Listing Thumbnail

    Drata Security & Compliance Automation Platform

     Info
    Sold by: Drata 
    Vendor Insights
    An AWS Security Competency Partner, Drata is a GRC automation solution that allows companies to continuously monitor security and compliance controls, automatically collect evidence needed for an audit, and manage and remediate risk. Drata streamlines common compliance frameworks like SOC 2, ISO 27001, GDPR, and more and allows you to share your real-time compliance posture with prospects and customers to build trust and accelerate growth.
    Listing Thumbnail

    Drata Security & Compliance Automation Platform

     Info
    Sold by: Drata 

    Overview

    Play video

    Drata's compliance automation platform integrates with over 200 applications and systems to continuously monitor security controls and streamline over 20 compliance frameworks, standards, and regulations, such as SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, and more. Drata integrates with 45+ AWS services and is a proud AWS Security Competency partner with an AI engine built on AWS Bedrock.

    Whether you're looking to get compliant quickly for the first time or want to streamline your complex GRC program, Drata scales with you. Get and stay compliant efficiently, build risk management into your GRC practice, and share your real-time compliance posture with prospects and customers to build trust and sell into new markets.

    Continuous automated monitoring alerts Drata customers when security controls aren't operating effectively to remediate, stay secure, and keep from falling out of compliance. Plus, automatic evidence collection makes the audit process as seamless as possible.

    Highlights

    • Drata for Startups: Drata helps startups create a scalable foundation and systematic approach to compliance to unlock market opportunities and scale safely. Startups can speed up audit prep time with Drata's best-in-class automation and support from our compliance experts to achieve SOC 2 and ISO 27001 compliance quickly.
    • Drata for Commercial and Mid Market: Drata helps companies with audit experience establish a scalable GRC program and structured process for risk management. Streamline compliance tasks and substantially reduce manual workloads while leveraging compliance to increase revenue and build trust.
    • Drata for Enterprise: Customers can optimize and customize their mature GRC programs and depend on reliable compliance outcomes. Organizations can manage and remediate risk and leverage Drata workspaces and workflows to keep pace with the complexity of advanced compliance programs.

    Details

    Sold by

    Delivery method

    Features and programs

    Vendor Insights

     Info
    Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
    Security credentials achieved
    (2)

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    Drata Security & Compliance Automation Platform

     Info
    Pricing is based on contract duration. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.

    12-month contract (15)

     Info
    Dimension
    Description
    Cost/12 months
    Drata Platform Fee
    Access to the Drata SaaS platform with capacity for a 100 FTE org
    $25,000.00
    SOC 2 Framework
    SOC 2 2017 control set
    $7,500.00
    GDPR Framework
    GDPR control set
    $7,500.00
    ISO 27001 Framework
    ISO 27001 v2022 control set
    $7,500.00
    HIPAA Framework
    HIPAA control set
    $7,500.00
    PCI DSS Framework
    PCI DSS control set
    $7,500.00
    CCPA Framework
    CCPA control set
    $7,500.00
    CMMC Framework
    CMMC control set
    $7,500.00
    Microsoft SSPA Framework
    Microsoft SSPA control set
    $7,500.00
    NIST CSF Framework
    NIST CSF control set
    $7,500.00

    Vendor refund policy

    All Orders are non-cancellable and all fees and other amounts you pay under this Agreement are non-refundable.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Software as a Service (SaaS)

    SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

    Resources

    Vendor resources

    Support

    Vendor support

    Included in your contract, Drata provides onboarding, live chat (in product), and continuous enablement. Onboarding includes integration setup, assistance configuring compliance policy and controls in the platform, and guidance on utilizing our network of auditors and technology/service partners to serve you in your compliance journey. support@drata.com 

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Product comparison

     Info
    Updated weekly

    Accolades

     Info
    Top
    10
    In Centralized Risk Management, Monitoring, Security
    Top
    25
    In IT Business Management
    Top
    10
    In Monitoring

    Customer reviews

     Info
    AI generated sentiment from actual customer reviews on AWS and G2
    Positive reviews
    Mixed reviews
    Negative reviews

    Overview

     Info
    AI generated from product descriptions
    Continuous Monitoring
    Continuously monitors security controls and alerts customers when controls are not operating effectively to remediate and stay secure
    Automated Evidence Collection
    Automatically collects evidence needed for audits to streamline the audit process
    Compliance Framework Integration
    Integrates with over 20 compliance frameworks, standards, and regulations such as SOC 2, ISO 27001, HIPAA, PCI DSS, and GDPR
    Application and System Integration
    Integrates with over 200 applications and systems to continuously monitor security controls
    AWS Integration
    Integrates with 45+ AWS services and is an AWS Security Competency partner with an AI engine built on AWS Bedrock
    Automated Evidence Collection
    Automated collection of audit evidence through more than 100+ integrations with core services such as AWS, Asana, Azure, G Suite, Google Cloud, Github, Gusto, JAMF, Okta and Slack
    Customizable Security Policies
    Prebuilt security policy templates that can be edited to meet the organization's specific needs and ensure they meet the high standards of an auditor or regulatory framework
    Scalable Platform
    Ability to support unique setups with multiple cloud service providers and hundreds of instances, scaling with the business
    Machine Learning-powered Questionnaires
    Secureframe's machine learning-powered solution that makes it fast and easy to respond to RFPs and security questionnaires by pulling the best answer for each question based on approved past responses
    Dedicated Compliance Expert
    Every customer is assigned a dedicated compliance expert, an ex-auditor who can help answer complicated and specific questions that come up, especially during the audit process
    Continuous Monitoring
    Continuous monitoring that keeps the organization secure and compliant at all times, with alerts and guidance for addressing any issues that arise.
    Unified Security Program Management
    Unification of key compliance and security workflows, such as access reviews and vendor risk management, to save time and provide better contextual insight for prioritizing and managing risk.
    Trust Center
    Ability to proactively share the organization's security and compliance posture with customers and prospects to build trust.
    Automated Testing and Evidence Collection
    Automation of testing and evidence collection for a range of security and compliance frameworks, including SOC 2, FedRAMP, and NIST AI.
    Custom Automated Tests
    Capability to quickly create custom automated tests within the platform or through the API for self-hosted or custom-built solutions.

    Security credentials

     Info
    Validated by AWS Marketplace
    FedRAMP
    GDPR
    HIPAA
    ISO/IEC 27001
    PCI DSS
    SOC 2 Type 2
    -
    -
    -
    -
    No security profile
    -
    -
    -
    -

    Contract

     Info
    Standard contract
    No
    No
    No

    Customer reviews

    Ratings and reviews

     Info
    3
    4 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    50%
    0%
    0%
    0%
    50%
    4 AWS reviews
    |
    836 external reviews
    External reviews are sourced from G2  and are not included in the star rating for this product.
    Ben B.

    An amazing ISMS solution that meets our needs

    Reviewed on Nov 29, 2024
    Review provided by G2
    What do you like best about the product?
    Darat provides a clear dashboard view of the frameworks we work towards, clear connections to controls, the capabilities of ownership and maintenance of out ISMS and risk management.
    The supplier management section is also super helpful!
    Implementation was easy and using the connections and integrations we were set up and running within two weeks.
    The ability to be part of the roadmap and feedback to Drata using customer support really makes you feel part of a family.
    When I log on to our system, Drata is one of the first applications I open and it stays with me all day.
    What do you dislike about the product?
    The downside of Drata for me personally, is that it is that efficient, the moment any part of ISMS falls out of review I see the percentage score drop and this messes with my OCD!
    What problems is the product solving and how is that benefiting you?
    Single source of truth for our ISMS - this means all evidence is streamlined into one excellent platform.
    This is making meetings easier and managment of our ISMS and risk mangagement much more time-efficient.
    Computer Software

    Experience with drata

    Reviewed on Nov 27, 2024
    Review provided by G2
    What do you like best about the product?
    Drata gets the job done when it comes to compliance monitoring and audits. It was easy to implement and we use it daily. Support has always been top tier.
    What do you dislike about the product?
    It is a growing piece of software. Their software is still maturing.
    What problems is the product solving and how is that benefiting you?
    SOC 2 compliance was our primary use.
    Guangyu L.

    A helpful and reliable security management platform

    Reviewed on Nov 27, 2024
    Review provided by G2
    What do you like best about the product?
    I would say the structure of the platform is excellent, providing clear guidance for a company to manage its security issues comprehensively. Initially, we were not familiar with the security area, especially regarding how to periodically address security issues under the SOC2 and GDPR frameworks. Our customer success manager, Elizabeth John, is very nice and gentle. She has provided me with a wealth of instructions patiently and efficiently. I would recommend Drata to anyone needing to address security regulations.
    What do you dislike about the product?
    Drata is well-suited for those who really need to meet security regulations. Startups should carefully evaluate whether they have sufficient resources to commit, as once you begin implementing security regulations, it's not easy to stop and you should also expect a long-term commitment. Therefore, if you have a significant number of customers requiring this, it's advisable to proceed. Otherwise, carefully consider your starting point.
    What problems is the product solving and how is that benefiting you?
    Drata helps us meet the regulations of SOC2 and GDPR.
    Matthias B.

    Great Product

    Reviewed on Nov 25, 2024
    Review provided by G2
    What do you like best about the product?
    Integrations and everything is in one place
    Makes it easier to map frameworks
    What do you dislike about the product?
    More flexibilty in connecting different sources for same things, e.g. policies can be stored in Google Drive, BambooHR, and another place.
    What problems is the product solving and how is that benefiting you?
    Helps us to prepare for the SOC2 audit and make it an easier & smoother process
    Kabir M.

    Great GRC-automation platform

    Reviewed on Nov 22, 2024
    Review provided by G2
    What do you like best about the product?
    Drata's automation simplifies the lives of startup founders. We're using their platform to get certified by 3 different frameworks. It's very convenient that evidence uploaded to the platform is automatically mapped to controls across different frameworks. Their integrations are great and this is a huge time saver.
    What do you dislike about the product?
    Their onboarding could have been better. We were assigned a third-party firm to work with for 30 days and it didn't feel like their program was very basic and catered to companies that weren't already familiar with compliance.
    What problems is the product solving and how is that benefiting you?
    Helping us become SOC2 Type2, ISO27001, and GDPR compliant. We use their automated-GRC process to become compliant instead of working directly with auditors and going through a manual evidence collection process.
    View all reviews