Buyer's Guide
GRC
November 2022
Get our free report covering RSA, IBM, Resolver, and other competitors of MetricStream. Updated: November 2022.
657,849 professionals have used our research since 2012.

Read reviews of MetricStream alternatives and competitors

Ala'A Elbeheri - PeerSpot reviewer
Senior Information Security Advisor at a transportation company with 10,001+ employees
Real User
Top 10Leaderboard
It streamlines the process of auditing and technical compliance
Pros and Cons
  • "The dashboard is nice. We can provide different levels of access to users based on their titles, privileges, rights, etc. It streamlines the process of auditing and technical compliance."
  • "GRC Suite could have better third-party risk assessment. Maybe they can have a module that can perform certain jobs like security incident and vulnerability management because I haven't seen this module on their platform."

How has it helped my organization?

Before we implemented GRC Suite, our reports were scattered everywhere. We didn't have enough control over the evidence and artifacts that we need to provide to the auditor. Now we have centralized storage and solid reporting.

What is most valuable?

The dashboard is nice. We can provide different levels of access to users based on their titles, privileges, rights, etc. It streamlines the process of auditing and technical compliance.

What needs improvement?

GRC Suite could have better third-party risk assessment. Maybe they can have a module that can perform certain jobs like security incident and vulnerability management because I haven't seen this module on their platform. They have modules for other functions, such as risk management compliance and governance, and they have servers in the system.

For how long have I used the solution?

I've only used GRC Suite for two months.

What do I think about the stability of the solution?

So far, so good. We haven't had any issues since we implemented it.

How are customer service and support?

Resolver's support has been great so far. They have to respond in the time specified in the SLA. Thus far, there haven't been any delays in violation of the terms and conditions of the SLA.

How was the initial setup?

The setup was straightforward because we were well prepared. We spent three months discussing GRC Suite's technical capabilities and how we wanted to set it up. The planning took a lot of time. We defined our specific technical requirements and the scope of the work, so we moved forward based on our precise needs. We understood what we wanted, and that made the implementation smooth.

Which other solutions did I evaluate?

We evaluated some other options, like RSA Archer, which is a large, complex platform. MetricStream also wasn't a good fit for us. GRC Suite was the easiest of all the products we tried. We like an easy implementation.

What other advice do I have?

I rate GRC Suite eight out of 10. It's an excellent product. Maybe we need to do more work to customize it and adopt specialized design templates, reporting, and dashboards. Also, we still need to integrate it with various vendors and platforms. If you're thinking about trying GRC Suite, my advice is to know what you need. Don't leave it up to the vendor to decide by themselves. It's easier if you have a narrow scope of work and a particular requirement. You must be precise about the kind of reporting and dashboards you want. Look for the easiest solution.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Sameh Hablas - PeerSpot reviewer
CEO at Al Danah Information Systems Solutions
Real User
Top 10Leaderboard
Simple to use product that gives a great return on investment
Pros and Cons
  • "RSA Archer has reduced the time and effort required for meetings."
  • "The product is expensive."

What is our primary use case?

My primary use case for this solution is for the customizing and compliance system, especially for the first standard, ISO 27001, related to the information security management system.

How has it helped my organization?

RSA Archer has reduced the time and effort required for meetings because every person or department can enter their asset register by themselves. It's also useful that to get information on the spot, you don't need to have it in an Excel sheet to make it a compiler or a function. It is also a unified product, meaning that every person can enter any font or type of equation they need. It records information for several years, which means if I need to fix any observation from the past five years, I can do so on the system on the spot. Finally, it provides intelligent suggestions for solutions and risk management.

What is most valuable?

The most valuable feature of this solution is that risk mitigation and risk register are very easy - it's very simple to enter the data.

What needs improvement?

I would like to see a version of the product customized for small businesses, perhaps something cloud-based on a monthly basis. I would also like the product to be more easily integrated with the Arabic language. 

For how long have I used the solution?

I have been using RSA Archer for around two years.

What do I think about the stability of the solution?

This product is 100% stable, without a lot of bugs.

What do I think about the scalability of the solution?

The solution is scalable.

How was the initial setup?

The setup was complex, taking around three to six months.

What about the implementation team?

I used a vendor team.

What was our ROI?

First of all, we have gained time back that was previously wasted in management meetings. Secondly, approving any risk is much quicker with this solution, requiring only one click. RSA Archer has given us a return of investment on both time and money.

What's my experience with pricing, setup cost, and licensing?

The product is expensive, and there are additional costs if you need to integrate more licenses or want more features.

Which other solutions did I evaluate?

Before choosing RSA Archer, I evaluated MetricStream.

What other advice do I have?

I totally recommend RSA Archer for anything related to ERC for mid-to-large-sized businesses. I wouldn't recommend it for small businesses as it is very expensive. I would rate this solution as ten out of ten

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
GRC
November 2022
Get our free report covering RSA, IBM, Resolver, and other competitors of MetricStream. Updated: November 2022.
657,849 professionals have used our research since 2012.