating from the dashboard to details could be challenging.
If the user needs to fill data, they need to go to one page and then to the next page if they can reduce the number of clicks to perform some activities and would like RSA to improve in this area. Additionally, while the AI features are emerging, it's not yet up to the market standard.
The user interface needs work. There are many small text boxes, like credit card size's boxes, where we need to input a lot of text. You can't see what you're typing beyond the tiny window, so you have to scroll or type elsewhere and copy-paste it. It's very inconvenient. So, improving the user interface would be beneficial.
The ticket handling process could be improved.
The solution’s customization features could be better. Its performance and scalability need improvement as well.
We are implementing COBIT 2019. It is in English. It would be useful for customers if COBIT 2019 could be translated into different languages.
The financial area of RSA Archer has room for improvement. I would like to be able to send invoices to our customers through the solution.
The technology's a little outdated. They need to get a little bit more updated. AuditBoard and Workiva, as examples, are built on later or newer versions of the technology stacks and just have a little bit more to offer and a little bit easier to implement and integrate. Archer's just a little bit, in the current structure, older. that said, obviously, it has the most sophistication of any of the platforms out there. There are no features that need to be added. It's really making the technology more current and upgrading the technology stack to where it works a little bit more seamlessly and efficiently. Being an older technology, some of the integrations and some of the things you need to do are a little harder and a little bit more old school, if you will, than a little bit of the open-style integrations that you have today with some of the newer tools.
I am not at the level to show someone how to improve whatever features they have. They are good if they work. They are better now than previous versions. I am working on version 5, and they are now on version 6.9. They have made significant progress. There should be an in-built feature that allows live data from vulnerabilities and threats from reliable sources to be streamed directly through their data field. RSA can provide that kind of service, providing real-time data, vulnerability, and threats, without any local, asking for a contribution from someone else. I would like to see real-time data, from vulnerabilities, and threats.
Is there any plan for Arabic Locale in Archer? Also when we extract reports with Arabic text in fields, the PDF report is converting the text from right to left which completely changes the meaning. Is there any workaround?
There is some lag and instability with the platform when using the cloud version. I would also like the look and feel of the layout to be updated and made more customizable.
An area for improvement would be the user interface. They could also offer more on-demand applications free of cost.
The dashboard that is a part of the RSA Archer could be more aesthetic. There should be a way to export and get data from the system in PDF or PowerPoint presentation format. This would be a great addition.
Archer could be improved by having more customization. I'm not sure if the backend processes have API calls and those kinds of seamless integrations, but from the front, some of the solutions are very out-of-the-box. It's not customizable, so that could be a little problematic since you have to use their features. In terms of the backend structure, I'm not too sure because I'm not a developer—I was an end user and product owner of Archer—and I don't quite know the backend and developmental features. But since it's an out-of-the-box solution, sometimes customization was challenging and support was a little problematic because we had to reach out to them all the time.
In a future release, there should be an option to upload the main data.
The main improvement I would like to see in the on-premises version is the amount of data the product can hold. You need to have a really good server to make it run if you have a large amount of data, which may be challenging for bigger organizations. Another improvement would be making more features available as APIs. There are also some automation issues - some areas are not truly automated but are only scheduled, requiring someone to be present to monitor the process, meanwhile using a lot of automation can slow the system. Finally, I would like to see more scope for developers to play around with the project - currently, it is so tightly coupled that you do not have many options compared to some other products.
In the current version, RSA is a little slow mainly because of Silverlight which I believe has been removed in the next version. We have some issues using .NET because migrating requires retraining the custom object every time; it's a manual change which is challenging. For that reason, we don't use the custom object. What's needed is a valueless field, where we can drag and drop, add some values and the process is automatic. I'd also like to see an 'approved' button incorporated in the notifications for updates. It would save time and make life easier for the end users.
Compared to other GRC tools, RSA Archer is a little complex in the sense that even users need to have some knowledge of the tool. Without any knowledge, both users and developers will have a hard time. I'd like to see the access control part simplified. Reduced complexity in the Advance Workflow and on the front end part of the tool would be really helpful. System administrators have overall control over the system, but it would be good if they could get more control over Archer. Finally, Archer has the option of custom coding things not currently supported by RSA. If it were supported that would be a great innovation because clients have needs that are not adjustable or incorporated in the tool. All those changes require coding which increases complexity.
It would be nice if RSA Archer featured more customization. When customers are updating, they should be notified whether certain updates are optional. The install screen should not proceed to the next page unless we make some selections about which updates we want to install. That feature should be implemented in Azure so that users are aware. There is also an issue with managing records. If we add or remove records, something has to be updated. Something has to be developed in this subform so that if a developer unexpectedly removes the total recorder linked to the parent record, it doesn't interrupt the connection. They have to come up with a solution for that. Previously, we used RSA Archer to review data events. For example, we have a feature called Subscription Notification that was called Generate Notification. The letterhead was changed after migration, so we needed to update the letterhead manually. In Service Pack 2 6.9, links were embedded. So if we edited STTP, we had to remove the double slashes at the beginning of the address and update them to use only one slash. However, it is not recommended practice, so currently they're still updating that. We have notified the RSA team, and they are working on that.
The problem is, and I've had years and years of experience using it, let's say decades of experience with it, and they keep changing it. It could be as much as two years or so and they change the product. My concern is when they go from module to module, what do they do? Is it consistent to what the industry wants? And they could also add some things and improve on their product for when we want to match up CVS to it and a few other things. And I think the training is hard. I think they need to emphasize that you take people and send them to training. But today with COVID, how do you do that?
I am currently using an older version of the product so my installation is not current. There have already been two new versions of Archer released after the version I have. I use 6.5 and 6.6 and 6.7 have been released. These two are minor releases. They are not really affecting the inner workings of how to do tasks but improving certain features like the interface. When I am creating applications I like to have what I know is a stable and familiar version of the product, so I do not automatically upgrade to the newest versions available. Because I have not upgraded, the graphical user interface is not the current one. It is not very modern and as user-friendly as it could be. I heard that the new versions have improved the graphical interface very much in this respect, and it should no longer be a problem at all. So, for now, I have some issues with the interface for this version but it may already be repaired and simplified in the new versions that exist. One thing I might like added is the ability to record a workflow in another application. It is really a sort of very technical thing and it is possible to do it in other ways, but adding this to the product could really help with the simplification of creating new workflows. This could make it easier, to implement some technical things.
I would like to have the ability to build and maintain an inventory of personal data processing activities and assets utilizing a purpose-built taxonomy and data structure. Tracking data retention schedules and executing a checklist based on Article 30 requirements as it relates to processing activities would be a helpful addition. Having the ability to manage activities related to notifications and consents linked to the processing activity inventory would improve this solution.
The dashboarding in this solution needs to be improved, specifically the graphics. I am trying to find other solutions because I want to create management dashboards. This product has its own built-in design capabilities and how to present things, but it doesn't have a bullet chart. The bullet chart is the best graph for my purposes, and it should be available for inclusion in the dashboards. We are doing audits and risk management, and there are timelines related to when things are due. All of that can be very easily seen in a bullet chart graph, but what is available now are pie charts, bar charts, and the simple information that is not as meaningful. The reporting features are very basic, PowerPoint-like capabilities, that should be improved. They should be more like the features available in Power BI, or Tableau. As a workaround, I tried dumping the information from Archer into these two solutions, but it would be much better to have the functionality built-in. When it comes to searching, the filtering process is not very intuitive. If I want to filter then I have to use too many buttons to get to what I'm trying to search for. If they can simplify the researching process then that would be good.