49 Reviews and Ratings
6 Reviews and Ratings
RSA Archer is fantastic at cataloguing, personalizing assessments, raw reporting, and capacity to add custom fields. It is a little clunky around adding contextual information to notifications, peeking into data before attempting to load pages, quick navigation or determining linked (or sub-linked) relationships. These are all concerns that can either be worked around with an appropriate data scheme or with careful administration of the sub-routines.Incentivized
Well suited for general compliance, multiple initiatives, and integration with TeamMate. SAP GRC Process control may be better suited for an SAP environment. Oracle GRC may be better suited for an Oracle environment. Overall, BWise is a very cost effective, and flexible solution.Incentivized
Integration capabilities to multiple enterprise systemsControl standards and Procedures to address multiple regulatory/authoritative sources, standards and frameworks enabling test once satisfy many requiremntsRapid application development and User friendly tool with configuration capability to customize easily without user requiring programming or coding skills
Great reporting tool (uses SAP Business Objects). It is quite flexible on types of reports that can be created and supported. Also the reporting consultants are very competent and nice.Highly customizable solution: almost everything can be tailored to an organization's needs, assessments, audits, issues, recommendations, tasks, etc. However, there's a trade-off between customization and the integration of different areas of the organization.Increases visibility and efficiency in the organization. BWise offers centralized repositories (catalogs) that can be easily accessed and used by everyone in the organization (e.g. Process catalog, Policies and Procedures catalog, Risks, Controls, Laws catalogs, etc.). Also, the application allows findings on controls tested by Audit to be automatically reflected in controls monitored by SOX for example, without the need for SOX to retest them. So one area can leverage on the work of other areas increasing operational efficiency.Increases integration and avoids silos. By choosing the correct design (e.g. Risk Workshops instead of Open Assessments), one area can see and benefit from another areas' work. An example was mentioned above; another would be Operational Risk area considering the results of Business Continuity, Vendor Management, Info Security, etc. assessments when carrying out theirs. Additionally, processes can be integrated: when contracting a new vendor for instance, one can include questions about data confidentiality and usage of models in the Vendor risk assessment. Answers to these could then trigger Info Sec / Model Risk assessments.Increases accountability. Application provides full audit/change log with the type of change, name of executor, and date of change.Easier follow-up. BWise sends automatic emails with reminders to the people required to take action on an issue, assessment, etc.Incentivized
They release time to time updates, which causes issues in the GUI. However, one has to be careful while installing the update.There is no open and free academy to learn more about the tool.One cannot stay to a particular product version, they have to move to the next version to keep up with the changes.Incentivized
Integration with SAP for continuous control monitoring.Control mapping to standards: ISO; COSO; COBIT; HIPAA; SP800_53 (NIST); FedRAMP; PCI_DSS; BITS; GAAP; AICPA; BSI; CCM; COPPA; CSASurveys.Incentivized
BWIse is very flexible, and an affordable GRC tool.Incentivized
Good tool to get the information communicated, approval workflow, and easy to add new findings/questionnaires. Seems to be compatible with different browsers and little downtime. Only request for improvement is to add an export feature with fewer clicks. Maybe batch export.Incentivized
I found BWise to be very intuitive and user friendly.Incentivized
Our RSA Archer team is dedicated to finding solutions for our organization. They haven't mentioned any issues with receiving support with deployment or bug fixes, and generally the platform is very dependable. They are always very excited about delivering a version upgrade and presenting any new features that provide more dashboards or chart types.Incentivized
BWise support is knowledgeable and responsive. Bug fixes and development are also timely and ongoing.Incentivized
The main issues were managing the internal conflicts and competing objectives, rather than the capability and implementation of BWise itself.Incentivized
It has been roughly 5 years since I have seen Securevue, so a lot can change, but to me it felt like several products were purchased and an attempt was made to piece them all together into a single solution (and I believe that may have been true). It also required agents on endpoints which did not fit the model I believed customers were looking for. MetricStream appeared to be difficult to install as it took their own engineers some time to get it installed in my lab environment. I did not think their web interface was as intuitive as RSA Archer. Customization to the platform was possible to some degree, but required a lot more work and technical skills than required by Archer. I did like the landing page for MetricStream which called out the important action items for the current user, but Archer v6.X now has this feature.Incentivized
Wasn't personally involved in the vendor selection process. I am aware that one of the main drivers for selecting BWise was cost (I believe BWise total project cost was several times lower than MetricStream's).Incentivized
We were able to achieve approx 63% gain in operational efficiency.Reduce the number of findings and exceptions during an Internal audit to almost zero.Get compliance to all client contracts tracked through the tool thus increasing the confidence of clients in our systems and processes.Incentivized
Increased employee efficiency especially considering incident management and follow up.Increased visibility and senior management information/awareness.Increased employee accountability.Reduction of silos.Incentivized