We changed our name from IT Central Station: Here's why
Sr. Consultant at a retailer with 11-50 employees
Consultant
Top 20Leaderboard
Great Advance Workflow feature; ability to create multiple layers with a specified functionality
Pros and Cons
  • "The Advance Workflow feature simplifies things."
  • "The solution can be a little slow due to the Silverlight feature."

What is our primary use case?

We customize this solution for our clients. We take all their requirements and prepare the design and format by creating fields, notifications, access controls and workflows. We use all the management features that the solution provides to support our clients. We are customers of RSA Archer and I'm a senior consultant. 

What is most valuable?

The Advanced Workflow feature is one of the most valuable and user-friendly. We used to have to write multiple calculations. With Advanced Workflow, things are much easier for the developer and end user. It's a robust feature that allows users to easily identify what they're doing and where they are. We're able to create multiple layers with a specified functionality that gives an understanding of what is required as well as increased flexibility. Archer provides good security, enabling access where necessary. It's also a useful reporting tool, clearly showing functional data and, when needed, the ability for comparison. The default dashboard shows daily activities that are easily captured allowing for information to be extracted. 

What needs improvement?

In the current version, RSA is a little slow mainly because of Silverlight which I believe has been removed in the next version. We have some issues using .NET because migrating requires retraining the custom object every time; it's a manual change which is challenging. For that reason, we don't use the custom object. What's needed is a valueless field, where we can drag and drop, add some values and the process is automatic. I'd also like to see an 'approved' button incorporated in the notifications for updates. It would save time and make life easier for the end users.  

For how long have I used the solution?

I've been using this solution for 11 years. 

What do I think about the scalability of the solution?

This solution is very easy to scale and easy for new users to understand.

How are customer service and support?

Because we use most of the modules we're paying a lot to get good support. We interact with someone from RSA on a weekly basis and deal with any issues on the platform.

How was the initial setup?

The initial setup is straightforward when you understand the system. We put our new users in the sandbox environment and get them to play around with it before setting out our requirements. It can be a bit of a challenge initially but not for long. It's not a common platform and is different from other tools. Once our users are implementing, it's a very smooth process for them. We have a total of seven developers, four are in-house and three are on contract. 

Deployment time depends on the use case; if it's a large implementation, it can take between six and nine months. The solution needs maintenance because of the updates and that often results in patching needs. We're using Archer on a daily basis. 

What's my experience with pricing, setup cost, and licensing?

I'm not sure about the cost of the solution but every year we purchase additional on-demand applications. Archer offers a package that allows the purchase of 10 on-demand applications. You can purchase more than that and the price goes up accordingly. I believe these purchases come with two years of maintenance support. 

What other advice do I have?

This is a good solution compared to others in the market because it is more secure. It's suitable for any size company although smaller companies will only need to use certain modules with larger organizations using multiple modules. This is a one-stop storage device that you can access from anywhere. 

I rate this solution nine out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
RAHUL KUMAR TIWARY
Team Leader at a tech services company with 10,001+ employees
Consultant
User-friendly, secure, and reasonably priced
Pros and Cons
  • "It is a very friendly tool. We can easily understand what is going on inside the tool. I like this tool. We can work with the tool for the ERP platform. We can create automated applications based on the requirements."
  • "There were so many problems that we had found. One time, the search index was not working. We also faced slowness in Archer, but I resolved this issue."

What is our primary use case?

I work with user management, policy management, enterprise management, risk management, and third-party management.

We are using its service version. We have to buy that license, and based on the license, they're providing us with the application.

What is most valuable?

It is a very friendly tool. We can easily understand what is going on inside the tool. I like this tool. We can work with the tool for the ERP platform. We can create automated applications based on the requirements.

It is very secure with three levels of access. We can give three levels of access in Archer. We can give access at the field level, application level, and code level. So, it is very secure.

What needs improvement?

There were so many problems that we had found. One time, the search index was not working. We also faced slowness in Archer, but I resolved this issue. The queue services were running on two servers, whereas they should have been running only on one server. There were also many duplicate records. I had to go and check the specific field and update that. After that, we removed all duplicate records from Archer.

What do I think about the stability of the solution?

We faced performance issues only in the lower version. The reason was that they were using only three servers and one database. We increased the services and RAM, and we had two application servers, three web servers, and one database. Whenever there are any performance issues, we need to check the jobs in the server backend. Sometimes, jobs are running for the last five days and that's why new jobs are not being picked up. In such cases, we have to prioritize the jobs that will go first and that will go second.

What do I think about the scalability of the solution?

It is easy to scale. If we want to increase the number of users in Archer, we have so many tools. We can create more than 1,000 users in Archer at one time. We only need a license. 

Currently, more than 30,000 users are using Archer. We plan to keep using this solution. It is being used by so many companies.

How are customer service and support?

When we face any issues related to the application, RSA is there immediately. We can raise a ticket and after that, they help us. Everything is fine in terms of support.

Which solution did I use previously and why did I switch?

Previously, they were storing the data in Excel sheets, but when they wanted to move to Archer, based on the requirements, I created the fields, and I created the workflow and access control for that.

I have worked on SAP ERP in my previous company. I started to work on Archer after I moved to this company.

How was the initial setup?

In our team, we have only three members. I am from India and two more people are from the US. Because our team size is very small, we have to perform every activity. We take care of the administrative work, development work, and support work. If anything happens in the system, we will check why it is happening and sort it out.

An application's deployment typically takes one month, but it will vary based on the requirement. If we are working on one application with more than 100 fields or critical workflows, it will take time. For fewer fields or workflows, we can create an application within a week, and we can move it to production.

What's my experience with pricing, setup cost, and licensing?

It is not expensive. It is reasonable. We only pay for the licensing.

What other advice do I have?

I would rate RSA Archer an eight out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about RSA Archer. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,143 professionals have used our research since 2012.
Security Solutions Architect at a tech services company with 10,001+ employees
Real User
It requires little programming ability but costs more than competitors
Pros and Cons
  • "I like how Archer requires very little programming ability. A person with minimum coding experience can configure the necessary fields in Archer. It's more of a drag-and-drop solution."
  • "When we have to do formulas or some other type of calculation in Archer, it sometimes doesn't work correctly. The fields don't display right, and we have to contact RSA Archer support to fix things. I think the calculation components are a bit complicated."

What is our primary use case?

We use Archer as a risk management portal. We've customized Archer to follow the Sherwood Applied Business Security methodology for governance and risk assessment. We don't use the compliance module much.

How has it helped my organization?

The main benefit is that we can automate risk management. The whole purpose of having Archer is to automate governance, risk, and compliance. Previously, we used to do everything in Excel sheets and Notepad. It was mostly manual. We'd send emails to people and collect information. Once you have Archer, you can automate all these processes.

What is most valuable?

I like how Archer requires very little programming ability. A person with minimum coding experience can configure the necessary fields in Archer. It's more of a drag-and-drop solution. 

What needs improvement?

When we have to do formulas or some other type of calculation in Archer, it sometimes doesn't work correctly. The fields don't display right, and we have to contact RSA Archer support to fix things. I think the calculation components are a bit complicated.

For how long have I used the solution?

I've been using RSA Archer every day for the past six years.

What do I think about the stability of the solution?

RSA Archer's overall performance is good. It slows down at times whenever a script or some process is running in the backend. Sometimes our users have complained about the speed.

What do I think about the scalability of the solution?

Scaling up RSA Archer is a straightforward process. You just need to upgrade your hardware and software. We have about 80 end-users working on Archer now. 

How are customer service and support?

We've opened several tickets with RSA, and they're settled pretty quickly. The experience has always been good. 

Which solution did I use previously and why did I switch?

When we started working with Archer, it was more or less the only product in the field that could do GRC automation. A few have been launched since then, but we've only ever worked with Archer.

How was the initial setup?

Deploying RSA Archer is effortless. You just need to make a database backup of Archer and keep it somewhere. Then you can install Archer on any server and load the backup. Everything from A to Z comes back. It's restored, and you don't have to do anything. It's a straightforward process. The initial installation takes three hours, and two technicians can handle the job. 

After installation, it doesn't need much maintenance. We periodically deploy some security patches on the operating system, make backups, and cross-verify if the backup is working correctly or not. 

What's my experience with pricing, setup cost, and licensing?

The initial purchase is cheap. You pay a nominal price to start then renew the license annually. You also must buy a license for each module. I'm not too fond of that aspect of the licensing model. You buy the elephant and then spend more money to feed the elephant.

What other advice do I have?

I rate RSA Archer seven out of 10. To anyone thinking about deploying Archer, I would suggest exploring other products in the market as well. Archer is a bit costly compared to its competitors. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Principal Consultant at a tech services company with 10,001+ employees
Consultant
Top 20Leaderboard
Streamlines management and organization but struggles with large amounts of data
Pros and Cons
  • "Even non-technical people can be masters of the product."
  • "Some areas are not truly automated but are only scheduled."

What is our primary use case?

My primary use cases are IT risk management, policy management, IT compliance management, vendor risk management, and vulnerability management. 

How has it helped my organization?

RSA Archer allows you to create on-demand policies and custom solutions. It automates all our governance, risk, and compliance processes so that they can be easily managed and organized. Archer can build and automate workflows for anything that contributes to your risk.

What is most valuable?

The most valuable features of this solution are the ease of developing solutions and managing advanced workflows.

What needs improvement?

The main improvement I would like to see in the on-premises version is the amount of data the product can hold. You need to have a really good server to make it run if you have a large amount of data, which may be challenging for bigger organizations. Another improvement would be making more features available as APIs. There are also some automation issues - some areas are not truly automated but are only scheduled, requiring someone to be present to monitor the process, meanwhile using a lot of automation can slow the system. Finally, I would like to see more scope for developers to play around with the project - currently, it is so tightly coupled that you do not have many options compared to some other products.

For how long have I used the solution?

I've been working with RSA Archer for ten years.

What do I think about the stability of the solution?

Assuming you stay within the limits stated in Archer's documentation, the stability is good. However, if you exceed their limits, you may need to play around with your power distribution to keep everything running smoothly. New patches or updates can also cause hiccups with stability.

What do I think about the scalability of the solution?

The product is easy to scale.

How are customer service and support?

Archer's technical support is pretty good - they are supportive, and their ticketing system provides real-time updates about any incidents that occur. The team also responds quickly to high-priority issues.

How was the initial setup?

Setup was straightforward - for the on-premises version, the vendor sends an executable file, then you procure your resources and deploy yourself. The installation itself takes about twenty minutes at most, although preparation to install can take some time.

What's my experience with pricing, setup cost, and licensing?

This product is at the higher end of the price scale, but it provides better, more accessible functionality and customization than cheaper products.

What other advice do I have?

You don't need any experience with coding language to use this solution as it has drag-and-drop functionality. In two to three months, even non-technical people can be masters of the product. In addition, out-of-box solutions like risk management and policy management are really good. Maintenance is not a big problem, but if you heavily customize the product, you may need someone to keep an eye on those. I would also say that if you don't have your processes measured, don't jump directly into any of these products, including Archer. Make sure your processes are mature before implementing a product like this. I would rate this product as seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Lead Analyst - Security Governance at a retailer with 1,001-5,000 employees
Real User
One platform with good options for tailoring to requirements; lacking somewhat in customization
Pros and Cons
  • "Good dashboards and reporting features; it's easy to gather reports quickly."
  • "There are certain restrictions on API integrations, and it is not simple or straightforward."

What is our primary use case?

We have a partnership with RSA Archer and I'm a lead analyst and GRC for the company. 

How has it helped my organization?

We use this solution as a central repository. Instead of using various GRC options or other tools, we can use one platform with options to tailor the product to our needs. That's the benefit of using RSA Archer.  

What is most valuable?

I like the dashboards and reporting features; it's easy to gather reports quickly which is great when your VP is waiting for the KPIs. The solution is generic and it's great to have out-of-the-box workflows and concepts. I'm very satisfied with Archer, possibly because I've been using it for so long and I'm in my comfort zone. I know, for example, that ServiceNow GRC is more customizable but it's not as secure as RSA Archer.

What needs improvement?

I'm using a Mac and I can't get Archer to load in Safari. In addition, there are certain restrictions on API integrations, and it is not simple or straightforward. I'd like more customization and to be able to design our API integrations more easily, it would make a huge difference. We moved to SaaS because we wanted more integration and we wanted RSA to help with that. There has been some improvement but it's still not great. For no reason that we can figure out, there are issues with email; sometimes it works and sometimes it doesn't. We've raised that problem with RSA. There are some security concerns when it comes to authentications or DMZ or service accounts, which are still managed by RSA.

For how long have I used the solution?

I've been working with various Archer solutions for about nine years. 

What do I think about the stability of the solution?

The SaaS version is stable. We have an Archer admin team that meets weekly with a representative from RSA so that any concerns or issues can be resolved as soon as possible. 90% of my work is on Archer and about 60% of the company are users of this product. 

What do I think about the scalability of the solution?

The scalability of the solution is reasonable. 

How are customer service and support?

I'm satisfied with the Archer support. 

How was the initial setup?

I don't have a good recollection of the deployment process but we had three representatives from RSA and three or four engineers from a vendor contractor. Deployment probably took over six months, including the change from on-prem to SaaS. The solution hasn't required maintenance since we moved to SaaS. 

What other advice do I have?

It's important to first look at the out of box workflow that RSA is offering, and then go for customization. Don't customize or overdo workflow because it degrades the overall Archer performance.

I rate this solution seven out of 10. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
RSA Archer Consultant at a tech services company with 1-10 employees
Consultant
Excellent advanced workflow but issues with performance
Pros and Cons
  • "Makes auditing much more convenient."
  • "Performance could be improved."

What is our primary use case?

My main use cases are risk assessment and policy use. I also use this solution to create on-demand applications.

How has it helped my organization?

RSA Archer allows you to implement government risk compliance and acts as a mechanism to ensure that the compliance policies and standards are met. It also documents every exception with proper reasoning. This makes auditing much more convenient.

What is most valuable?

The most valuable feature is the advanced workflow, which has totally ruled out any issues with data-driven events and which makes it easier to explain things to end-users because you can show them a screenshot of the workflow.

What needs improvement?

An area for improvement is Archer's use of Internet Explorer as a core browser due to its dependence on Silverlight, despite Microsoft ending its support for IE and moving to Edge. I would like to see an end to the use of Silverlight and IE and for Archer to add the ability to use any browser to make key changes and configurations. In addition, I would like for the new questionnaire feature to be developed further and for Archer to develop a proper built-in framework for working with organizations with sub-organizations and multiple companies.

For how long have I used the solution?

I've been working with RSA Archer for 28 years.

What do I think about the stability of the solution?

Archer's performance could be improved - older versions can be very slow, and the application crashes from time to time.

What do I think about the scalability of the solution?

Archer is easy to scale.

How are customer service and support?

I have to contact technical support about once a month due to some issues with logging in. Generally, the team is responsive and proficient, though sometimes they can be a little slow to respond.

How was the initial setup?

Initial setup is quite complex because every organization requires three instances of Archer, which requires changing the specific components for each instance and needs three teams to be involved in deployment. Deployment can take anywhere from a couple of hours to a full day or two, depending on how many different modules are being installed and the areas being impacted.

What's my experience with pricing, setup cost, and licensing?

Archer is fairly highly-priced, especially for smaller companies.

What other advice do I have?

If using the on-premises version of Archer, it's necessary to train at least a couple of people who can provide ongoing support. Prior to purchasing the product, make sure that you define your exact requirements and go over them with the RSA Archer team. I would rate this product as seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Sameh Hablas
CEO at Al Danah Information Systems Solutions
Real User
Top 20Leaderboard
Simple to use product that gives a great return on investment
Pros and Cons
  • "RSA Archer has reduced the time and effort required for meetings."
  • "The product is expensive."

What is our primary use case?

My primary use case for this solution is for the customizing and compliance system, especially for the first standard, ISO 27001, related to the information security management system.

How has it helped my organization?

RSA Archer has reduced the time and effort required for meetings because every person or department can enter their asset register by themselves. It's also useful that to get information on the spot, you don't need to have it in an Excel sheet to make it a compiler or a function. It is also a unified product, meaning that every person can enter any font or type of equation they need. It records information for several years, which means if I need to fix any observation from the past five years, I can do so on the system on the spot. Finally, it provides intelligent suggestions for solutions and risk management.

What is most valuable?

The most valuable feature of this solution is that risk mitigation and risk register are very easy - it's very simple to enter the data.

What needs improvement?

I would like to see a version of the product customized for small businesses, perhaps something cloud-based on a monthly basis. I would also like the product to be more easily integrated with the Arabic language. 

For how long have I used the solution?

I have been using RSA Archer for around two years.

What do I think about the stability of the solution?

This product is 100% stable, without a lot of bugs.

What do I think about the scalability of the solution?

The solution is scalable.

How was the initial setup?

The setup was complex, taking around three to six months.

What about the implementation team?

I used a vendor team.

What was our ROI?

First of all, we have gained time back that was previously wasted in management meetings. Secondly, approving any risk is much quicker with this solution, requiring only one click. RSA Archer has given us a return of investment on both time and money.

What's my experience with pricing, setup cost, and licensing?

The product is expensive, and there are additional costs if you need to integrate more licenses or want more features.

Which other solutions did I evaluate?

Before choosing RSA Archer, I evaluated MetricStream.

What other advice do I have?

I totally recommend RSA Archer for anything related to ERC for mid-to-large-sized businesses. I wouldn't recommend it for small businesses as it is very expensive. I would rate this solution as ten out of ten

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
RSA archer at a tech services company with 10,001+ employees
Real User
Top 20Leaderboard
Scalable, overall great functionality, and beneficial assessments
Pros and Cons
  • "RSA Archer is a good tool and I have found performing the application, ISMS, and TPRM assessments beneficial."
  • "In a future release, there should be an option to upload the main data."

What is our primary use case?

We use RSA Archer in my organization for assessments.

How has it helped my organization?

If we want to perform the application assessment or any ISMS assessment, earlier, we had to do it manually. The RSA Archer tool gives us the output in an automated manner, it is beautiful and has helped our organization.

What is most valuable?

RSA Archer is a good tool and I have found performing the application, ISMS, and TPRM assessments beneficial.

What needs improvement?

In a future release, there should be an option to upload the main data.

For how long have I used the solution?

I used RSA Archer within the last 12 months.

What do I think about the stability of the solution?

Early on we faced lots of issues because the communicating with the RSA Archer, the database was not synced properly. Two times when we installed RSA Archer in an environment a few settings and configuration was not correct, this caused the passwords not to match.

The stability could improve.

What do I think about the scalability of the solution?

The scalability is easy to achieve.

Most of our clients are large businesses. I have plans to continue the usage of RSA Archer.

How are customer service and support?

The technical support is good, but they respond a little late, sometimes it can be a few days to have a response.

How was the initial setup?

The initial setup is a bit complex. The whole process can take approximately three hours with one or two people.

We have faced challenges. For example, the database is not synced with the RSA Archer. Few services are not running if the RSA Archer is logging through the local admin or the specific user, we have received errors. 

What about the implementation team?

Archer is responsible for the maintenance of the solution.

What's my experience with pricing, setup cost, and licensing?

The solution's price should be reduced. You only have to pay the license and there are no additional fees.

What other advice do I have?

They have to use RSA Archer if they use the automated tools, their data will be safe.

Though there are some issues with the technicality of the solution, such as errors. The solution provides great features, such as customization, we can customize it as per our requirement.

I rate RSA Archer a ten out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate