Archer Integrated Risk Management Platform vs. codeBeamer ALM

RSA Archer is fantastic at cataloguing, personalizing assessments, raw reporting, and capacity to add custom fields. It is a little clunky around adding contextual information to notifications, peeking into data before attempting to load pages, quick navigation or determining linked (or sub-linked) relationships. These are all concerns that can either be worked around with an appropriate data scheme or with careful administration of the sub-routines.

Incentivized

In my opinion codeBeamer is well suited for any activity where detailed tracking is needed with teams involved. It can be less suited for small projects which do not last long, or are not continuous, etc

• Integration capabilities to multiple enterprise systems
• Control standards and Procedures to address multiple regulatory/authoritative sources, standards and frameworks enabling test once satisfy many requiremnts
• Rapid application development and User friendly tool with configuration capability to customize easily without user requiring programming or coding skills

• Tracing of requirements.
• Tracking of development.
• Tracking of QA.
• Tracking of bugs.
• Tracking of releases.
• Wiki.
• Users and teams.
• Works for teams scattered across the globe.
• Testing and coverage for releases.
• Integration with SVN.

• They release time to time updates, which causes issues in the GUI. However, one has to be careful while installing the update.
• There is no open and free academy to learn more about the tool.
• One cannot stay to a particular product version, they have to move to the next version to keep up with the changes.

Incentivized

• Search.
• Metric calculation.
• Would be nice that cB is a source of truth, i.e., that say SVN commit is done only from cB; know this is difficult to achieve.

Good tool to get the information communicated, approval workflow, and easy to add new findings/questionnaires. Seems to be compatible with different browsers and little downtime. Only request for improvement is to add an export feature with fewer clicks. Maybe batch export.

Incentivized

Sometimes info in codeBeamer can be lost, in principle, if not well organized by the user, info can never be found, or can be forgotten about, etc

Our RSA Archer team is dedicated to finding solutions for our organization. They haven't mentioned any issues with receiving support with deployment or bug fixes, and generally the platform is very dependable. They are always very excited about delivering a version upgrade and presenting any new features that provide more dashboards or chart types.

Incentivized

Excellent support professionally. Also, thanks for giving me for free access to SaaS cB for my hobbyist project.

It has been roughly 5 years since I have seen Securevue, so a lot can change, but to me it felt like several products were purchased and an attempt was made to piece them all together into a single solution (and I believe that may have been true). It also required agents on endpoints which did not fit the model I believed customers were looking for. MetricStream appeared to be difficult to install as it took their own engineers some time to get it installed in my lab environment. I did not think their web interface was as intuitive as RSA Archer. Customization to the platform was possible to some degree, but required a lot more work and technical skills than required by Archer. I did like the landing page for MetricStream which called out the important action items for the current user, but Archer v6.X now has this feature.

Incentivized

codeBeamer is by far better.

• We were able to achieve approx 63% gain in operational efficiency.
• Reduce the number of findings and exceptions during an Internal audit to almost zero.
• Get compliance to all client contracts tracked through the tool thus increasing the confidence of clients in our systems and processes.

Incentivized

• Customer tracking.
• Process tracking.
• Workflow framework.
• Can be overhead.