We performed a comparison between OneTrust GRC and RSA Archer based on real PeerSpot user reviews.
Find out in this report how the two GRC solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."OneTrust GRC is stable."
"As a solution for IT risks, it is a very good product."
"Vendors can be assessed and rated out of the tool, and assessments can be scheduled for updates at certain intervals."
"It does help in the automation of our privacy impact assessments."
"The product helps us streamline audit and incident management processes."
"We receive notifications or cases and prioritize them accordingly, which helps us address issues promptly."
"One of the valuable features of this solution is it has the ability to review fourth and fifth parties to the nth degree."
"I have found all the features to be valuable, including those involving reporting, the dashboard, notifications, email modules, the database and data input."
"With RSA Archer, an admin can set permissions for a normal user to go directly to the tool they need to input some data. Admins can then go through that and approve some requests. Also, they can log in based on these kinds of permissions, including ticketing, service patches, or upgrades."
"Archer has simplified our security audits. It's made it easier to raise and trigger questionnaires to customers."
"Archer seamlessly integrates data systems without requiring additional software."
"The most valuable part of the product is the ease-of-use and the opportunity to create custom security applications easily."
"Flexible record permissions and data import features."
"Solution is scalable."
"I like how Archer requires very little programming ability. A person with minimum coding experience can configure the necessary fields in Archer. It's more of a drag-and-drop solution."
"OneTrust GRC's workflows aren't automated and need to be manually driven."
"There are limitations to customized workflow automation, and they need to increase both the available automation and the customized workflow."
"They could improve by offering free help. A solution, a lot of times, is not just the use of the solution. For example, it is the overall engagement, how well do they support the system, what is their SLA, and how long their response time is to an issue. It would be beneficial if they had some type of professional services where they offer the first five hours of professional services a year for free. That would be a substantial benefit rather than having to buy professional services or professional services packages."
"I haven't seen any return on investment using the solution. If I had the opportunity, I would use a different solution."
"The Vendor Risk dashboard is quite basic today and not interactive, but improvements are in coming the next releases."
"The product is not that easy to set up."
"We encounter difficulties creating multiple platforms or interfaces and manual processes for changing certain settings."
"It would be nice if RSA Archer featured more customization. When customers are updating, they should be notified whether certain updates are optional. The install screen should not proceed to the next page unless we make some selections about which updates we want to install."
"Performance could be improved."
"I would like to have the ability to build and maintain an inventory of personal data processing activities and assets utilizing a purpose-built taxonomy and data structure."
"I would like to see real-time data, from vulnerabilities, and threats."
"Solution could use more inbuilt applications."
"An area for improvement would be the user interface. They could also offer more on-demand applications free of cost."
"There is no inbuilt alert in Archer to let us know that a data feed has failed or did not run for different reasons. So, we don't even get to know that a feed has not run until somebody reports it to us. This has been a problem all the time. Data feeds have always been a big headache for us because there is no feature to let us know if a feed has not run or has failed. If Archer had a feature to send us an email notification when a feed has failed, it would've been very helpful. This is the reason why our users are slowly moving away to another platform. Some of the modules that I have been managing are being moved to ServiceNow. Next year, a lot of our modules will be moved from RSA Archer to ServiceNow, and the data feed issue has been one of the main reasons."
"There are certain restrictions on API integrations, and it is not simple or straightforward."
OneTrust GRC is ranked 5th in GRC with 7 reviews while RSA Archer is ranked 1st in GRC with 38 reviews. OneTrust GRC is rated 7.6, while RSA Archer is rated 8.0. The top reviewer of OneTrust GRC writes "Costly solution that may not guarantee ROI, but remains effective in IT risk management ". On the other hand, the top reviewer of RSA Archer writes "A rich application with good workflow, but search feature needs improvement". OneTrust GRC is most compared with ProcessUnity, AuditBoard, Workiva Wdesk, LogicGate and Bitsight Third-Party Risk Management, whereas RSA Archer is most compared with IBM OpenPages, MetricStream, Workiva Wdesk, AuditBoard and Microsoft Purview Communication Compliance. See our OneTrust GRC vs. RSA Archer report.
See our list of best GRC vendors and best IT Vendor Risk Management vendors.
We monitor all GRC reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.