Coming October 25: PeerSpot Awards will be announced! Learn more

RSA Archer OverviewUNIXBusinessApplication

RSA Archer is #1 ranked solution in top GRC tools, top IT Governance tools, and top IT Vendor Risk Management tools. PeerSpot users give RSA Archer an average rating of 8.0 out of 10. RSA Archer is most commonly compared to OneTrust GRC: RSA Archer vs OneTrust GRC. RSA Archer is popular among the large enterprise segment, accounting for 75% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 19% of all views.
RSA Archer Buyer's Guide

Download the RSA Archer Buyer's Guide including reviews and more. Updated: September 2022

What is RSA Archer?

RSA Archer is a solution designed to help your organization manage policies, controls, risks, assessments, and deficiencies across your lines of business. RSA helps you manage your digital risk with a range of capabilities and expertise including integrated risk management, threat detection and response, identity and access management, as well as fraud prevention.

The solution also allows you to adapt a broad range of solutions to your requirements and is a good option for both big and small companies.

RSA Archer Features

RSA Archer has many valuable key features. Some of the most useful ones include:

  • Application builder
  • Advanced business workflow
  • System integration
  • Search, reports, and dashboards
  • Access control
  • Globalization
  • Audit management
  • Privacy program management
  • Security incident management

RSA Archer Benefits

There are many benefits to implementing RSA Archer. Some of the biggest advantages the solution offers include:

  • Taxonomy and data structure: With RSA Archer, you can build and maintain an inventory of personal data processing activities and assets, utilizing a purpose-built taxonomy and data structure.
  • Easy tracking: RSA Archer enables you to track data retention schedules and execute a checklist as it relates to processing activities.
  • Smooth management: By using RSA Archer, you can manage activities related to notifications and consents linked to the processing activity inventory.
  • Improve information assurance programs: RSA Archer enables agencies to improve information assurance programs for continuous monitoring and assessment and authorization.
  • Compliance: By providing compliance management, RSA Archer allows you to consolidate information from multiple regulatory bodies and establish a sustainable, repeatable, and auditable regulatory compliance program.
  • Business continuity: With RSA Archer, you can automate business continuity and disaster recovery planning to protect your organization in the event of a crisis.

Reviews from Real Users

Below are some reviews and helpful feedback written by PeerSpot users currently using the RSA Archer solution.

A Specialist, RSA Archer at a tech services company, says, “RSA Archer is a valuable tool because it can manage the end-to-end functioning of any enterprise GRC module, such as compliance and risk management or business continuity plans and the entire BCM module. RSA Archer also provides many out-of-the-box solutions, which are use cases derived from the standards for GRC or risk management, governance, and compliance. It provides an end-to-end mechanism for business users on a single platform. That includes reporting, managing workflow, creating documentation, or tracking a process where you need to get approval from the various levels within the organization's hierarchy.”

PeerSpot user Krishnendu S., Vice President at a financial services firm, mentions, "It is enterprise-wide accessible. So, it is very helpful for all the employees in our bank. They can log in and do their risk management activities. It has a few inbuilt modules that are helpful for doing risk management activities, such as issue management, risk identification, risk assessment, and policy exception management. It also has some inbuilt workflows inside these modules. They are also helpful."

A Sr. Internal Auditor at an energy/utilities company comments, "Its user interface is pretty neat, and there is flexibility in generating the data. You can customize reports at any level. You can directly get reports in Tableau format. If you want to generate statistical data, you can create reports with graphs. There is an adequate amount of flexibility for changing the format, the type of graphs, etc."

Another PeerSpot user, Manash B., Technology Manager at a tech services company, explains, "RSA is a very rich application. I like its adaptive suggestion, where based on your users and the class of data, it can actually recommend you the proper control to choose. For example, we have been using PCI DSS as an NIST. So based on application feedback, it will provide you with a suggestion on which control objective needs to be set. Based on that, you can make a decision—you don't need to take the suggestion, but you can customize that particular provided suggestion. RSA Archer's workflow is also good, in terms of process automation."

RSA Archer was previously known as Archer.

RSA Archer Customers

T-Systems, Bridge Point, Equifax, First Data, Global Imaging Company, Manulife Financial

RSA Archer Video

Archived RSA Archer Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Security Specialist at a tech consulting company with 1-10 employees
Consultant
Configure security applications easily while retaining the capability to customize with and without coding
Pros and Cons
  • "The most valuable part of the product is the ease-of-use and the opportunity to create custom security applications easily."
  • "There are some issues with the interface for version 6.5 but these may already be repaired and simplified in the new versions that have been released."

What is our primary use case?

I am developing applications in Archer from RSA (Rivest, Shamir, and Adelman). It is quite easy to implement the application. You just configure the workflow, define the forms and how the data is processed in the application. Everything can be configured without coding. You can use a code also to create special functionalities, but it is easy to do almost everything without coding at all.  

How has it helped my organization?

It gives me the opportunity to create custom security applications easily.  

What is most valuable?

The most valuable part of the product is the ease-of-use.  

What needs improvement?

I am currently using an older version of the product so my installation is not current. There have already been two new versions of Archer released after the version I have. I use 6.5 and 6.6 and 6.7 have been released. These two are minor releases. They are not really affecting the inner workings of how to do tasks but improving certain features like the interface. When I am creating applications I like to have what I know is a stable and familiar version of the product, so I do not automatically upgrade to the newest versions available.  

Because I have not upgraded, the graphical user interface is not the current one. It is not very modern and as user-friendly as it could be. I heard that the new versions have improved the graphical interface very much in this respect, and it should no longer be a problem at all. So, for now, I have some issues with the interface for this version but it may already be repaired and simplified in the new versions that exist.  

One thing I might like added is the ability to record a workflow in another application. It is really a sort of very technical thing and it is possible to do it in other ways, but adding this to the product could really help with the simplification of creating new workflows. This could make it easier, to implement some technical things.  

Buyer's Guide
RSA Archer
September 2022
Learn what your peers think about RSA Archer. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
632,779 professionals have used our research since 2012.

For how long have I used the solution?

I have been using RSA Archer for one year.  

What do I think about the stability of the solution?

I have not experienced any problems with the stability of the product. It works as expected in accordance with the resources and feedback I received from my IT department. It can use a SQL server, a web server, or whatever I need. There is no problem with lag or overuse of resources on the server.  

What do I think about the scalability of the solution?

The product is flexible and scalable. The processes that are created with the product are going to be used by every manager in this company. That is a total of about forty to sixty people right now.  

As far as how extensively I will use RSA Archer in development, everything I develop is per request. When somebody requests functionality, I am the one responsible for implementing it. It is not really possible to predict how often or how many requests come in or how complicated they will be. Usually, I am using it at least a few days every month. But I may be asked to implement an application that the other employees may use daily.  

How are customer service and support?

I had a few problems initially understanding the sample they showed for the implementation. Once I contacted support they told me a few things to try and sent me links to additional documentation. When I read about it, I was able to easily resolve the issues I was having. When I was then also introduced to the community, I was able to continue to quickly solve any problems I had. There is a huge community of users that is quite active and can help other users to solve issues. It is great when others who have already solved similar problems in real life share their knowledge about how to solve those problems in your own environment.  

But in general, from my experiences, I would rate the support at RSA as very good.  

Another benefit is that — although there are many features already — you can propose new features directly to the company. There is a place in the user community to propose those features where they can be discussed. If they are popular features with users, they are implemented. So you can ask for anything and if you have an idea which is good — something which is required by others — it is usually implemented. I have recommended about four or five features that are in the process of being considered. It is a really good way for the company to guide their efforts in improving the product.  

Which solution did I use previously and why did I switch?

A similar product that we used before RSA Archer was LDRPS (Living Disaster Recovery Planning System). We had to move from LDRPS to the RSA product because LDRPS went to the cloud. The security requirements of our management and of our customers are generally that they do not want to have very critical information on the cloud. In some cases, they can not have it there at all. We have to use a tool that is possible to install on-premises. When we were evaluating solutions, I was testing several of the products. I chose RSA Archer because it met this requirement and other needs we had for flexibility.  

I chose RSA Archer because I was tasked to find a tool that could implement business continuity planning. Archer can implement more processes in many ways, so it not difficult to implement anything from incident management to business continuity, to change management. Anything somebody asks me to do, they provide the requirements and it is really easy to implement it in this. On top of that, it is easy to customize.  

So this is the reason why we chose Archer. It is easy to implement, it is easy to change the workflow, and it is easy to customize the processes.  

How was the initial setup?

Archer can be set up for use in very small environments and you can use one tool for several installations. It can be installed on several servers concurrently, so every server might be configured to have special features and styles and the instances of the installations cooperate together to provide the functionality of the tool. So the complexity of the setup depends on how large an environment you have. At this moment, I have experience only with very small environments, running the product on one computer. But the product also has great documentation. Just using the documentation alone I was able to install the product really easily and get it up and running on the one server.  

It took me a little more than one day to install. The deployment really depends on the use case. The use case is processing or the kind of process you are creating. For example, processing may need to analyze requirements supplied by customers. The more requirements and more processes you need in Archer the more complex the setup will be. Usually, it takes a few days to create a process. I would say on average that processes are implemented in five days. The options and features that the tool has are really quite vast. There are lots of features and every company only chooses to use some of them, which they license and use separately. It can be compared to something like Jira.  

What about the implementation team?

I did not have to consider using an outside vendor for the installation and I was able to complete the install by myself with the help of the documentation.  

Which other solutions did I evaluate?

Many tools that I tested had processes wired into the application without any option to change them. When I needed to fill requirements that differed even slightly from what was already implanted in the tool I would need to make a workaround or need to implement another tool. This would not have been the best way to go about what I would need to accomplish regularly.  

What other advice do I have?

For people considering this product, they have to be sure that it is a product that could really do what they need it to do. Mostly any workflow can be implemented in the process in the application if they want to build it. The best thing would probably be that they should just try it and see. I would definitely recommend this product, but it may not be the tool everyone likes the best.  

On a scale from one to ten where one is the worst and ten is the best, I would rate RSA Archer as a nine-out-of-ten.  

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Sameh Hablas - PeerSpot reviewer
CEO at Al Danah Information Systems Solutions
Real User
Top 10Leaderboard
Streamlines management of internal processes, assists with governance and compliance
Pros and Cons
  • "Archer seamlessly integrates data systems without requiring additional software."
  • "I would like to have the ability to build and maintain an inventory of personal data processing activities and assets utilizing a purpose-built taxonomy and data structure."

What is our primary use case?

We use RSA Archer as an Information Security Management Systems Compliance solution in sectors such as business resiliency, operational and enterprise risk management, audit management, public sector, security and IT risk management, third-party governance, and regulatory compliance management.

How has it helped my organization?

RSA Archer GRC modules allow you to build efficient, collaborative enterprise governance, risk, and compliance (GRC) programs across IT, finance, operations, and legal domains. With RSA Archer, you can manage risks, demonstrate compliance, and automate business processes.

What is most valuable?

This solution allows us to define and automate business processes for streamlining the management of content, tasks, statuses, and approvals.

We are able to consolidate governance, risk, and compliance information of any type.

Archer seamlessly integrates data systems without requiring additional software.

Automate movement of data into and out of the platform to support data analysis, process management, and reporting.

What needs improvement?

I would like to have the ability to build and maintain an inventory of personal data processing activities and assets utilizing a purpose-built taxonomy and data structure.

Tracking data retention schedules and executing a checklist based on Article 30 requirements as it relates to processing activities would be a helpful addition.

Having the ability to manage activities related to notifications and consents linked to the processing activity inventory would improve this solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
RSA Archer
September 2022
Learn what your peers think about RSA Archer. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
632,779 professionals have used our research since 2012.
IMRAN ALMARZOOQI - PeerSpot reviewer
Team Lead: IT Security Compliance at a energy/utilities company with 10,001+ employees
Real User
A rich feature set helps save time and effort, making us more efficient and saving us money
Pros and Cons
  • "The most valuable feature is the enterprise module, which provides the capability of having all of the information stored and linked with everything else."
  • "The bullet chart is the best graph for my purposes, and it should be available for inclusion in the dashboards."

What is our primary use case?

We use this solution for task management and reporting, with a focus on Risk Management services. We have this solution deployed on-premises.

How has it helped my organization?

Before we adopted this solution, everything was done in Excel. One of the main modules that we are using is the Risk Management module. We're in IT, and IT is a big domain, so if we have a lot of findings then the Excel worksheet would be passed between different people, and the data would be scrambled. Someone would later have to come back and bring all of the information together into one sheet. It was very hectic, troublesome, and time-consuming. We had a lot of things to take care of, and we needed a dedicated team just to bring the information together. We also needed expertise in terms of who can put the information together into a graphical format to make it easier for management to understand, as well as more general reporting.

Previously, we had almost zero reporting because of this hectic chaos. Now, we have all of the information right there, like a central repository. All of the risk owners have access to it. They can see their own and they can automatically fill in their actions and give us updates. With the central location, we have minimal resources required in order to prepare the review. We can export, report, create dashboards, drag and drop, etc. It has saved us a lot of effort.

What is most valuable?

The most valuable feature is the enterprise module, which provides the capability of having all of the information stored and linked with everything else. For me, that is eye-catching.

What needs improvement?

The dashboarding in this solution needs to be improved, specifically the graphics. I am trying to find other solutions because I want to create management dashboards. This product has its own built-in design capabilities and how to present things, but it doesn't have a bullet chart. The bullet chart is the best graph for my purposes, and it should be available for inclusion in the dashboards. We are doing audits and risk management, and there are timelines related to when things are due. All of that can be very easily seen in a bullet chart graph, but what is available now are pie charts, bar charts, and the simple information that is not as meaningful.

The reporting features are very basic, PowerPoint-like capabilities, that should be improved. They should be more like the features available in Power BI, or Tableau. As a workaround, I tried dumping the information from Archer into these two solutions, but it would be much better to have the functionality built-in.

When it comes to searching, the filtering process is not very intuitive. If I want to filter then I have to use too many buttons to get to what I'm trying to search for. If they can simplify the researching process then that would be good.

For how long have I used the solution?

We have been using this solution for five years.

What do I think about the stability of the solution?

This solution is very, very stable.

What do I think about the scalability of the solution?

This is a very scalable solution. After we implemented this solution, two different departments saw it and were impressed with the tool and how the work could be done centrally. We spoke with the vendor and added the scope for these departments. Now, it is centralized throughout the company.

We do plan to increase our usage of this solution. Its capabilities are almost infinite, but we're probably utilizing just twenty percent of it. We know its capabilities and what it can do, but there is a shortage in the availability of resources that can actually utilize the tool. There are perhaps three or four people that can use at least forty percent of the functionality.

We've assigned a task to a few team members so that someone can get a fresh look at how we can fully utilize it. It's a heavy tool and we want to use it. The problem is that it's just not that easy because you need someone who will actually understand the logic behind it, and also has the experience with the functionality. This is not expertise in the solution, but rather, the management. For example, we need someone who can understand the entire risk management flow in order for them to be able to use the tool efficiently.

Because of the vast differences in the domains being used in Archer, each team member is using a section of it. It's not really utilized how I want it, because I'm the leader of the team and I want to use this as the main tool for the entire IT department. However, I don't have the resources who can actually spend that much time to use it.

How are customer service and technical support?

Technical support for this solution is very good.

We had one person as an expert that was providing level one and level two support for the solution. We had minimal occasions where we had to go to level three, which is to contact RSA directly. We did have some questions here and there, and we understood that the technical support team is very good at their job.

Which solution did I use previously and why did I switch?

We did not use another solution prior to choosing this one. Everything was done using Microsoft Excel.

How was the initial setup?

The initial setup of this solution was very complex because of our organization. We had to manually put in the entire organization and the functional design. We had multiple teams, departments, and divisions. It is a very mature organization that has more than seven thousand employees, and there are a lot of sections. We have gone through multiple re-organizations and still haven't had the time to actually change the structure in this solution, because of how complex it is. It was complicated and still is.

Deployment took a full year with dedicated resources. Seven people were involved in the deployment, each one working on a different thing. One was doing the logic, another was doing the structure, etc. We have very different models, including Risk Management, Audit, and Enterprise, so each person was working on something.

What about the implementation team?

We hired a consultant to help us out with the deployment. After it was complete, we gave him a job and he came to work for us. Because it was so complex, we didn't have the resource in terms of someone to actually understand the tool because of how complicated it was to build it from scratch to match our organizational structure. It takes time for someone to understand the entire company, and since the integrators did that within the year, it was easier for us to bring him on board and then train people along the way.

What was our ROI?

We have seen ROI with this solution, although not directly. Before Archer, we needed people to come in to perform services for us. For example, if we needed to do risk management then we needed someone. They had to create the document, the module, and the framework, and then they come and do the assessment themselves. They are the ones that actually do the questioning, get the results, and give us the reports. That, itself, costs a lot of money because we have many services in IT.

Our on-premise expertise is aware of most of the things that are on the ground, but we just don't have the capacity to deal with all of them. So, we do it in small batches, here and there. We want people for cloud, people for risk management, people for audit, and people for compliance. Each of those different modules has a different price tag on it.

With this tool, once it was built and designed, we were able to use our own internal resources. We don't need to go outside. All of the questions are already there. The policies and procedures are already built-in, and you just need to tweak them a bit. So, it helps us just in understanding what's there, on the ground, and then we can mark our territory from there. Overall, it saves us a lot of money to be spent if we are taking care of these services individually.

Which other solutions did I evaluate?

We did evaluate other products back when I was in the metrics team. I was also looking into other tools just recently because we need the contract for the extension of the maintenance for another five years. So far, Archer has been the best. It stands out among the other tools that are coming into the market, and there is no comparison.

What really separates RSA Archer from the other solutions is the depth and richness of the different features and functionality that it has.

I've seen other tools that are very intuitive, easy to deploy, and easy to understand, but not as rich in functionality as RSA. This is the solution that I want to make the best use of, but I'm not prepared to do that because of the dashboarding. In three years, we will re-visit the evaluation process.

What other advice do I have?

My advice for anybody considering this solution is that if you are a mature organization then this is the best tool to use. It has cross-disciplinary functionalities in which multiple teams can be using the same solution. Companies who are not yet mature, but want to develop, can use this tool as a baseline that will help them mature.

It has the entire process. It will help you streamline what you want, have visibility of what you need, and you can build up. Basically, it's a central repository for everything. We have enterprise architects who are interested in this solution because of the Enterprise module, and it's capabilities. Having all of the information connected, within itself, is the best value that you can have.

I, myself, wanted to become an expert and certified in using this tool. The only thing that stopped me was the lack of bullet chart capabilities in reporting. It's what is holding me back.

Without the support for bullet charts, the visibility that we need is lacking. For example, if there is a textual date like the 25th of April 2020, for us there is no visible representation of the date. A bullet chart will tell you how far it is, how far we have come already, and what the target is to get there. This is an amazing tool, but without that graphical representation, it just puts that aside. This is why I'm trying to find another tool that will compensate for that.

I would rate the closest runner-up to this solution a six out of ten, with all of the other solutions somewhere below that.

When it comes to this solution, I would rate it an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user6036 - PeerSpot reviewer
Project Manager at a insurance company with 501-1,000 employees
Vendor
Needs better support for Basel.

Valuable Features:

- Community content in the Archer Exchange is very valuable - Easy to use - Highly configurable

Room for Improvement:

We evaluated Archer but at the time its poor support for Basel (e.g. cap allocation) was a deal stopper for us. If you're not in the financial services industry then Archer might be a better fit. We also found Archer to be on the expensive side but we didn't get to the point of negotiating a better price.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free RSA Archer Report and get advice and tips from experienced pros sharing their opinions.
Updated: September 2022
Buyer's Guide
Download our free RSA Archer Report and get advice and tips from experienced pros sharing their opinions.