External reviews
1,158 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Comprehensive Alerts and Excellent Support—Key to Passing Our SOC 2 Audit
What do you like best about the product?
Comprehensive alerts on tasks and status pf controls. Could not have passed SOC2 audit without Drata. Initial onboarding was difficult as the platform is not intuitive, especially for folks new to the CRG arena. Good documention but not easy to formulate searches as a newbie.
What do you dislike about the product?
Usage is not intuitive, UI is OK
Support is excellent
Support is excellent
What problems is the product solving and how is that benefiting you?
Prior to utilizing the platform we had not idea as to the work necessary to become SOC2 certified.
It took a while to understand the the template policies were just that, templates. I suggest an onboarding specialist work with folks new to the platform in designing a customized workflow and how policies, controls and evidence relate to each other.
There is a plethora of documentation which is pretty good
It took a while to understand the the template policies were just that, templates. I suggest an onboarding specialist work with folks new to the platform in designing a customized workflow and how policies, controls and evidence relate to each other.
There is a plethora of documentation which is pretty good
Slick, Easy-to-Use Experience Across Mac App and Web
What do you like best about the product?
Drata is easy to use, and the user experience is pretty slick in terms of the downloaded app for Mac and the web browser version as well
What do you dislike about the product?
What I didn't like about Rata sometimes the multi factor authentication email doesn't arrive on time. That's really frustrating because you keep on waiting.
What problems is the product solving and how is that benefiting you?
It is helping me stay compliant as far as security is concerned
Automates SOC 2 & ISO 27001 Compliance with Real-Time Monitoring and Clear Dashboards
What do you like best about the product?
how it automates compliance tasks like SOC 2 and ISO 27001, saving a lot of manual effort.
It also gives real-time monitoring and clear dashboards, making audits much faster and less stressful.
It also gives real-time monitoring and clear dashboards, making audits much faster and less stressful.
What do you dislike about the product?
it can feel expensive, especially for small teams or startups.
Also, initial setup and integrations can be a bit complex and time-consuming if your systems aren’t already well organized.
Also, initial setup and integrations can be a bit complex and time-consuming if your systems aren’t already well organized.
What problems is the product solving and how is that benefiting you?
solves the problem of manual, time-consuming compliance work by automating evidence collection, monitoring controls, and audit preparation.
This benefits me by saving a lot of time, reducing human errors, and helping achieve certifications like SOC 2 much faster with less stress.
This benefits me by saving a lot of time, reducing human errors, and helping achieve certifications like SOC 2 much faster with less stress.
Drata is the gold-standard for compliance management with steadily improving AI functionality
What do you like best about the product?
Their monitoring dashboard is fantastic for identifying monitoring and compliance gaps, and their policy creation module is a game-changer for getting company policies created or updated.
What do you dislike about the product?
The way test failures are presented in the pure JSON test output can sometimes make it take an unnecessarily long time to figure out which resource is causing a compliance error. The AI-generated output for these failures has improved, but they could still benefit from better JSON parsing so that, even when the raw output is shown, the user only sees the failures.
What problems is the product solving and how is that benefiting you?
Drata makes managing certification testing and policy creation ridiculously easy. We used it to track the myriad of items necessary for a SOC-2 Type 2 audit, and it saved our company literally months of time and alot of money on contract workers.
Recommendations to others considering the product:
Make sure the infrastructure that will be evaluated by Drata is as up-to-date as possible, and provide a clear internal champion within the company to handle all Drata coordination and data entry.
Decent SOC 2 Tracking, but would prefer more advanced capabilities for the price
What do you like best about the product?
It’s a decent tool for tracking SOC 2 compliance rules and controls. It also integrates with our HRIS, which helps keep things connected and easier to manage.
What do you dislike about the product?
The “tests” for various controls aren’t very intuitive, and at times they feel more arbitrary than helpful. Pricing also seems high relative to the platform’s actual capabilities. During onboarding, the reliability of the tool was oversold, which made it harder to gauge how deep we needed to go with our controls and any supplemental tracking tools. I would have preferred clearer, more practical guidance throughout.
What problems is the product solving and how is that benefiting you?
SOC 2 security and compliance.
Broken UI/UX and Unexplained Platform Changes
What do you like best about the product?
The recent improvement in vendor management and risk management module and the addition of evidence library,
What do you dislike about the product?
The UI, UX is very broken, everytime you exit a page you will end up in an unintuitive place. Integrations are still limited compared to other products. So many unexpected things happen in the platform, data and settings changes, without the customer service providing the proper explanation.
What problems is the product solving and how is that benefiting you?
Compliance.
Structured ISMS and ICS support with strong risk and vendor management
What do you like best about the product?
Structured support in the development of an ISMS and ICS, good risk and vendor management.
What do you dislike about the product?
Not all areas create documented information, so you are not 100% compliant with ISO27001.
What problems is the product solving and how is that benefiting you?
Creating a good ISMS structure, Drata supports enormously here!
Automated Compliance Made Easy, But Needs User Management Improvements
What do you like best about the product?
I find Drata easy to track my compliance status, and it helps me identify compliance gaps. I also appreciate the automated monitoring that integrates with my existing tools, making real-time tracking possible. Setting up Drata was easy, which was a definite plus for me.
What do you dislike about the product?
The user review process is a bit tedious as it does not allow you to remove offboarded users directly from products. Right now, we do not have a way to exclude users directly in integrations, so you have to manually exclude them on each review which is a tedious process.
What problems is the product solving and how is that benefiting you?
I use Drata for SOC 2 compliance, making compliance effortless with automated monitoring. It's easy to track my compliance status and identify gaps in real-time.
Strong Framework Structure and Seamless Connections
What do you like best about the product?
Framework structure and connections with different sources for tests.
What do you dislike about the product?
Generic policy templates. Not many connectors available in comparison with other tools.
What problems is the product solving and how is that benefiting you?
Compliance roadmap. Fast deployment. Governance, audit readiness and view from customers.
Drata Keeps Us Continuously Audit-Ready with Hands-Off Evidence Collection
What do you like best about the product?
What I like about Drata is how it transforms compliance from a manual, point-in-time effort into a continuous, automated process. Its integrations with tools like cloud providers and identity systems make evidence collection largely hands-off. The dashboard is clear and accessible, giving both technical and non-technical stakeholders quick insight into compliance status. Overall, Drata makes it much easier to stay audit-ready without the usual operational burden, and it scales well as organizations grow.
What do you dislike about the product?
What I dislike about Drata is that the initial setup and configuration can be time-consuming and sometimes confusing, especially when mapping controls across multiple frameworks.The platform can also generate a high volume of alerts or tasks, which may create noise if not carefully tuned.
What problems is the product solving and how is that benefiting you?
Drata solves the problem of time-consuming, manual compliance processes by automating evidence collection, control monitoring, and audit preparation. Instead of scrambling to gather documentation at audit time, it keeps everything continuously up to date, which reduces stress and minimizes the risk of missing requirements. This benefits me by saving significant time, improving accuracy, and providing real-time visibility into our compliance posture. It also makes it easier to stay audit-ready year-round and focus more on higher-value work rather than repetitive administrative tasks.
showing 1 - 10