TrustRadius
RSA Archer, from the security, governance, and risk division of EMC, is a GRC Platform.https://dudodiprj2sv7.cloudfront.net/product-logos/4M/z9/VB2HT119EETW.gifOld and outdated product, needs an overhaulWe use Archer to manage vendor relationships, vendor contacts, vendor contracts, risk/policy exceptions, and various other vendor risk uses. It is used enterprise-wide and is a key part of doing any work with a third party. We have used different versions of RSA Archer over the years and the team is trying to get the application to the most current platform/release.,It provides a central point to store all vendor information, which for us includes the vendor name, contact info and related agreements/contracts. It provides a central point to store all IT Risk Policies and any active exceptions to those policies. This allows the user to manage their exceptions and submit new items as needed. It allows us to manage 3rd party risk via a questionnaire that is required for all new agreements with vendors.,The technology is poor and seems very out of date. Drop down selections are horrible, the menu system is antiquated and you have to click next multiple times to see all possible choices. The interface is very hard to navigate and the functions and flow of the application does not make a lot of sense. When I interact with the application I feel like I am using old technology. The menu system and forms feel old and out of date. It is very hard to submit a form because it is impossible to identify the required fields until you try and submit the form. Workflows and email notifications are not intuitive or easy to understand. Once you submit a form and the workflow begins, the other participants can only approve or reject, there is no option to edit. So they end up rejecting and making you as the submitter edit and re-submit which starts the process again. The workflow piece of the app is very clunky and hard to work with, I would not recommend it to others.,2,I feel like this tool's limits our ability to have updated policies and procedures. It seems like the application is so archaic that we have to scale our policies down so they will fit within the system. This is not an optimal way to run an IT organization. It has allowed us to standardize all vendor contact info and risk policies in one place. That is really the only value we are getting from the application. It also seems to have poor integration options with other apps. The data in RSA Archer should be sent to tons of other systems as it is important but this seems overly complex and limited options for actually achieving this.,Ivanti ITSM Service Desk, powered by Heat (formerly LANDESK Service Desk), Workday Human Capital Management, CA APMArcher is a quiver full of functionality!RSA Archer was implemented to consolidate over a dozen in-house built systems. It allowed us to consolidate reporting and move teams to a common platform.,Configurable User Interface Hosted in Cloud Economical Solution Common Implementation/Training Consolidated Reporting,Fully understand requirements before implementing, especially if looking for a common user experience Can be supported with FTE's, but make sure you have a few trained to support the app, otherwise consulting support will be required. Understand integration/connectors as these may add cost to your projects.,8,Managing fewer in-house built applications Common reporting Common Field names,ServiceNow Governance, Risk and and Compliance,ServiceNow, Rocket Aldon, IBM Rational ClearCase, IBM Rational RequisitePro, SQL Server Integration Services, Toad for Oracle, Microsoft Visual Studio Team System, Okta, Mule ESBMake GRC experience great with RSA ArcherIn my own organization RSA Archer is used to manage Security operations center, manage the organizational assets, their Risk and compliance assessments. It is being used by departments reporting to the CISO The business problems that it helps solve is to monitor and implement controls against cyber attack’s and threats. The SecOps module of Archer helps with integrating with all sources of security alerts and incidents affecting the organizational assets, remediation activities required to prevent, detect and react to incidents impacting security (confidentiality, integrity availability) and thereby having the up-to-date information on the security posture of the organization,Integration capabilities to multiple enterprise systems Control standards and Procedures to address multiple regulatory/authoritative sources, standards and frameworks enabling test once satisfy many requiremnts Rapid application development and User friendly tool with configuration capability to customize easily without user requiring programming or coding skills,Periodic Updates to contents on controls standards and procedures based on updates additions authoritative source and standards Effectively handle changes in advanced workflow to inflight records,10,Helps accomplish Business driven risk and compliance management and achieve business objectives Risk based decision making helps business to focus on what is priority and what is important Continuous monitoring and improvement help sustain the business operations and continuous growth,ServiceNow and IBM OpenPages,ServiceNow Governance, Risk, and Compliance, IBM OpenPagesRSA Archer - A Straight Shot ReviewAs an Archer consultant, I work with many different types of organizations who are deploying Archer for the first time, or are looking to build upon its capabilities. I have seen instances where it is leveraged both organization wide, or just for a particular department. Archer excels at introducing efficiency to any type of business process, from managing enterprise risk, to tracking non-IT incidents, to implementing a robust vulnerability management program.,Introduces efficiency in business processes to reduce cost. Automation which reduces time and errors. An incredible amount customization capability for the platform.,Archer is not great at getting data and/or reports back out. There are different options and sometimes they meet the requirements, but often times they come up short. Documentation for administrators could be more in depth.,10,Archer certainly provides ROI by introducing efficiency in processes, reducing time for tasks, and reducing errors. Archer workflow, notifications, and reporting provide a method of highlighting important information and notifying users when it is their time to take action. I have seen individuals, especially in an environment working with Policy Management, Compliance Management, C&A, etc., where they spend so much time collecting data and drafting documentation that they are not actually able to contribute to the improvement of the organization. With Archer, those pain points can be alleviated, and those individuals can get back to work and make real changes.,eIQ Securevue and MetricStreamArcher, the audit findings destroyer!RSA Archer is being used in the IT department to manage and provide governance over policies and business continuity. It is also being used for network monitoring through the Security Analytics solution. It addresses the governance issues across the enterprise. It allows us to manage all our our BCM documents in an executable and actionable framework.,Solution customization Accessibility to information User friendly interface,Workflows Exporting Data Reports,8,Successfully passed OCC audit by presenting governance and structure in BCM program Involved other departments in the automation of annual policy updates via workflows,ForeScout CounterACT, RSA Security Analytics,User Access Management Solution customization Custom Reports,Workflows Data Driven Events Role Access Management,Yes, but I don't use it,8
Unspecified
RSA Archer
31 Ratings
Score 7.2 out of 101
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>TRScore

RSA Archer Reviews

RSA Archer
31 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 7.2 out of 101
Show Filters 
Hide Filters 
Filter 31 vetted RSA Archer reviews and ratings
Clear all filters
Overall Rating
Reviewer's Company Size
Last Updated
By Topic
Industry
Department
Experience
Job Type
Role
Reviews (1-8 of 8)
  Vendors can't alter or remove reviews. Here's why.
No photo available
July 02, 2018

RSA Archer Review: "Old and outdated product, needs an overhaul"

Score 2 out of 10
Vetted Review
Verified User
Review Source
We use Archer to manage vendor relationships, vendor contacts, vendor contracts, risk/policy exceptions, and various other vendor risk uses. It is used enterprise-wide and is a key part of doing any work with a third party. We have used different versions of RSA Archer over the years and the team is trying to get the application to the most current platform/release.
  • It provides a central point to store all vendor information, which for us includes the vendor name, contact info and related agreements/contracts.
  • It provides a central point to store all IT Risk Policies and any active exceptions to those policies. This allows the user to manage their exceptions and submit new items as needed.
  • It allows us to manage 3rd party risk via a questionnaire that is required for all new agreements with vendors.
  • The technology is poor and seems very out of date. Drop down selections are horrible, the menu system is antiquated and you have to click next multiple times to see all possible choices.
  • The interface is very hard to navigate and the functions and flow of the application does not make a lot of sense. When I interact with the application I feel like I am using old technology. The menu system and forms feel old and out of date. It is very hard to submit a form because it is impossible to identify the required fields until you try and submit the form.
  • Workflows and email notifications are not intuitive or easy to understand. Once you submit a form and the workflow begins, the other participants can only approve or reject, there is no option to edit. So they end up rejecting and making you as the submitter edit and re-submit which starts the process again. The workflow piece of the app is very clunky and hard to work with, I would not recommend it to others.
I just don't feel the solution is up to par with modern technology. We may use an older version, but overall the application is hard to interact with and it is very slow and not easy to get from start to end of the process. I feel like I am going back in time when I use the application because it is not intuitive and very clunky to use.
Read this authenticated review
No photo available
July 26, 2018

RSA Archer Review: "Archer is a quiver full of functionality!"

Score 8 out of 10
Vetted Review
Verified User
Review Source
RSA Archer was implemented to consolidate over a dozen in-house built systems. It allowed us to consolidate reporting and move teams to a common platform.
  • Configurable User Interface
  • Hosted in Cloud
  • Economical Solution
  • Common Implementation/Training
  • Consolidated Reporting
  • Fully understand requirements before implementing, especially if looking for a common user experience
  • Can be supported with FTE's, but make sure you have a few trained to support the app, otherwise consulting support will be required.
  • Understand integration/connectors as these may add cost to your projects.
It is a good tool and does the job well to consolidate home grown apps to a common platform.
Read this authenticated review
Gideon Manoharan profile photo
February 23, 2018

Review: "Make GRC experience great with RSA Archer"

Score 10 out of 10
Vetted Review
Reseller
Review Source
In my own organization RSA Archer is used to manage Security operations center, manage the organizational assets, their Risk and compliance assessments.

It is being used by departments reporting to the CISO

The business problems that it helps solve is to monitor and implement controls against cyber attack’s and threats. The SecOps module of Archer helps with integrating with all sources of security alerts and incidents affecting the organizational assets, remediation activities required to prevent, detect and react to incidents impacting security (confidentiality, integrity availability) and thereby having the up-to-date information on the security posture of the organization
  • Integration capabilities to multiple enterprise systems
  • Control standards and Procedures to address multiple regulatory/authoritative sources, standards and frameworks enabling test once satisfy many requiremnts
  • Rapid application development and User friendly tool with configuration capability to customize easily without user requiring programming or coding skills
  • Periodic Updates to contents on controls standards and procedures based on updates additions authoritative source and standards
  • Effectively handle changes in advanced workflow to inflight records
Suitable for any organization looking for effective risk and compliance management.

It might be less appropriate for organizations which don’t have any risk or compliance obligations and not regulated by authorities
Read Gideon Manoharan's full review
James Byroads profile photo
June 08, 2016

"RSA Archer - A Straight Shot Review"

Score 10 out of 10
Vetted Review
Verified User
Review Source
As an Archer consultant, I work with many different types of organizations who are deploying Archer for the first time, or are looking to build upon its capabilities. I have seen instances where it is leveraged both organization wide, or just for a particular department. Archer excels at introducing efficiency to any type of business process, from managing enterprise risk, to tracking non-IT incidents, to implementing a robust vulnerability management program.
  • Introduces efficiency in business processes to reduce cost.
  • Automation which reduces time and errors.
  • An incredible amount customization capability for the platform.
  • Archer is not great at getting data and/or reports back out. There are different options and sometimes they meet the requirements, but often times they come up short.
  • Documentation for administrators could be more in depth.
Archer is better suited for an environment that has at least some maturity in its program, whatever that program may be. If an organization does not know stakeholders involved, or the workflow for its own process, or has the technology in place to perform vulnerability scans, then Archer will probably not be much help. If an organization knows these items, but it's all paper based or in Excel spreadsheets, or they are struggling to report on them, or notify an individual when it is their time to take action in a process, then Archer can be a tremendous help.

Read James Byroads's full review
Yitsy Calero profile photo
June 28, 2016

RSA Archer Review: "Archer, the audit findings destroyer!"

Score 8 out of 10
Vetted Review
Verified User
Review Source
RSA Archer is being used in the IT department to manage and provide governance over policies and business continuity. It is also being used for network monitoring through the Security Analytics solution. It addresses the governance issues across the enterprise. It allows us to manage all our our BCM documents in an executable and actionable framework.
  • Solution customization
  • Accessibility to information
  • User friendly interface
  • Workflows
  • Exporting Data
  • Reports
RSA Archer is well suited in an environment where actionable governance exists and documentation is required ad-hoc for audit requests. The ability to maintain up to date information in an application allows accuracy to exist in ad-hoc reports.
Read Yitsy Calero's full review
Debi Cisneros profile photo
June 13, 2016

RSA Archer Review: "Is it really worth the money?"

Score 8 out of 10
Vetted Review
Verified User
Review Source

RSA Archer will be implemented enterprise wide. There are several key obligations to meet, that are driving the business need to manage information security risks, legal and regulatory and contractual compliance.

  • Meet external legal and regulatory and contractual information security and compliance requirements across all business units and in the more than 29 countries.
  • Meet internal company policies and audit requirements for business process and technology improvement.
  • Manage contractual third-party risks due to subcontractors and/or commercial vendors.
  • Demand for security governance, risk and compliance services that cannot be met today.
  • Archer does a very good job at reporting. Management likes to be able to view data in graphical format which Archer dashboards, iViews are easily created with data from across various applications so that management has a single view of all the data required to make informed decisions.
  • Calculations across multiple applications that roll up to give you a risk appetite for the organization.
  • Integrations to popular security tool, rss feeds, to identify possible data breaches before they become an incident.
  • Ease of development of the application. Do not need a programmer or know how to code to customize the platform to your company's business needs and processes.
  • Documentation for the product is sometimes incorrect or has missing information that is needed to understand how a process works within the application. No documentation for data feeds or how to build them on your own. Need to have professional services.
  • Training of the application or platform administration does not go into enough depth. You really have to play around and see how Archer applications cross reference each other. Solution diagrams do not come out clearly in MS Visio.
If you are looking for a central place to manage your company assets, business processes, policies then RSA Archer is very well suited for this type of time consuming activities.
Read Debi Cisneros's full review
Daniel Garcia Muriel profile photo
December 11, 2015

User Review: "Using RSA Archer to manage IT risks"

Score 8 out of 10
Vetted Review
Verified User
Review Source
RSA Archer is mainly used by the Technology Governance, Risk and Controls team to manage IT related risks.
  • Reliable platform
  • Good support
  • Allow organizations to customize the tool accordinng to their own needs
  • Be more user friendly (for non-IT users)
  • Improve approval workflows
I think it is well suited to manage third party service providers' risks.
Read Daniel Garcia Muriel's full review
No photo available
June 17, 2016

"A short and sweet review about RSA Archer"

Score 10 out of 10
Vetted Review
Verified User
Review Source
RSA Archer is being used by my organization within the Internal Audit department to track various company controls, processes, policies, standards, and changes. Additionally, my organization uses RSA Archer to streamline the internal audit process. This helps Internal Audit to have visibility into all controls and their design and operating effectiveness across the entire organization.
  • Makes it easier to streamline running reports.
  • Consolidates various modules into one tool - Change Management, Access Management, Key Frameworks (FFIEC, ISO 27001/2, NIST, etc.).
  • Everyone can see the information in real-time to ensure team collaboration.
  • Very complex and can present a steep learning curve initially.
  • May be difficult for non-technical users to understand the process flow of the tool for various modules.
  • Documentation for the product is sometimes incorrect or has missing information that is needed to understand how a process works within the application.
RSA Archer is better suited for an environment that has at least some maturity in its program. To effectively use this tool, the organization must first understand its various processes and controls in place as they have to be indicated within the tool. Although RSA Archer has "out of the box" templates for these areas, it is essential for the organization to understand these details to properly customize the tool to operate in their environment.
Read this authenticated review

Feature Scorecard Summary

Common repository of GRC items (8)
8.0
Risk management (7)
7.3
Integration with Corporate Performance Management (CPM) systems (6)
7.3
GRC policy management (8)
8.0
Incident management (8)
6.4

About RSA Archer

RSA Archer, from the security, governance, and risk division of EMC, is a GRC Platform.

RSA Archer Technical Details

Operating Systems: Unspecified
Mobile Application:No