Fabricio Oliveira Nascimento - PeerSpot reviewer
PMO Project Manager - Information Security at Redbelt
MSP
Top 10Leaderboard
Great support, easy to deploy, and scalable
Pros and Cons
  • "The solution has helped our organization manage our internal and external activities."
  • "The financial area of RSA Archer has room for improvement."

What is our primary use case?

We use RSA Archer to connect to the purchasing department so that vendors can sell new projects, and we can connect these sales to our project management. This solution connects both areas to develop demand and activities, allowing us to control technical resources and manage hours. RSA Archer also helps with Project Builder and Microsoft Project to check activities, start and finish times, and layered activities.

How has it helped my organization?

The solution has helped our organization manage our internal and external activities.

What is most valuable?

The price of the solution is very affordable.

What needs improvement?

The financial area of RSA Archer has room for improvement. I would like to be able to send invoices to our customers through the solution.

Buyer's Guide
RSA Archer
March 2024
Learn what your peers think about RSA Archer. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.

For how long have I used the solution?

I have been using the solution for three years.

What do I think about the stability of the solution?

I give the stability an eight out of ten.

What do I think about the scalability of the solution?

We have 100 people using the solution. I give the scalability an eight out of ten.

How are customer service and support?

Technical support is the best.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup is straightforward. The deployment required five people.

What was our ROI?

I have seen a return on investment.

What's my experience with pricing, setup cost, and licensing?

I give the price a five out of ten.

What other advice do I have?

I give the solution an eight out of ten.

I recommend the solution to others.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Cyber security consultant at a financial services firm with 1,001-5,000 employees
Consultant
Easy to configure, but customization is a challenge
Pros and Cons
  • "This solution helped us with the centralization of our governance data, so we could house all of our controls in one place. We could use that central repository of all our controls to build our risk management strategy and our policy and governance. So we could use controls as a central library and build policy, and then build risk management around it."
  • "Archer could be improved by having more customization. I'm not sure if the backend processes have API calls and those kinds of seamless integrations, but from the front, some of the solutions are very out-of-the-box. It's not customizable, so that could be a little problematic since you have to use their features. In terms of the backend structure, I'm not too sure because I'm not a developer—I was an end user and product owner of Archer—and I don't quite know the backend and developmental features. But since it's an out-of-the-box solution, sometimes customization was challenging and support was a little problematic because we had to reach out to them all the time."

What is our primary use case?

Our primary use case of this solution is for GRC. I work for a bank and we used this tool to audit our information security team and our cybersecurity team. We had our control library, regulatory requirements, and third-party risks on Archer. So basically, I would say audit, regulatory requirements, third-party risk management solutions, and all kinds of controls, including SOX. These are the integrations we had set up. Right now, it's deployed on-prem. 

How has it helped my organization?

This solution helped us with the centralization of our governance data, so we could house all of our controls in one place. We could use that central repository of all our controls to build our risk management strategy and our policy and governance. So we could use controls as a central library and build policy, and then build risk management around it. 

What is most valuable?

One of the most valuable features is the ease of use. The customizable forms and drop-downs are pretty easy to configure. Automated notifications is another feature that is nice. The whole workflow, basically—if you're going through a workflow process, the whole process is automated with notifications. Basically, it's a pretty straightforward, easy-to-understand interface. I've also had the chance to develop some backend configurations, which is straightforward as well, if you want to add a new field or anything. 

What needs improvement?

Archer could be improved by having more customization. I'm not sure if the backend processes have API calls and those kinds of seamless integrations, but from the front, some of the solutions are very out-of-the-box. It's not customizable, so that could be a little problematic since you have to use their features. In terms of the backend structure, I'm not too sure because I'm not a developer—I was an end user and product owner of Archer—and I don't quite know the backend and developmental features. But since it's an out-of-the-box solution, sometimes customization was challenging and support was a little problematic because we had to reach out to them all the time. 

For how long have I used the solution?

I have been working with this solution for the past 18 months. 

What do I think about the stability of the solution?

We did have a few outages, but otherwise, I must say it's fairly reliable. 

For maintenance, there's an admin dashboard. It's a capability that is handed over to our user and admin has super user access. 

What do I think about the scalability of the solution?

This solution is quite scalable. At that point, it really depends on the strategy. Since we had all our controls on Archer, it was easy for us to scale and deploy other applications or develop other applications seamlessly. But imagine you had your controls on a different application—if it was not on Archer and you had to scale, it would be challenging to move all your data into Archer and then scale. So that is something that could be challenging, but since our strategy was already Archer through and through, we did not find it difficult to scale. 

There are approximately 500 users, across all departments, using Archer. It is being used extensively at the moment. Right now, we don't have plans to increase usage, but I'm sure there's going to be organic growth. 

How are customer service and support?

On a scale of one to five, I would probably rate support a three. I wouldn't say it's the best, but it's not bad either, in terms of both the response time as well as the support. 

Which solution did I use previously and why did I switch?

We used SharePoint for a bit. We switched to Archer because the graph, user interface, and all that was better than SharePoint. I'm not too sure about the strategic decision because I wasn't with the organization back then, but I know that they wanted a centralized location for their governance, risk, and applications. 

How was the initial setup?

I think the deployment process is pretty straightforward. The solution was deployed for us through a third-party consulting agency, so it wasn't Archer or RSA developers, but a third party that implemented the solution for us. During the time of deployment, we were in a CI/CD mode, so we always had new applications, customization, new fields getting added. 

What about the implementation team?

A third party implemented the solution for us. 

What other advice do I have?

If you are considering implementation, my advice would be to decide on a strategy first before you implement a solution. The solution is nice, but unless you have a strategy, I don't see the point in implementing it. 

I rate Archer a seven out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
RSA Archer
March 2024
Learn what your peers think about RSA Archer. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
PeerSpot user
CEO at Al Danah Information Systems Solutions
Real User
Top 20
Simple to use product that gives a great return on investment
Pros and Cons
  • "RSA Archer has reduced the time and effort required for meetings."
  • "The product is expensive."

What is our primary use case?

My primary use case for this solution is for the customizing and compliance system, especially for the first standard, ISO 27001, related to the information security management system.

How has it helped my organization?

RSA Archer has reduced the time and effort required for meetings because every person or department can enter their asset register by themselves. It's also useful that to get information on the spot, you don't need to have it in an Excel sheet to make it a compiler or a function. It is also a unified product, meaning that every person can enter any font or type of equation they need. It records information for several years, which means if I need to fix any observation from the past five years, I can do so on the system on the spot. Finally, it provides intelligent suggestions for solutions and risk management.

What is most valuable?

The most valuable feature of this solution is that risk mitigation and risk register are very easy - it's very simple to enter the data.

What needs improvement?

I would like to see a version of the product customized for small businesses, perhaps something cloud-based on a monthly basis. I would also like the product to be more easily integrated with the Arabic language. 

For how long have I used the solution?

I have been using RSA Archer for around two years.

What do I think about the stability of the solution?

This product is 100% stable, without a lot of bugs.

What do I think about the scalability of the solution?

The solution is scalable.

How was the initial setup?

The setup was complex, taking around three to six months.

What about the implementation team?

I used a vendor team.

What was our ROI?

First of all, we have gained time back that was previously wasted in management meetings. Secondly, approving any risk is much quicker with this solution, requiring only one click. RSA Archer has given us a return of investment on both time and money.

What's my experience with pricing, setup cost, and licensing?

The product is expensive, and there are additional costs if you need to integrate more licenses or want more features.

Which other solutions did I evaluate?

Before choosing RSA Archer, I evaluated MetricStream.

What other advice do I have?

I totally recommend RSA Archer for anything related to ERC for mid-to-large-sized businesses. I wouldn't recommend it for small businesses as it is very expensive. I would rate this solution as ten out of ten

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Gulsher Baloch - PeerSpot reviewer
GRC Solution Consultant at SPMCONSULTING
Reseller
Top 10Leaderboard
Provides efficient dashboard features, but its scalability needs improvement
Pros and Cons
  • "It has the best workload management features."
  • "Its customization features could be better."

What is our primary use case?

We use the solution for administration and policy management purposes.

What is most valuable?

The solution's most valuable features are data feeds, templates, reports, dashboards, and workload management.

What needs improvement?

The solution’s customization features could be better. Its performance and scalability need improvement as well. 

For how long have I used the solution?

We have been using the solution for two years.

What do I think about the stability of the solution?

I rate the solution's stability a five out of ten.

What do I think about the scalability of the solution?

The solution’s scalability is low compared to OpenPages. At present, we have two users for it in our organization. We might increase the usage ahead.

How are customer service and support?

We have received assistance from the solution’s technical support team many times.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Our clients migrated their work data from Archer to OpenPages for better performance and scalability.

How was the initial setup?

We can deploy the solution on the cloud and premises as well. It depends on the client’s requirements. The process takes approximately two to three hours to complete. We develop a management module in the testing server. After a successful review from the client, we export the package to the production environment.

What's my experience with pricing, setup cost, and licensing?

The solution’s pricing is moderate.

What other advice do I have?

I rate the solution a five out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer:
Flag as inappropriate
PeerSpot user
Software Developer at a insurance company with 201-500 employees
Real User
The stability is fine, but tech support could be more knowledgeable
Pros and Cons
  • "I have found all the features to be valuable, including those involving reporting, the dashboard, notifications, email modules, the database and data input."
  • "I find the tech support to be inadequately knowledgeable."

What is our primary use case?

The solution is an integrated platform. We use it for risk management, mitigation and integration. 

What is most valuable?

I like that the solution has the ability to export data and provide us with daily reports. 

I have found all the features to be valuable, including those involving reporting, the dashboard, notifications, email modules, the database and data input.

What needs improvement?

There are many issues which Archer needs to work on, including those involving the database and the UI. I find the tech support to be inadequately knowledgeable. 

As I am a developer and responsible for providing production support, I do not have personal knowledge of the pricing. However, my colleagues claim that it is very expensive in comparison with other tools. 

What do I think about the stability of the solution?

As concerns the stability, we have not encountered any bugs, glitches or performance issues. 

What do I think about the scalability of the solution?

Starting from the outset, we have employed very few applications, the current number being just shy of 50. 

How are customer service and support?

The tech support should be more knowledgeable. 

Which solution did I use previously and why did I switch?

We did not use a different solution prior to RSA Archer, which we have been with for a long time. 

How was the initial setup?

As relates to the deployment process, I found the new packaging thing to be a bit complex, although it is fine. I got used to it. 

The length of the process varies with the number of applications. 

What about the implementation team?

One person is required to set up the solution. The solution must be maintained. 

What's my experience with pricing, setup cost, and licensing?

As I am a developer and responsible for providing production support, I do not have personal knowledge of the pricing. However, my colleagues claim that it is very expensive in comparison with other tools.

What other advice do I have?

There are presently between 50 and 100 people making use of the solution in our organization. 

The solution comes with very good features. If they could just fix a couple of things then this solution would make a very good evergreen tool. 

I rate RSA Archer as a seven out of ten. 

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Team Leader at a tech services company with 10,001+ employees
Real User
User-friendly, secure, and reasonably priced
Pros and Cons
  • "It is a very friendly tool. We can easily understand what is going on inside the tool. I like this tool. We can work with the tool for the ERP platform. We can create automated applications based on the requirements."
  • "There were so many problems that we had found. One time, the search index was not working. We also faced slowness in Archer, but I resolved this issue."

What is our primary use case?

I work with user management, policy management, enterprise management, risk management, and third-party management.

We are using its service version. We have to buy that license, and based on the license, they're providing us with the application.

What is most valuable?

It is a very friendly tool. We can easily understand what is going on inside the tool. I like this tool. We can work with the tool for the ERP platform. We can create automated applications based on the requirements.

It is very secure with three levels of access. We can give three levels of access in Archer. We can give access at the field level, application level, and code level. So, it is very secure.

What needs improvement?

There were so many problems that we had found. One time, the search index was not working. We also faced slowness in Archer, but I resolved this issue. The queue services were running on two servers, whereas they should have been running only on one server. There were also many duplicate records. I had to go and check the specific field and update that. After that, we removed all duplicate records from Archer.

What do I think about the stability of the solution?

We faced performance issues only in the lower version. The reason was that they were using only three servers and one database. We increased the services and RAM, and we had two application servers, three web servers, and one database. Whenever there are any performance issues, we need to check the jobs in the server backend. Sometimes, jobs are running for the last five days and that's why new jobs are not being picked up. In such cases, we have to prioritize the jobs that will go first and that will go second.

What do I think about the scalability of the solution?

It is easy to scale. If we want to increase the number of users in Archer, we have so many tools. We can create more than 1,000 users in Archer at one time. We only need a license. 

Currently, more than 30,000 users are using Archer. We plan to keep using this solution. It is being used by so many companies.

How are customer service and support?

When we face any issues related to the application, RSA is there immediately. We can raise a ticket and after that, they help us. Everything is fine in terms of support.

Which solution did I use previously and why did I switch?

Previously, they were storing the data in Excel sheets, but when they wanted to move to Archer, based on the requirements, I created the fields, and I created the workflow and access control for that.

I have worked on SAP ERP in my previous company. I started to work on Archer after I moved to this company.

How was the initial setup?

In our team, we have only three members. I am from India and two more people are from the US. Because our team size is very small, we have to perform every activity. We take care of the administrative work, development work, and support work. If anything happens in the system, we will check why it is happening and sort it out.

An application's deployment typically takes one month, but it will vary based on the requirement. If we are working on one application with more than 100 fields or critical workflows, it will take time. For fewer fields or workflows, we can create an application within a week, and we can move it to production.

What's my experience with pricing, setup cost, and licensing?

It is not expensive. It is reasonable. We only pay for the licensing.

What other advice do I have?

I would rate RSA Archer an eight out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Security Specialist at a tech consulting company with 1-10 employees
Consultant
Configure security applications easily while retaining the capability to customize with and without coding
Pros and Cons
  • "The most valuable part of the product is the ease-of-use and the opportunity to create custom security applications easily."
  • "There are some issues with the interface for version 6.5 but these may already be repaired and simplified in the new versions that have been released."

What is our primary use case?

I am developing applications in Archer from RSA (Rivest, Shamir, and Adelman). It is quite easy to implement the application. You just configure the workflow, define the forms and how the data is processed in the application. Everything can be configured without coding. You can use a code also to create special functionalities, but it is easy to do almost everything without coding at all.  

How has it helped my organization?

It gives me the opportunity to create custom security applications easily.  

What is most valuable?

The most valuable part of the product is the ease-of-use.  

What needs improvement?

I am currently using an older version of the product so my installation is not current. There have already been two new versions of Archer released after the version I have. I use 6.5 and 6.6 and 6.7 have been released. These two are minor releases. They are not really affecting the inner workings of how to do tasks but improving certain features like the interface. When I am creating applications I like to have what I know is a stable and familiar version of the product, so I do not automatically upgrade to the newest versions available.  

Because I have not upgraded, the graphical user interface is not the current one. It is not very modern and as user-friendly as it could be. I heard that the new versions have improved the graphical interface very much in this respect, and it should no longer be a problem at all. So, for now, I have some issues with the interface for this version but it may already be repaired and simplified in the new versions that exist.  

One thing I might like added is the ability to record a workflow in another application. It is really a sort of very technical thing and it is possible to do it in other ways, but adding this to the product could really help with the simplification of creating new workflows. This could make it easier, to implement some technical things.  

For how long have I used the solution?

I have been using RSA Archer for one year.  

What do I think about the stability of the solution?

I have not experienced any problems with the stability of the product. It works as expected in accordance with the resources and feedback I received from my IT department. It can use a SQL server, a web server, or whatever I need. There is no problem with lag or overuse of resources on the server.  

What do I think about the scalability of the solution?

The product is flexible and scalable. The processes that are created with the product are going to be used by every manager in this company. That is a total of about forty to sixty people right now.  

As far as how extensively I will use RSA Archer in development, everything I develop is per request. When somebody requests functionality, I am the one responsible for implementing it. It is not really possible to predict how often or how many requests come in or how complicated they will be. Usually, I am using it at least a few days every month. But I may be asked to implement an application that the other employees may use daily.  

How are customer service and technical support?

I had a few problems initially understanding the sample they showed for the implementation. Once I contacted support they told me a few things to try and sent me links to additional documentation. When I read about it, I was able to easily resolve the issues I was having. When I was then also introduced to the community, I was able to continue to quickly solve any problems I had. There is a huge community of users that is quite active and can help other users to solve issues. It is great when others who have already solved similar problems in real life share their knowledge about how to solve those problems in your own environment.  

But in general, from my experiences, I would rate the support at RSA as very good.  

Another benefit is that — although there are many features already — you can propose new features directly to the company. There is a place in the user community to propose those features where they can be discussed. If they are popular features with users, they are implemented. So you can ask for anything and if you have an idea which is good — something which is required by others — it is usually implemented. I have recommended about four or five features that are in the process of being considered. It is a really good way for the company to guide their efforts in improving the product.  

Which solution did I use previously and why did I switch?

A similar product that we used before RSA Archer was LDRPS (Living Disaster Recovery Planning System). We had to move from LDRPS to the RSA product because LDRPS went to the cloud. The security requirements of our management and of our customers are generally that they do not want to have very critical information on the cloud. In some cases, they can not have it there at all. We have to use a tool that is possible to install on-premises. When we were evaluating solutions, I was testing several of the products. I chose RSA Archer because it met this requirement and other needs we had for flexibility.  

I chose RSA Archer because I was tasked to find a tool that could implement business continuity planning. Archer can implement more processes in many ways, so it not difficult to implement anything from incident management to business continuity, to change management. Anything somebody asks me to do, they provide the requirements and it is really easy to implement it in this. On top of that, it is easy to customize.  

So this is the reason why we chose Archer. It is easy to implement, it is easy to change the workflow, and it is easy to customize the processes.  

How was the initial setup?

Archer can be set up for use in very small environments and you can use one tool for several installations. It can be installed on several servers concurrently, so every server might be configured to have special features and styles and the instances of the installations cooperate together to provide the functionality of the tool. So the complexity of the setup depends on how large an environment you have. At this moment, I have experience only with very small environments, running the product on one computer. But the product also has great documentation. Just using the documentation alone I was able to install the product really easily and get it up and running on the one server.  

It took me a little more than one day to install. The deployment really depends on the use case. The use case is processing or the kind of process you are creating. For example, processing may need to analyze requirements supplied by customers. The more requirements and more processes you need in Archer the more complex the setup will be. Usually, it takes a few days to create a process. I would say on average that processes are implemented in five days. The options and features that the tool has are really quite vast. There are lots of features and every company only chooses to use some of them, which they license and use separately. It can be compared to something like Jira.  

What about the implementation team?

I did not have to consider using an outside vendor for the installation and I was able to complete the install by myself with the help of the documentation.  

Which other solutions did I evaluate?

Many tools that I tested had processes wired into the application without any option to change them. When I needed to fill requirements that differed even slightly from what was already implanted in the tool I would need to make a workaround or need to implement another tool. This would not have been the best way to go about what I would need to accomplish regularly.  

What other advice do I have?

For people considering this product, they have to be sure that it is a product that could really do what they need it to do. Mostly any workflow can be implemented in the process in the application if they want to build it. The best thing would probably be that they should just try it and see. I would definitely recommend this product, but it may not be the tool everyone likes the best.  

On a scale from one to ten where one is the worst and ten is the best, I would rate RSA Archer as a nine-out-of-ten.  

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Security Solutions Architect at a tech services company with 10,001+ employees
Real User
It requires little programming ability but costs more than competitors
Pros and Cons
  • "I like how Archer requires very little programming ability. A person with minimum coding experience can configure the necessary fields in Archer. It's more of a drag-and-drop solution."
  • "When we have to do formulas or some other type of calculation in Archer, it sometimes doesn't work correctly. The fields don't display right, and we have to contact RSA Archer support to fix things. I think the calculation components are a bit complicated."

What is our primary use case?

We use Archer as a risk management portal. We've customized Archer to follow the Sherwood Applied Business Security methodology for governance and risk assessment. We don't use the compliance module much.

How has it helped my organization?

The main benefit is that we can automate risk management. The whole purpose of having Archer is to automate governance, risk, and compliance. Previously, we used to do everything in Excel sheets and Notepad. It was mostly manual. We'd send emails to people and collect information. Once you have Archer, you can automate all these processes.

What is most valuable?

I like how Archer requires very little programming ability. A person with minimum coding experience can configure the necessary fields in Archer. It's more of a drag-and-drop solution. 

What needs improvement?

When we have to do formulas or some other type of calculation in Archer, it sometimes doesn't work correctly. The fields don't display right, and we have to contact RSA Archer support to fix things. I think the calculation components are a bit complicated.

For how long have I used the solution?

I've been using RSA Archer every day for the past six years.

What do I think about the stability of the solution?

RSA Archer's overall performance is good. It slows down at times whenever a script or some process is running in the backend. Sometimes our users have complained about the speed.

What do I think about the scalability of the solution?

Scaling up RSA Archer is a straightforward process. You just need to upgrade your hardware and software. We have about 80 end-users working on Archer now. 

How are customer service and support?

We've opened several tickets with RSA, and they're settled pretty quickly. The experience has always been good. 

Which solution did I use previously and why did I switch?

When we started working with Archer, it was more or less the only product in the field that could do GRC automation. A few have been launched since then, but we've only ever worked with Archer.

How was the initial setup?

Deploying RSA Archer is effortless. You just need to make a database backup of Archer and keep it somewhere. Then you can install Archer on any server and load the backup. Everything from A to Z comes back. It's restored, and you don't have to do anything. It's a straightforward process. The initial installation takes three hours, and two technicians can handle the job. 

After installation, it doesn't need much maintenance. We periodically deploy some security patches on the operating system, make backups, and cross-verify if the backup is working correctly or not. 

What's my experience with pricing, setup cost, and licensing?

The initial purchase is cheap. You pay a nominal price to start then renew the license annually. You also must buy a license for each module. I'm not too fond of that aspect of the licensing model. You buy the elephant and then spend more money to feed the elephant.

What other advice do I have?

I rate RSA Archer seven out of 10. To anyone thinking about deploying Archer, I would suggest exploring other products in the market as well. Archer is a bit costly compared to its competitors. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free RSA Archer Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2024
Buyer's Guide
Download our free RSA Archer Report and get advice and tips from experienced pros sharing their opinions.