We just raised a $30M Series A: Read our story

OneTrust GRC Competitors and Alternatives

Find out what your peers are saying about MEGA HOPEX vs. RSA Archer and other solutions. Updated: November 2021.
552,305 professionals have used our research since 2012.

Read reviews of OneTrust GRC competitors and alternatives

Vivek Shah
GRC Archer Consultant at a tech services company with 10,001+ employees
Top 20Leaderboard
Flexible record permissions and data import features; could be simplified in several key areas

Pros and Cons

  • "Flexible record permissions and data import features."
  • "The solution as a whole could be simplified."

What is our primary use case?

My primary use cases of RSA Archer are for business resiliency, business continuity management, third party vendor management, IT risk management and some of the other governance and compliance applications. We are partners with RSA and I'm an Archer system administrator. 

How has it helped my organization?

There are many benefits to using Archer as a platform. Previously, all processes in the organization were scattered. Once Archer was implemented, everybody had a role to play. It was just a matter of logging in, doing the work, and moving the workflow to the next stage. Prior to Archer, all the work took place via emails or sharing of Excel files. Archer has streamlined everything and it's really helping the organization to manage potential risk and data security. Security is key these days.

What is most valuable?

I believe the record permissions and data import are the most flexible and user-friendly features because they enable all information to be available on the platform.

What needs improvement?

Compared to other GRC tools, RSA Archer is a little complex in the sense that even users need to have some knowledge of the tool. Without any knowledge, both users and developers will have a hard time. I'd like to see the access control part simplified. Reduced complexity in the Advance Workflow and on the front end part of the tool would be really helpful. 

System administrators have overall control over the system, but it would be good if they could get more control over Archer. Finally, Archer has the option of custom coding things not currently supported by RSA. If it were supported that would be a great innovation because clients have needs that are not adjustable or incorporated in the tool. All those changes require coding which increases complexity.

For how long have I used the solution?

I've been using this solution for close to four years. 

What do I think about the stability of the solution?

I think the level of stability and performance is connected to the size of the organization. There can be issues when there is an Excel load in the system, or when there are too many users and too many processes running on the backend. Things can slow down and we've seen glitches and delays. If processing speed could be increased, that would likely solve the issue. 

What do I think about the scalability of the solution?

Scalability is there but it's not easy. You need to be familiar with the system, which can take a couple of months. Once there's familiarity it becomes more user-friendly. It's not as easy as ServiceNow or OneTrust. Those are much lighter tools and easier to learn. Scaling should be more user-friendly. We currently have around 9,000 active users and I expect that to increase in the future.

How are customer service and support?

Customer support is working well and I don't have any complaints about that. 

Which solution did I use previously and why did I switch?

I have used ServiceNow but nowhere near as extensively as I've used Archer. The problem with GRC ServiceNow is that it has limited features, which is why we switched to Archer. It has better features and functionalities.

How was the initial setup?

The initial deployment needs to be carried out in coordination with RSA because it's their product. It requires a web service, application service, database service, everything needs to be designed for the platform. It would be great to have some kind of video or technical demo to help with this. 

If the process of going from the ESC environment all the way to the production environment could be easier that would be really helpful because it's very likely that not all environments will be in sync in most organizations. Features are going to differ from the broad environment to the lower environment and while packaging, the features of the lower environment also come into the production environment. Maintaining synchronization takes a lot of time so if there could be some flexibility and ease, that would save a lot of time for the organization.

What was our ROI?

In terms of return on investment, I think the processes and management as far as risk and governance compliance is concerned, have been very effective. Achieving their objectives and tasks in a timely manner with all the necessary security and parameters along with streamlining is a return on investment. I'm unsure about the benefit in revenue, it's more about improving risk and the governance processes.

What's my experience with pricing, setup cost, and licensing?

Archer is expensive compared to other GRC tools. The product is generally used in multi-national companies like JP Morgan, Morgan Stanley, Amazon, Goldman, or eCommerce. They all use Archer. The cost would be prohibitive for a small or medium-scale company. If Archer is looking at promoting this product, they need to work on the pricing because only large organizations can afford it. There are many additional costs involved so that if one needs to develop some features in the tool there is an additional charge; if you ask RSA for any kind of enhancement or development, they will charge you; and if you'd like some consultation in regards to the product, they will charge you for that too.

What other advice do I have?

This is a really nice tool because the majority of what it provides is not offered by other solutions. It's a matter of learning the tool and accepting how it works with an open mind. Anyone using it will find it really helpful for the GRC processes.

I rate the solution seven out of 10. 

Which deployment model are you using for this solution?

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Find out what your peers are saying about MEGA HOPEX vs. RSA Archer and other solutions. Updated: November 2021.
552,305 professionals have used our research since 2012.