Vendor Insights
An AWS Security Competency Partner, Drata is a GRC automation solution that allows companies to continuously monitor security and compliance controls, automatically collect evidence needed for an audit, and manage and remediate risk. Drata streamlines common compliance frameworks like SOC 2, ISO 27001, GDPR, and more and allows you to share your real-time compliance posture with prospects and customers to build trust and accelerate growth.
Overview
Drata's compliance automation platform integrates with over 200 applications and systems to continuously monitor security controls and streamline over 20 compliance frameworks, standards, and regulations, such as SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, and more. Drata integrates with 45+ AWS services and is a proud AWS Security Competency partner with an AI engine built on AWS Bedrock.
Whether you're looking to get compliant quickly for the first time or want to streamline your complex GRC program, Drata scales with you. Get and stay compliant efficiently, build risk management into your GRC practice, and share your real-time compliance posture with prospects and customers to build trust and sell into new markets.
Continuous automated monitoring alerts Drata customers when security controls aren't operating effectively to remediate, stay secure, and keep from falling out of compliance. Plus, automatic evidence collection makes the audit process as seamless as possible.
Highlights
- Drata for Startups: Drata helps startups create a scalable foundation and systematic approach to compliance to unlock market opportunities and scale safely. Startups can speed up audit prep time with Drata's best-in-class automation and support from our compliance experts to achieve SOC 2 and ISO 27001 compliance quickly.
- Drata for Commercial and Mid Market: Drata helps companies with audit experience establish a scalable GRC program and structured process for risk management. Streamline compliance tasks and substantially reduce manual workloads while leveraging compliance to increase revenue and build trust.
- Drata for Enterprise: Customers can optimize and customize their mature GRC programs and depend on reliable compliance outcomes. Organizations can manage and remediate risk and leverage Drata workspaces and workflows to keep pace with the complexity of advanced compliance programs.
Details
Features and programs
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(2)
ISO27001
SOC2
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on contract duration. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Dimension | Description | Cost/12 months |
|---|---|---|
Drata Platform Fee | Access to the Drata SaaS platform with capacity for a 100 FTE org | $25,000.00 |
SOC 2 Framework | SOC 2 2017 control set | $7,500.00 |
GDPR Framework | GDPR control set | $7,500.00 |
ISO 27001 Framework | ISO 27001 v2022 control set | $7,500.00 |
HIPAA Framework | HIPAA control set | $7,500.00 |
PCI DSS Framework | PCI DSS control set | $7,500.00 |
CCPA Framework | CCPA control set | $7,500.00 |
CMMC Framework | CMMC control set | $7,500.00 |
Microsoft SSPA Framework | Microsoft SSPA control set | $7,500.00 |
NIST CSF Framework | NIST CSF control set | $7,500.00 |
Vendor refund policy
All Orders are non-cancellable and all fees and other amounts you pay under this Agreement are non-refundable.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Included in your contract, Drata provides onboarding, live chat (in product), and continuous enablement. Onboarding includes integration setup, assistance configuring compliance policy and controls in the platform, and guidance on utilizing our network of auditors and technology/service partners to serve you in your compliance journey. support@drata.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Vanta
Top
10
In Centralized Risk Management, Monitoring, Security
Top
25
In IT Business Management
Top
10
In Monitoring
AI generated sentiment from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Continuous Monitoring
Continuously monitors security controls and alerts customers when controls are not operating effectively to remediate and stay secure
Automated Evidence Collection
Automatically collects evidence needed for audits to streamline the audit process
Compliance Framework Integration
Integrates with over 20 compliance frameworks, standards, and regulations such as SOC 2, ISO 27001, HIPAA, PCI DSS, and GDPR
Application and System Integration
Integrates with over 200 applications and systems to continuously monitor security controls
AWS Integration
Integrates with 45+ AWS services and is an AWS Security Competency partner with an AI engine built on AWS Bedrock
Automated Evidence Collection
Automated collection of audit evidence through more than 100+ integrations with core services such as AWS, Asana, Azure, G Suite, Google Cloud, Github, Gusto, JAMF, Okta and Slack
Customizable Security Policies
Prebuilt security policy templates that can be edited to meet the organization's specific needs and ensure they meet the high standards of an auditor or regulatory framework
Scalable Platform
Ability to support unique setups with multiple cloud service providers and hundreds of instances, scaling with the business
Machine Learning-powered Questionnaires
Secureframe's machine learning-powered solution that makes it fast and easy to respond to RFPs and security questionnaires by pulling the best answer for each question based on approved past responses
Dedicated Compliance Expert
Every customer is assigned a dedicated compliance expert, an ex-auditor who can help answer complicated and specific questions that come up, especially during the audit process
Continuous Monitoring
Continuous monitoring that keeps the organization secure and compliant at all times, with alerts and guidance for addressing any issues that arise.
Unified Security Program Management
Unification of key compliance and security workflows, such as access reviews and vendor risk management, to save time and provide better contextual insight for prioritizing and managing risk.
Trust Center
Ability to proactively share the organization's security and compliance posture with customers and prospects to build trust.
Automated Testing and Evidence Collection
Automation of testing and evidence collection for a range of security and compliance frameworks, including SOC 2, FedRAMP, and NIST AI.
Custom Automated Tests
Capability to quickly create custom automated tests within the platform or through the API for self-hosted or custom-built solutions.
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
-
-
-
-
No security profile
-
-
-
-
Standard contract
No
No
No
Customer reviews
Pramod K.
For Amazingly fast GRC process.
Reviewed on Dec 18, 2024
Review provided by G2
What do you like best about the product?
It pools all the users from cloud, pools evidences from all events, gives rating, and easily integrates everything, makes the life comfortable every step of the way. Its easy to implement any compliance if we have this tool.
Have been using for 2 days, its very intutive and easy to work with. gives all the required documents and criterias needed in less than a min. Gives lot of automtion and customisation with complete ease. Well developed tool to handle GRC, i would recomend everyone to use this and make your process faster and easier.
They have 24/5 customer support, who works like you buddies at work. supporting all the way in your accomplishments.
Have been using for 2 days, its very intutive and easy to work with. gives all the required documents and criterias needed in less than a min. Gives lot of automtion and customisation with complete ease. Well developed tool to handle GRC, i would recomend everyone to use this and make your process faster and easier.
They have 24/5 customer support, who works like you buddies at work. supporting all the way in your accomplishments.
What do you dislike about the product?
Nothing much yet, in less than 2 days am able to handle everything very esily, its a great tool. will comeback and write if there is anything that i feel needs to be updated.
What problems is the product solving and how is that benefiting you?
getting complaint and an easy approch for the same.
Leave a comment0 comments
Information Technology and Services
Terrific Service from Terrious
Reviewed on Dec 17, 2024
Review provided by G2
What do you like best about the product?
Their support team - in particular Terrious. He really went the extra mile in provider support for a request which wasn't the most straightforward.
What do you dislike about the product?
Can be complex to work with till one figures out how to use it.
What problems is the product solving and how is that benefiting you?
Provides 1 place which takes care of all our compliance needs.
Emily P.
Customer service is incredibly helpful
Reviewed on Dec 17, 2024
Review provided by G2
What do you like best about the product?
If you have any issues, whether that be compliance related, or platform related, their customer service team is really attentive.
What do you dislike about the product?
Some of the integrations don't work the way I assumed they would but this could also be due to limitations of the products/companies we are integrating with Drata.
What problems is the product solving and how is that benefiting you?
Keeps our information safe and in one place for SOC 2/GDPR compliance.
Ian T.
Helpful platform for building out our CMS
Reviewed on Dec 16, 2024
Review provided by G2
What do you like best about the product?
The ability to incoprorate goals, such as SOC-2 compliance, and maintaining dashboards that can quickly showcase our status to compliance with each.
Also thankful for the support that's available in the form of live chat & the recurring webinars to assist users.
Also thankful for the support that's available in the form of live chat & the recurring webinars to assist users.
What do you dislike about the product?
Some of the controls can be a bit confusing if they are tied to several different tests. Sometimes unsure on how to modify certain components like controls, tests, and policy groups.
What problems is the product solving and how is that benefiting you?
Housing policies & procedures; vendor management; SOC-2 compliance readiness;
Computer Software
Great support from Drata team
Reviewed on Dec 16, 2024
Review provided by G2
What do you like best about the product?
Easy integration and less manual work. Great help from the support team.
What do you dislike about the product?
Trust centre UI needs more improvments in my opinion
What problems is the product solving and how is that benefiting you?
Less manual work and easy audits