Buyer's Guide
GRC
November 2022
Get our free report covering OneTrust, IBM, MetricStream, and other competitors of RSA Archer. Updated: November 2022.
655,994 professionals have used our research since 2012.

Read reviews of RSA Archer alternatives and competitors

AdhishP - PeerSpot reviewer
Practice Lead Cybersecurity at Finesse Global
MSP
Top 10Leaderboard
Reasonably priced, stable, with out of the box deployment, and has good local support
Pros and Cons
  • "The interface is mobile-friendly and it is getting a good response from our customers."
  • "I would like to see out-of-the-box integration with more security, it would be helpful."

What is our primary use case?

We are system integrators. We propose solutions to the customers.

What is most valuable?

They have now reworked it. The interface is mobile-friendly and it is getting a good response from our customers. It's a very good feature that the product offers. It is also available as a cloud option, which is getting a lot of interest from customers who are looking into the GRCC.

It is very useful, especially in the solution platform.

It has good features and good functionality, and our customers feel there is a lot of merit in that.

I think that the portal is constantly improving. They do their own enhancements very often. They keep doing those enhancements from their site itself.

What needs improvement?

As we are system integrators, we rely on the customer's feedback. We have not had any customers complain or express any concerns with the product.

There can be some small updates done with the interface.

I would like to see out-of-the-box integration with more security, it would be helpful.

For how long have I used the solution?

We have been working with MetricStream for more than four years.

What do I think about the stability of the solution?

It's a pretty stable product.

What do I think about the scalability of the solution?

MetricStream is a scalable product, depending on the customer's needs.

I would say that our clients are medium-size companies. 

It is difficult to define them, and it depends on the vendor. 

If it is $100,000 or more it would be considered to be a large enterprise company, or if it's $50,000 it would be a medium-sized company.

How are customer service and technical support?

If customers are faced with any challenges, the support team is really responsive and very fast to address any concerns.

They have a good technical support team that is based out of India. 

They do a fair job.

How was the initial setup?

The integration is very easy and it is fast.

In regards to deployment, most are out of the box.

What's my experience with pricing, setup cost, and licensing?

The pricing is reasonable.

They are flexible in terms of customers' needs. We have seen customers who have a smaller compliance team, and they have been able to support them as well as large enterprise and global customers.

What other advice do I have?

We have aligned with MetricStream only. We will recommend it, but we have seen comparisons between MetricStream and RSA Archer from when we have come across those customers. We have been head to head in those comparisons.

My advice is to be sure to have your use cases very clear in what you want to achieve, be it risk management or just relations management. If it's an audit, you have to be very precise and clear as to what your needs are. Based on that only, you should be evaluating it, because it is all modularized. There are more than 15 or 16 modules of MetricStream solutions available. 

The customer has to be very clear as to which module they are interested in and what they want to implement.

I would rate MetricStream an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Ala'A Elbeheri - PeerSpot reviewer
Senior Information Security Advisor at a transportation company with 10,001+ employees
Real User
Top 10Leaderboard
It streamlines the process of auditing and technical compliance
Pros and Cons
  • "The dashboard is nice. We can provide different levels of access to users based on their titles, privileges, rights, etc. It streamlines the process of auditing and technical compliance."
  • "GRC Suite could have better third-party risk assessment. Maybe they can have a module that can perform certain jobs like security incident and vulnerability management because I haven't seen this module on their platform."

How has it helped my organization?

Before we implemented GRC Suite, our reports were scattered everywhere. We didn't have enough control over the evidence and artifacts that we need to provide to the auditor. Now we have centralized storage and solid reporting.

What is most valuable?

The dashboard is nice. We can provide different levels of access to users based on their titles, privileges, rights, etc. It streamlines the process of auditing and technical compliance.

What needs improvement?

GRC Suite could have better third-party risk assessment. Maybe they can have a module that can perform certain jobs like security incident and vulnerability management because I haven't seen this module on their platform. They have modules for other functions, such as risk management compliance and governance, and they have servers in the system.

For how long have I used the solution?

I've only used GRC Suite for two months.

What do I think about the stability of the solution?

So far, so good. We haven't had any issues since we implemented it.

How are customer service and support?

Resolver's support has been great so far. They have to respond in the time specified in the SLA. Thus far, there haven't been any delays in violation of the terms and conditions of the SLA.

How was the initial setup?

The setup was straightforward because we were well prepared. We spent three months discussing GRC Suite's technical capabilities and how we wanted to set it up. The planning took a lot of time. We defined our specific technical requirements and the scope of the work, so we moved forward based on our precise needs. We understood what we wanted, and that made the implementation smooth.

Which other solutions did I evaluate?

We evaluated some other options, like RSA Archer, which is a large, complex platform. MetricStream also wasn't a good fit for us. GRC Suite was the easiest of all the products we tried. We like an easy implementation.

What other advice do I have?

I rate GRC Suite eight out of 10. It's an excellent product. Maybe we need to do more work to customize it and adopt specialized design templates, reporting, and dashboards. Also, we still need to integrate it with various vendors and platforms. If you're thinking about trying GRC Suite, my advice is to know what you need. Don't leave it up to the vendor to decide by themselves. It's easier if you have a narrow scope of work and a particular requirement. You must be precise about the kind of reporting and dashboards you want. Look for the easiest solution.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
GRC
November 2022
Get our free report covering OneTrust, IBM, MetricStream, and other competitors of RSA Archer. Updated: November 2022.
655,994 professionals have used our research since 2012.