We are migrating to ServiceNow, which isn't as rich as RSA Archer, but it's better in terms of usability. It's easier to integrate each and every control with the entities and it's easier to assign incidents and policies. The process automation and workflow is good in RSA Archer, but it's available in ServiceNow as well. For control audit purposes, since we are migrating to ServiceNow, we have actually mapped the entities and, from there, we are doing the controls-based audit. 

We evaluated multiple tools, but we thought Archer would best fit for our use case.

Yes, we do evaluate other options/framework available in market e.g. ServiceNow GRC, OneTrust etc.

But we suggest best option basis the client requirement and which suites most in terms of cost and effort.

At one time, it was the only thing available. Now there are other products that I would consider.

I have experience working with other GSU products and as a competitive analysis, I'd rate RSA's capability above that of other products. RSA Archer is more mature in terms of providing solutions. It's only when you compare the UI between solutions that Archer's competitors have an advantage. 

I did not previously evaluate any other solutions.

We did evaluate other products back when I was in the metrics team. I was also looking into other tools just recently because we need the contract for the extension of the maintenance for another five years. So far, Archer has been the best. It stands out among the other tools that are coming into the market, and there is no comparison.

What really separates RSA Archer from the other solutions is the depth and richness of the different features and functionality that it has.

I've seen other tools that are very intuitive, easy to deploy, and easy to understand, but not as rich in functionality as RSA. This is the solution that I want to make the best use of, but I'm not prepared to do that because of the dashboarding. In three years, we will re-visit the evaluation process.

Before choosing RSA Archer, I evaluated MetricStream.

Many tools that I tested had processes wired into the application without any option to change them. When I needed to fill requirements that differed even slightly from what was already implanted in the tool I would need to make a workaround or need to implement another tool. This would not have been the best way to go about what I would need to accomplish regularly.