External reviews
1,098 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Excellent software to monitor a certification
What do you like best about the product?
We liked it because it monitors different security parameters and it is also tracking who did what from a security standpoint.
We used it first when we were doing our Iso 27001 certification and we are still using it to monitor our current performance. It was also very useful when we upgraded from ISO27001-13 to 27001-22. It is comprehensive that made the qualification and audit easier for us and for the reviewer.
We used it first when we were doing our Iso 27001 certification and we are still using it to monitor our current performance. It was also very useful when we upgraded from ISO27001-13 to 27001-22. It is comprehensive that made the qualification and audit easier for us and for the reviewer.
What do you dislike about the product?
Sometimes there are no reg flags where some proof should be found and also sometimes there are flags just because a employe computer was not online for more than a day. Overall these are minors concerns and we were able to relay the information to the support team.
What problems is the product solving and how is that benefiting you?
we were looking for an easier way of achieving our iso certification and tracking our progress over time. It was also very useful when we upgraded from ISO27001-13 to Iso-27001-22. The tool is easy to use for our team and provides good visibility into our progress.
Build a security strategy from scratch
What do you like best about the product?
I use Drata every day. Drata offers a comprehensive list of requirements to meet and controls to be put in place for each certification. They are easily understandable if you have some basic skills in security.
What do you dislike about the product?
There are often issues with the different connections and the support struggles to sort them out.
What problems is the product solving and how is that benefiting you?
It provides me the precise list of requirements I need to meet to pass a security certification.
I get access to templates and it gathers automatically a lot of information from the connections.
I get access to templates and it gathers automatically a lot of information from the connections.
Still the best place for compliance and audit checking
What do you like best about the product?
The software is simple enough that anyone can understand what is happening but complex enough so that when passing information about technical tasks no one is looking at you with a blank face.
Implementation of the tasks are described well and any time I have any queries I the in app chat is always handy and if it is something more complex my account manager will contact me shortly afterwards.
Implementation of the tasks are described well and any time I have any queries I the in app chat is always handy and if it is something more complex my account manager will contact me shortly afterwards.
What do you dislike about the product?
When you having a failing tasks there is no notification either through email or some other method to advise this. Had a case where something change and the monitored task was failing but didn't pick it up until i checked Drata at the end of the week.
What problems is the product solving and how is that benefiting you?
Drata solved our problems with setting up, monitoring and tracking SOC2 compliance. We have gone further than this and using it to keep on top of our GDPR and soon ISO27001.
Great layout and quite intuitive. Helps you organize all you compliance work.
What do you like best about the product?
The best feature of Drata is that it helps you organize all the controls you need in place - in order to be certified accoring to the certification of your choice. If your employees haven't read the required policies or performed the training they were supposed to do, Drata will remind them or you can easily go into the dashboard to see who you need to chase.
Another thing that stands out is its beautiful design. It really is one of the better softwares from en esthetic point of view. The intiutive GUI makes Drata easy to use and the many ready-made templates make the the implementaion easy.
Compliance can be complicated but the chat function with customer support is really quick and the people there are knowledgeable and respond quickly to any technical or compliance related questions.
Frequency of Use: When you implement Drata, you need to use it a lot. But once up and running, I use Drata more as a tool to follow up any gaps towards being certified.
I also really like that Drata has made it easy to share our compliance work with potential customers in a "trust center". Here you can tailor what you show to your customers and share all the information you want by sending them a URL. We try to do this before onbaording a new customer to eliminate a tedious compliance process from the customer's side.
Another thing that stands out is its beautiful design. It really is one of the better softwares from en esthetic point of view. The intiutive GUI makes Drata easy to use and the many ready-made templates make the the implementaion easy.
Compliance can be complicated but the chat function with customer support is really quick and the people there are knowledgeable and respond quickly to any technical or compliance related questions.
Frequency of Use: When you implement Drata, you need to use it a lot. But once up and running, I use Drata more as a tool to follow up any gaps towards being certified.
I also really like that Drata has made it easy to share our compliance work with potential customers in a "trust center". Here you can tailor what you show to your customers and share all the information you want by sending them a URL. We try to do this before onbaording a new customer to eliminate a tedious compliance process from the customer's side.
What do you dislike about the product?
Some of the evidence is static and you can fool Drata by uploading something that is not real evidence. However, there are more and more integrations towards other systems, which makes evidence live and up to date.
What problems is the product solving and how is that benefiting you?
Drata his helping us aligning all the internal policies and controls but also helping us to communicate it and building trust towards the entire supply chain and ultimately our customers.
Automation Our Compliance Process for the Win
What do you like best about the product?
Drata is well integrated with the majority of cloud systems we use to manage our business and platform.
What do you dislike about the product?
Some aspects of the UI navigation seem to be more hidden than they need to be. There are a number of workflows that require many clicks to get to the right screen.
What problems is the product solving and how is that benefiting you?
We are HIPAA compliant and SOC 2 Type II audited. We are using Drata is the data collection and exchange platform for everything.
Taking much of the effort and guesswork out of compliance.
What do you like best about the product?
Drata is much easier to use than other compliance platforms that we have used and was easy to get up and running. When we do have questions or issues, their support team can be contacted directly via chat within the platform and are friendly, responsive, and knowledgeable. We feel like Drata will be an excellent partner for years to come and we appreciate the straightforward pricing per framework. That will make it easy to grow in the future as we add additional frameworks.
What do you dislike about the product?
We wish that there were additional automations or improvements on some of the existing integrations. For example, many of the monitors/tests are geared towards Jira being used for tracking things such as onboarding/offboarding. We use Freshservice for that and even though there is a Freshservice integration, we cannot currently tell Drata to look at Freshservice for those types of tickets. This is frustrating as it means we then have to submit that evidence manually.
Additionally, we wish that there was more clarity or guidance around when a test is failing. For example, a test may fail for a variety of reasons such as reliance on a policy being approved or evidence being provided. It's not always clear why a monitor or control is failing. Is it due to the policy? Is it a lack of evidence? Should that evidence have been pulled automatically or is it something we need to provide manually? This could be streamlined and provide more detailed guidance as to what exactly is needed to fix it.
Additionally, we wish that there was more clarity or guidance around when a test is failing. For example, a test may fail for a variety of reasons such as reliance on a policy being approved or evidence being provided. It's not always clear why a monitor or control is failing. Is it due to the policy? Is it a lack of evidence? Should that evidence have been pulled automatically or is it something we need to provide manually? This could be streamlined and provide more detailed guidance as to what exactly is needed to fix it.
What problems is the product solving and how is that benefiting you?
We needed a product to help us manage our SOC2 compliance while providing the ability to easily add additional frameworks in the future. When doing so, we wanted to try and maximize the work already completed towards those additional frameworks.
Great Automation capabilities & amazing support
What do you like best about the product?
Very responsive Support
Good automation workflows
Good automation workflows
What do you dislike about the product?
Nothing as such. So far so good. will point out any issues when I come across
What problems is the product solving and how is that benefiting you?
Cloud compliance automation
Helpful product for approaching SOC 2 Compliance
What do you like best about the product?
User Friendly
Easy to set up and use
Easy and useful integrations
Fantastic and helpful support
Extensive risk library with helpful visuals
Easy to set up and use
Easy and useful integrations
Fantastic and helpful support
Extensive risk library with helpful visuals
What do you dislike about the product?
Drata agent had some issues with some machines, especially during the install
Further integrations, especially with EDR software, would have been helpful
Further integrations, especially with EDR software, would have been helpful
What problems is the product solving and how is that benefiting you?
We are using Drata to persue SOC2 compliance. Drata is the tool we are using to assist us in meeting all the requirements and provide the auditor with the tools needed to check our compliance.
There was a learning curve, but now I find everything very useful.
What do you like best about the product?
Fast customer support. I think all the other parts can be finetuned with engineering efforts, but the fact how the support is acting makes my life happier when in need.
What do you dislike about the product?
Policies/Controls navigation sometimes is tricky and I need to have tons of tabs opened not to loose my initial view.
What problems is the product solving and how is that benefiting you?
Compliance tracking and everything related to these topics.
Great platform for getting compliance certifications quickly
What do you like best about the product?
Provides pre-built templates for all required policies and controls for the common certifications. Comes with pre-built controls that helps track the current status of compliance with each requirement.
It's very simple to use and kept us organized when building the policies, implementing them, gathering evidence, and during the audits themselves.
It's very simple to use and kept us organized when building the policies, implementing them, gathering evidence, and during the audits themselves.
What do you dislike about the product?
Missing some features, specifically better customization in monitored tests and the Drata agent which verifies endpoint compliance.
I would like to have a tighter link between the policies and the controls. After setting up the initial policies, adding new frameworks is a bit more complex. It's hard to keep track of your policy changes compared to the standard template.
I would like to have a tighter link between the policies and the controls. After setting up the initial policies, adding new frameworks is a bit more complex. It's hard to keep track of your policy changes compared to the standard template.
What problems is the product solving and how is that benefiting you?
policy creation (templates), policy impementation, evidence collection including ongoing monitoring
showing 171 - 180