We use the solution to achieve both SOC 2 and ISO 27001 compliance.
External reviews
1,098 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Achieves both SOC 2 and ISO 27001 compliance with improved security posture
What is our primary use case?
How has it helped my organization?
Drata improved our security posture by ensuring that all our laptops were encrypted and all our production environments were validated with MFA access. We tracked all our Jira tickets to ensure timely remediation. Going through SOC 2 compliance, we still had to perform other tasks like external pen testing, which we achieved, and document it. We also developed tabletop exercises, which were conducted annually, and performed disaster recovery testing on the database. All this was tracked in Drata in real-time, allowing us to quickly identify and address issues, such as TLS encryption problems.
Drata helped us publish our ISO and SOC reports, which was essential for the acquisition. The challenge now is whether Drata can scale up to meet the needs of a larger company. Drata is excellent for startups and small—to medium-sized companies but may face challenges in larger organizations with multiple environments.
What needs improvement?
One of the challenges with Drata is that if you're paying for a subscription to ISO 27001, you must undergo a risk assessment. You should have access to all necessary modules on the platform to achieve your compliance posture and certification.
It provides real-time reporting regarding SOC 2 or ISO compliance. The auditors issue the reports. Therefore, if the auditors make a recommendation, such as configuring our alert system internally based on their advice, we implement it. Drata must also address its bugs to improve things for the auditors.
For how long have I used the solution?
I have been using Drata for one and a half years.
What do I think about the stability of the solution?
After the acquisition, we're still integrating Drata into our environment. The challenges of this integration with the new regime are more significant than anticipated. One issue is stability; when Drata releases updates, we notice some bugs, especially those affecting Mac users. While Drata seems well-suited for smaller startups and mid-sized companies, larger enterprises may encounter more hurdles. Such platforms must remain robust despite occasional integration issues, as updates are necessary for continuous improvement.
I rate the solution's stability a nine out of ten.
What do I think about the scalability of the solution?
These platforms provide real-time reporting. For example, if a control fails, such as requiring all users to log in with unique passwords, I receive an alert. If a user hasn't logged in, the system flags it. Drata helps streamline this process. When a new employee starts, I meet with them to configure their laptop with Drata and show them where the training is. Drata's real-time monitoring is beneficial.
Drata is particularly effective for smaller companies, where communication is easier, and departments are not siloed like in larger organizations. This makes Drata a good platform for startups to complete their audit reporting and demonstrate their legitimacy. Companies can use this to attract private equity, go IPO, or secure more funding from investors.
Ultimately, companies reach a certain level of corporate maturity where they recognize the value of these investments. Real-time reporting and monitoring with Drata pay off by highlighting smaller issues early on, which benefits the company's overall operation and growth.
How are customer service and support?
Drata also made certain promises regarding specific features but did not deliver.
How would you rate customer service and support?
Neutral
Which other solutions did I evaluate?
I've had other demos and due diligence meetings with various vendors, some at the same level as Drata. The challenge becomes whether the bigger company wants to spend the higher cost. It becomes a negotiation between price and service.
What other advice do I have?
Drata has excellent integrations and allows for real-time monitoring. Some tasks require manual uploads for screenshot evidence. It can have company policies within the module. This prevents data islands in Dropbox, Google Drive, or other locations. You can tell critical stakeholders, "Alright, we're having a meeting. Here's the draft; let's edit it." Once edited, the owner can press the green button to publish it, automatically sending alerts to the entire company or specific groups.
For example, if the access control policy is updated, everyone must acknowledge the change. You can create groups, like the dev team, to agree to policies like SDLC, change management, or vulnerability management. Any changes are automatically pushed to designated personnel, who must review and approve them. You can track when they've done this in real-time, which is essential for auditors. Everything within the module shows whether personnel have agreed to specific policies.
There are other competitors out there. If you don't prefer Drata, find a similar platform. Many different companies exist because Drata enables you to monitor things in real time, which is crucial for both short-term and long-term goals. Short-term goals include daily or weekly reviews for compliance, while long-term goals aim to achieve SOC 2 and ISO goals.
Overall, I rate the solution an eight out of ten.
Streamlining compliance & dynamic support
What do you like best about the product?
Quick customer support, both practical and content-wise.
Policy templates as guidance.
I like the new risk assesment features as well.
Linked controll mapping.
Automated evidence gathering, eg. though Drata agent.
All these feastures help us streamline our compliance, log our progress, involve our teammembers, keep everything organised.
Policy templates as guidance.
I like the new risk assesment features as well.
Linked controll mapping.
Automated evidence gathering, eg. though Drata agent.
All these feastures help us streamline our compliance, log our progress, involve our teammembers, keep everything organised.
What do you dislike about the product?
It obviously takes a learning curve to get intpo the depths of compliance, but Drata relieves that as much as possible.
What problems is the product solving and how is that benefiting you?
Generating trust in our cloud and security complaince towards customers
User-friendly platform enabling GRC automation
What do you like best about the product?
Drata offers an interface that is very intuitive and that reduces the implementation and operation workload. The range of available features matches the scope of a SOC2 or GRC program that a small or medium entreprise typically needs.
What do you dislike about the product?
The audit hub module in Drata requires improvement.
What problems is the product solving and how is that benefiting you?
Centralizes the GRC activities, evidence and collaboration efforts, I also like the various automation functions Drata comes with.
Great Event
What do you like best about the product?
The team is very diverse and the technology is easy to understand.
What do you dislike about the product?
I wish there were more events so other people in the GRC space can connect more often.
What problems is the product solving and how is that benefiting you?
Speeding up the time it takes for us to complete projects.
Great way to automate compliance
What do you like best about the product?
eliminates or reduces the manual data collection process
What do you dislike about the product?
still working out bugs with integrations and apis
What problems is the product solving and how is that benefiting you?
soc compliance
Drata User 2024 2.0
What do you like best about the product?
Integration with Auditor and auditor communications
What do you dislike about the product?
Templates for uploads are not available in the system
What problems is the product solving and how is that benefiting you?
Audit primarily
Compliance made simple
What do you like best about the product?
How straightforward it is to set up and get compliance done.
What do you dislike about the product?
The fact I have to do any compliance at all distracts from the actual operations of the business. At least Drata makes it easy.
What problems is the product solving and how is that benefiting you?
Drata takes away most of the headache around figuring out what exactly I need to do to ensure my security compliance is up to par.
Super helpful
What do you like best about the product?
we are new to the compliance process and the Drata support team has been there for me 100% of the time to answer all my crazy questions
What do you dislike about the product?
the AI can be a bit in the way. Sometimes the questions I have are just quck yes no or specific to a connection we have and the AI gets in the way. Often when I ask for a person it can take a really long time for help
What problems is the product solving and how is that benefiting you?
Helping to develope the framwork for our SOC and other audits
Great presentations at Drataverse
What do you like best about the product?
automation for evidence collection makes audit preparation less painful
What do you dislike about the product?
the selection of prizes after getting all the vendor stickers are not appealing
What problems is the product solving and how is that benefiting you?
automation in evidence collection
Fast & Great customer service
What do you like best about the product?
There's agent answering all kinds of questions.
What do you dislike about the product?
It's pretty self served. You have to do all the heavy lifts.
What problems is the product solving and how is that benefiting you?
Make compliance easy to manage
showing 131 - 140