2 out of 5.0, Reviewed Oct 25, 2016
RSAM is powerful tool and I believe it offers everything we need for risk management compliance and managing third parties when it is set up and maintained well. However, the tool is not user friendly; it is a powerful product and someone with strong technical skills must manage it ongoing to make frequent changes and optimizations based on business needs. Unfortunately most risk management staff does not have that skill set in order to effectively use, tweak and understand the true system functionality. This technical support requirement is not clearly presented to the customer at sales or even when scheduling of training - which, by the way, is very rudimentary, very technical and still in development. RSAM appears to be developed by very technical / Indian staff which is terrific for the product's power and features, but they have not been able to translate technical terms (uses many terms such as "objects" for front end users) and build processes usable by the average Risk Management user. Very little point and click and drag features. The default configuration offerings are poor; my experience has shown that the risk management process/architecture is very similar across organizations yet a basic set up did not arrive with the system. Consulting to help with implementation and changes/upgrades was outsourced in my case, with a consultant helpful but not fully RSAM experienced/knowledgeable of all the myraid of features. The RSAM helpdesk is very helpful however, and I give them much credit for that; it off sets some of the difficulty of using the product. We plan to keep the product until competitors like ServiceNow (which we use for Helpdesk) mature their GRC product - so we can integrate our asset management with risk scores, etc.
Negotiate initial set up with vendor as part of the price, due to complexity and power/feature layers of product. Choose cloud option. Ask about training options in detail. Training is not great.
The depth and breadth of functionality. The ability to grow the system in phases Its scoring system and the ability to change it at many levels - assumptions made when assessing risk are very important to define and document. RSAM is actively working to improve its product - they are working to stay up with and/or exceed where the fast growing GRC market is going.
Better translate database and system terms necessary to maintain and use the product to plain English/user terminology better. It is not easy to bridge the gap between techtalk and business terms, but they need to try a whole lot harder. Provide different types of training. I was in a 3 day class with people with high technical skills as well as 3 other people who were Risk Consultants/lawyer support etc. We could not keep up with the technical requirements of managing the product. Provide better documentation. Documentation is scant.
Dedicate a technical resource for setup, upgrades, and ongoing support to product and front end users. USE CLOUD OPTION; the system throws a lot of error messages and printing functionality difficult for us. May be our short-staffed organization server management as well as product.
3 out of 5.0, Reviewed Jun 15, 2016
We upgraded from the desktop version to the current web version 8. As always, the time cost promised was way underestimated, ever though we had a pre-existing relationship. It has taken over a year and a half to get about 90% of our original business requirements. The tool doesn't do everything we had hoped it would, and their solution is just for us to keep upgrading at a cost. I would say if you are going to use this tool, try not to customize it so much leverage as much out of the box as possible.
Leverage their existing industry standards.
The ability to risk assess, leveraging a risk based approach the entire business application portfolio within 3 yrs using 2 dedicated resources.
Reporting - all customized using ssrs.
Assigned a more experienced consultant, one that we had worked with before.
Yes, we would leverage more out of the box industry standards.
Had to implement into production to meet our regulatory requirements of assessments with only 50% of the product ready.
1 of 1 peer(s) found this review helpful.
4 out of 5.0, Reviewed Jun 13, 2016
Relatively easy to implement (as compared to other matured GRC products).
Worth evaluating for your environments.
includes various security frameworks, risk ratings and criteria. Business units can fill in their data for evaluations.
Reporting capabilities. Ease of customization.
Improved dashboards and reporting.
Implement decentralized units and global centers as different entities.
4 out of 5.0, Reviewed Jun 13, 2016
Sales and consulting teams are excellent. Pre-sales support experience was stronger than post-sales. Only a few issues dealing with post-sales project management.
Establish timeline commitments for post-sales consulting and implementation.
The product is robust and flexible. The product provides great extensibility in helping us to deliver on our compliance goals.
The interface can be challenging.
A more seamless transition from pre to post sales would have been much better to have had.
I would choose the same product but would work to understand what challenges exist post-sales, including time lines.
Integration can be challenging. However, these challenges can mostly be from internal resource constraints.
4 out of 5.0, Reviewed May 31, 2016
This has been a difficult road to implementing the advertised services. This is both because of lack of planning previously from our management as well as difficulties with their implementation teams.
Define your scope of implementation really well or you will regret it.
Probably not have used this product.
This department needs some improvement.
3 out of 5.0, Reviewed Dec 7, 2015
So for Rsam Technical Support and billing seem to not be firing on all cylinders. Admin Setup can be done by the end-customer but is complicated and requires learning Rsam speak.
Ensure that a good amount of time is set aside for learning Rsam speak and paradigms before your Rsam design phase begins. This will take more than the 3 day basic admin training.
Very capable for many GRC use cases.
Admin setup is complicated. Need to make it easier on the IT/setup admin.
Make setup and configuration 1,000 time easier on the system implementor.
Always start with a good understanding of your processes and good documentation before engaging the vendor.