RSA Archer Reviews

It is used for enterprise risk audit, corporate compliance, and vulnerability reporting like threat management reporting. It is a whole suite that has different products depending on what you want to track and report on.

I do use the SaaS version, but I have also deployed it on-prem, and I also have experience with the original cloud version. The one that we deployed originally on the cloud was on AWS, but now they do everything on SaaS.

From my perspective, because I've always done it as a consultant, I do like the way it is configured. They've gone into changing the application builder interface, so it is even easier. When you're working with users, it is really easy to show them how to do things quickly and how to configure, change, and design stuff quickly.

Some of the error reporting isn't very clear. When you're looking for information on error codes, you got to do a lot of digging.

I've never seen any major issues.

Its scalability is very good. Because of the way they've set up their licensing, it's now very easy to scale, especially if you're using SaaS.

We have over 60,000 users across all departments. Some users just go to check the status. I would think it is being used extensively.

It has changed over the last six months, and it is a little bit more challenging. When you have to report an error, you can't really find a lot of detail online. You have to open a case file, and then after opening a case file, it does take some time for resolution. From one to five, I'm going to rate them a 3.5.

It is very straightforward. The documentation that they provide is clear in terms of the instructions that you have to follow through. It is very well documented. Most users and techs can follow it, even with very little experience.

For its deployment, usually, there are one or two people. You don't need more than that because it's a very easy product to upload. If you're doing it from scratch where you have absolutely nothing, it is about a half-day setup.

It requires very little maintenance. Their upgrade packages are pretty quick, and it is easy to do the upgrades. It is very user-friendly, and even if you have no tech background or you're a new Archer administrator, it is very easy to do.

Its ROI is quite high when you look at how long it takes for people to input stuff for compliance risk, vulnerability management, and threat management. The centralization of data allows you to get a pretty high return on your investment pretty quickly because it's really easy to implement. It doesn't take like a year. You can do it in less than two months, depending on the solution that you want to implement. The customization opportunities with reporting are also pretty high.

I am not 100% familiar with that, especially with their new model. I just know that the way they've licensed per user to scale is good.

I would advise others to know their requirements going in because there's so much flexibility with the product. You could over customize it just because it allows you to do so much, but sometimes too much of a good thing is not a good thing. If you know your requirements upfront, your road to success is short, but your return is high.

I would rate it a nine out of 10.

My primary use cases of RSA Archer are for business resiliency, business continuity management, third party vendor management, IT risk management and some of the other governance and compliance applications. We are partners with RSA and I'm an Archer system administrator. 

There are many benefits to using Archer as a platform. Previously, all processes in the organization were scattered. Once Archer was implemented, everybody had a role to play. It was just a matter of logging in, doing the work, and moving the workflow to the next stage. Prior to Archer, all the work took place via emails or sharing of Excel files. Archer has streamlined everything and it's really helping the organization to manage potential risk and data security. Security is key these days.

I believe the record permissions and data import are the most flexible and user-friendly features because they enable all information to be available on the platform.

Compared to other GRC tools, RSA Archer is a little complex in the sense that even users need to have some knowledge of the tool. Without any knowledge, both users and developers will have a hard time. I'd like to see the access control part simplified. Reduced complexity in the Advance Workflow and on the front end part of the tool would be really helpful. 

System administrators have overall control over the system, but it would be good if they could get more control over Archer. Finally, Archer has the option of custom coding things not currently supported by RSA. If it were supported that would be a great innovation because clients have needs that are not adjustable or incorporated in the tool. All those changes require coding which increases complexity.

I've been using this solution for close to four years. 

I think the level of stability and performance is connected to the size of the organization. There can be issues when there is an Excel load in the system, or when there are too many users and too many processes running on the backend. Things can slow down and we've seen glitches and delays. If processing speed could be increased, that would likely solve the issue. 

Scalability is there but it's not easy. You need to be familiar with the system, which can take a couple of months. Once there's familiarity it becomes more user-friendly. It's not as easy as ServiceNow or OneTrust. Those are much lighter tools and easier to learn. Scaling should be more user-friendly. We currently have around 9,000 active users and I expect that to increase in the future.

Customer support is working well and I don't have any complaints about that. 

I have used ServiceNow but nowhere near as extensively as I've used Archer. The problem with GRC ServiceNow is that it has limited features, which is why we switched to Archer. It has better features and functionalities.

The initial deployment needs to be carried out in coordination with RSA because it's their product. It requires a web service, application service, database service, everything needs to be designed for the platform. It would be great to have some kind of video or technical demo to help with this. 

If the process of going from the ESC environment all the way to the production environment could be easier that would be really helpful because it's very likely that not all environments will be in sync in most organizations. Features are going to differ from the broad environment to the lower environment and while packaging, the features of the lower environment also come into the production environment. Maintaining synchronization takes a lot of time so if there could be some flexibility and ease, that would save a lot of time for the organization.

In terms of return on investment, I think the processes and management as far as risk and governance compliance is concerned, have been very effective. Achieving their objectives and tasks in a timely manner with all the necessary security and parameters along with streamlining is a return on investment. I'm unsure about the benefit in revenue, it's more about improving risk and the governance processes.

Archer is expensive compared to other GRC tools. The product is generally used in multi-national companies like JP Morgan, Morgan Stanley, Amazon, Goldman, or eCommerce. They all use Archer. The cost would be prohibitive for a small or medium-scale company. If Archer is looking at promoting this product, they need to work on the pricing because only large organizations can afford it. There are many additional costs involved so that if one needs to develop some features in the tool there is an additional charge; if you ask RSA for any kind of enhancement or development, they will charge you; and if you'd like some consultation in regards to the product, they will charge you for that too.

This is a really nice tool because the majority of what it provides is not offered by other solutions. It's a matter of learning the tool and accepting how it works with an open mind. Anyone using it will find it really helpful for the GRC processes.

I rate the solution seven out of 10. 

We use the product for policy management, vulnerabilities and risk management. We also use it for business continuity.

It is a good tool to use. The product is very flexible. It can easily connect to other tools like ServiceNow and Nexus. The workflow feature is very interesting. We can automate a lot of stuff using the workflow. The product makes it very easy to publish dashboards.

We are implementing COBIT 2019. It is in English. It would be useful for customers if COBIT 2019 could be translated into different languages.

The product’s scalability is pretty good.

The initial setup is not complex, but you need some knowledge of the methodologies in the market to implement the product. These methodologies are in English. We have to translate the methodologies to use in Brazil. It would be better if it were available in different languages.

Overall, I rate the solution an eight out of ten.

We use RSA Archer in my organization for assessments (ISO, GDPR, PCIDSS, etc.) or to raise dispensation for any application, security-related controls.

If we want to perform the application assessment or any ISMS assessment, earlier, we had to do it manually. The RSA Archer tool gives us the output in an automated manner, it is beautiful and has helped our organization.

RSA Archer is the most usable GRC tool and leading tool and I have found performing the application, ISMS, and TPRM assessments beneficial.

In a future release, there should be an option to upload the main data.

I used RSA Archer within the last 12 months.

Early on we faced lots of issues because the communicating with the RSA Archer, the database was not synced properly. Two times when we installed RSA Archer in an environment a few settings and configuration was not correct, this caused the passwords not to match.

The stability could improve.

The scalability is easy to achieve.

Most of our clients are large businesses. I have plans to continue the usage of RSA Archer.

The technical support is good, but they respond a little late, sometimes it can be a few days to have a response.

Positive

The initial setup is a bit complex. The whole process can take approximately three hours with one or two people.

We have faced challenges. For example, the database is not synced with the RSA Archer. A few services were not running if the RSA Archer was logged in through local admin or the specific user, we have received few errors. 

Archer is responsible for the maintenance of the solution.

The ROI depends on the company's needs as RSA has 7 solutions, the company can pay based on the subscription. 

The solution's price should be reduced. You only have to pay the license and there are no additional fees.

I did not previously evaluate any other solutions.

They have to use RSA Archer if they use the automated tools, their data will be safe.

Though there are some issues with the technicality of the solution, such as errors. The solution provides great features, such as customization, we can customize it as per our requirements.

I rate RSA Archer a ten out of ten.

RSA Archer's best features are advanced workflow, reports, dashboards, and notifications.

There is some lag and instability with the platform when using the cloud version. I would also like the look and feel of the layout to be updated and made more customizable. 

I've been using RSA Archer for eight to nine years.

RSA Archer is scalable.

RSA Archer's technical support is a little disappointing because the first level is always manned by junior members who don't have much technical expertise.

Neutral

The initial setup was straightforward.

I would give RSA Archer a rating of eight out of ten.

We use Archer as a risk management portal. We've customized Archer to follow the Sherwood Applied Business Security methodology for governance and risk assessment. We don't use the compliance module much.

The main benefit is that we can automate risk management. The whole purpose of having Archer is to automate governance, risk, and compliance. Previously, we used to do everything in Excel sheets and Notepad. It was mostly manual. We'd send emails to people and collect information. Once you have Archer, you can automate all these processes.

I like how Archer requires very little programming ability. A person with minimum coding experience can configure the necessary fields in Archer. It's more of a drag-and-drop solution. 

When we have to do formulas or some other type of calculation in Archer, it sometimes doesn't work correctly. The fields don't display right, and we have to contact RSA Archer support to fix things. I think the calculation components are a bit complicated.

I've been using RSA Archer every day for the past six years.

RSA Archer's overall performance is good. It slows down at times whenever a script or some process is running in the backend. Sometimes our users have complained about the speed.

Scaling up RSA Archer is a straightforward process. You just need to upgrade your hardware and software. We have about 80 end-users working on Archer now. 

We've opened several tickets with RSA, and they're settled pretty quickly. The experience has always been good. 

When we started working with Archer, it was more or less the only product in the field that could do GRC automation. A few have been launched since then, but we've only ever worked with Archer.

Deploying RSA Archer is effortless. You just need to make a database backup of Archer and keep it somewhere. Then you can install Archer on any server and load the backup. Everything from A to Z comes back. It's restored, and you don't have to do anything. It's a straightforward process. The initial installation takes three hours, and two technicians can handle the job. 

After installation, it doesn't need much maintenance. We periodically deploy some security patches on the operating system, make backups, and cross-verify if the backup is working correctly or not. 

The initial purchase is cheap. You pay a nominal price to start then renew the license annually. You also must buy a license for each module. I'm not too fond of that aspect of the licensing model. You buy the elephant and then spend more money to feed the elephant.

I rate RSA Archer seven out of 10. To anyone thinking about deploying Archer, I would suggest exploring other products in the market as well. Archer is a bit costly compared to its competitors. 

My primary use case varies depending on the requirements, but uses include working on email notifications, fetching data feeds, and working on feed managers.

Archer allows us to define the progress of the organization's processes and helps build the right cyclic process and improve the current structure. We also track a lot and transfer a lot of vendors and users, and Archer has a repository that allows us to collect that data step by step. It also makes auditing easier.

The most valuable features of RSA Archer are notifications, workflow routing, and data filtering.

An area for improvement is the turnaround time for advice from the support team. In the next release, I would like to see a maturity rating feature that would provide industry ratings and information on the market.

I have been using this solution for about a year and a half.

Stability has improved over time, but there's still a lot of latency with some features, like looking up or checking the database.

This solution is scalable.

The tech support team's turnaround time is often slow.

Previously, I have used Aravo, and currently, I'm using Process Utility.

The initial setup was fairly straightforward as we were given hands-on training. Deployment took around three months.

When implementing Archer, I recommend looking through the videos supplied and making use of the free sessions that Archer provides. I would rate this product as six out of ten.

We have a partnership with RSA Archer and I'm a lead analyst and GRC for the company. 

We use this solution as a central repository. Instead of using various GRC options or other tools, we can use one platform with options to tailor the product to our needs. That's the benefit of using RSA Archer.  

I like the dashboards and reporting features; it's easy to gather reports quickly which is great when your VP is waiting for the KPIs. The solution is generic and it's great to have out-of-the-box workflows and concepts. I'm very satisfied with Archer, possibly because I've been using it for so long and I'm in my comfort zone. I know, for example, that ServiceNow GRC is more customizable but it's not as secure as RSA Archer.

I'm using a Mac and I can't get Archer to load in Safari. In addition, there are certain restrictions on API integrations, and it is not simple or straightforward. I'd like more customization and to be able to design our API integrations more easily, it would make a huge difference. We moved to SaaS because we wanted more integration and we wanted RSA to help with that. There has been some improvement but it's still not great. For no reason that we can figure out, there are issues with email; sometimes it works and sometimes it doesn't. We've raised that problem with RSA. There are some security concerns when it comes to authentications or DMZ or service accounts, which are still managed by RSA.

I've been working with various Archer solutions for about nine years. 

The SaaS version is stable. We have an Archer admin team that meets weekly with a representative from RSA so that any concerns or issues can be resolved as soon as possible. 90% of my work is on Archer and about 60% of the company are users of this product. 

The scalability of the solution is reasonable. 

I'm satisfied with the Archer support. 

I don't have a good recollection of the deployment process but we had three representatives from RSA and three or four engineers from a vendor contractor. Deployment probably took over six months, including the change from on-prem to SaaS. The solution hasn't required maintenance since we moved to SaaS. 

It's important to first look at the out of box workflow that RSA is offering, and then go for customization. Don't customize or overdo workflow because it degrades the overall Archer performance.

I rate this solution seven out of 10.