Return on investment is definitely there, in a sense, because with this particular governance, we can mitigate the risks of different kinds of losses. For example, with one of our applications, I have been looking into the portfolio that deals with PCA and PA data. If the upper control objectives are not managed properly, then there may be vulnerabilities which, if not properly remediated, will lead to losses—customer data loss and intellectual property loss. So there is definitely an ROI with this GRC tool. 

We saw an ROI.  So, it's like we mostly get back whatever investment we put in and took for the license of RSA Archer. Within six months, we can retrieve it.

We've definitely seen a saving with the automation of the process. It saves time which can be spent on other activities. And, of course, that means a cost saving. 

I can say RSA Archer is worth the cost.

Its ROI is quite high when you look at how long it takes for people to input stuff for compliance risk, vulnerability management, and threat management. The centralization of data allows you to get a pretty high return on your investment pretty quickly because it's really easy to implement. It doesn't take like a year. You can do it in less than two months, depending on the solution that you want to implement. The customization opportunities with reporting are also pretty high.

In terms of return on investment, I think the processes and management as far as risk and governance compliance is concerned, have been very effective. Achieving their objectives and tasks in a timely manner with all the necessary security and parameters along with streamlining is a return on investment. I'm unsure about the benefit in revenue, it's more about improving risk and the governance processes.

The ROI depends on the company's needs as RSA has 7 solutions, the company can pay based on the subscription. 

We have seen ROI with this solution, although not directly. Before Archer, we needed people to come in to perform services for us. For example, if we needed to do risk management then we needed someone. They had to create the document, the module, and the framework, and then they come and do the assessment themselves. They are the ones that actually do the questioning, get the results, and give us the reports. That, itself, costs a lot of money because we have many services in IT.

Our on-premise expertise is aware of most of the things that are on the ground, but we just don't have the capacity to deal with all of them. So, we do it in small batches, here and there. We want people for cloud, people for risk management, people for audit, and people for compliance. Each of those different modules has a different price tag on it.

With this tool, once it was built and designed, we were able to use our own internal resources. We don't need to go outside. All of the questions are already there. The policies and procedures are already built-in, and you just need to tweak them a bit. So, it helps us just in understanding what's there, on the ground, and then we can mark our territory from there. Overall, it saves us a lot of money to be spent if we are taking care of these services individually.

We've seen a return with RSA Archer. My organization started with a single project in RSA Archer, and now we are handling multiple businesses at multiple levels and doing several different projects in RSA Archer. And the clients are returning customers. They want to get into RSA Archer as much as they can.

First of all, we have gained time back that was previously wasted in management meetings. Secondly, approving any risk is much quicker with this solution, requiring only one click. RSA Archer has given us a return of investment on both time and money.

I have seen a return on investment.

We've seen a good return on investment in terms of time saved.