The Business Value of RSA Archer

EMC logo

Many of you know that implementing an effective governance, risk, and compliance program can be a costly and time-consuming effort: Hardware, software, and the active engagement of a lot of people in the 1st, 2nd, and 3rd lines of defense.  Before implementing a program and periodically throughout the life of the program, the question always arises from senior management: Is this REALLY worth the cost and effort?


I have very good news for you. The return on investment (ROI) in implementing a GRC program using RSA Archer is probably better than most any other investment your organization can make!


Over the past 5 years we have engaged three independent assessments of the ROI of RSA Archer.


The first independent analysis of RSA Archer customer ROI was conducted by Forrester in April, 2012. This analysis showed a 3 year composite ROI of 572%.  Even we were stunned and a little skeptical of Forrester’s estimate.


In November, 2014, GRC 20/20 took a look at one of our largest financial institution customers and confirmed that they were achieving annual savings in excess of $1.5 million / year while increasing assessments 317%, without increasing staff.  We were feeling a little more confident that the ROI was huge.


Finally, just last month, IDC completed an independent analysis of a cross section of Archer customers and concluded that the 5 year ROI related to their Archer implementation was 496%; with average annual benefits of $4.1 million per organization, or $17,931 per user.  That represents a payback period of only 11 months!


The IDC Report attributes the ROI of RSA Archer to 3 factors: improved risk mitigation, greater business productivity, and IT infrastructure cost savings.  I encourage you to read the IDC report.  Your organization’s results might vary based on the scope of your program but you will be able to see the individual breakout for each of the areas where they identified positive returns:

  • Network security breach response
  • Auditing
  • Disaster recovery management
  • Third-party risk management
  • Risk management assessments
  • Regulatory compliance


Whether you have a small program or a large, mature program, it is safe to say that you are probably seeing a significant, positive return on your investment in Archer.  Based on these independent assessments, upward of 500%.  If you don’t believe it, try estimating your own ROI.  I explain how to estimate your ROI in an earlier blog and we have made a template available for you to do so.

Update your feed preferences





submit to reddit