External reviews
External reviews are not included in the AWS star rating for the product.
Great Compliance Tool
What do you like best about the product?
It's a great compliance tool to keep all controls and requirement in one place. The functionalities work perfectly to keep everything in one tool rather than collect evidence manually all over the place. The integrations take care of most of the controls automatically and as the security team, you fill the blanks. I'm really happy with Drata.
What do you dislike about the product?
The trust page is not available for free which is unnecessary. I use another vendor for trust page for free so it would only make sense if Drata offers it to their customers included in their package as well.
What problems is the product solving and how is that benefiting you?
The vendor review page is great, it allows you to enter all of the information about vendors and subprocessors to create the automatic review. The personnal list also helps to keep MDM and other HR controls in one place. Overall, I'd only recommend this tool.
- Leave a Comment |
- Mark review as helpful
The best way to begin your complaince journey
What do you like best about the product?
Drata has been easy from start to finish. Our Customer Success Manager, Craig Macareg, has been a huge help in implementing our infrastructure, helping us select an auditor, and find the compliance guidance we need to continue on our compliance journey.
What do you dislike about the product?
We have had a few integration issues that were resolved quickly.
What problems is the product solving and how is that benefiting you?
Drata automaitcally gathers a huge percentage of evidence we need for our compliance program. Any evidence that isn't gathered automatically or isn't linked to a policy has guidance for uploading the right thing for the auditor. Drata has also connected us with auditors that are familiar with the platform to improve our auditing expirience.
Drata is very useful for SOC, HIPAA etc
What do you like best about the product?
Framework for SOC , HIPAA is excellent..
What do you dislike about the product?
Nothing,Drata is aawesome product.......
What problems is the product solving and how is that benefiting you?
SOC and HIPAA evidence collection
Start to finish SOC2 with minimal external interaction
What do you like best about the product?
- Drata's large list of integrated platforms
- Policy & Procedure generation and management
- Vendor management
- Risk Management
- Notifications
- Support, especially from Amanda Farris-Reid
- Policy & Procedure generation and management
- Vendor management
- Risk Management
- Notifications
- Support, especially from Amanda Farris-Reid
What do you dislike about the product?
My biggest pain point was the status of "currently compliant" personnel showing not compliant without the ability to resolve them or provide exceptions.
They have since added the exception feature which alleviates my concern.
They have since added the exception feature which alleviates my concern.
What problems is the product solving and how is that benefiting you?
Start to finish security control creation and maintenance.
Like a second-mind..
What do you like best about the product?
Drata is fantastic at allowing me to stay organized and aware of my deliverables for continuous compliance. I'm able to track and assign tasks to relevant parties, organize my thoughts on our control structures & get introspection on how the auditing criteria refer back to us. It's like having a second-helper who keeps track of everything & allows me to focus on policy creation & control creation/evaluation.
What do you dislike about the product?
Drata is fantastic if you have lots of industry-grade integrations but if you don't, your return on value might be lower. I still great utility out of it, but for the price point it wouldn't necessarily still be worth it. There are still small gotcha's in Drata, for instance the policy changelogs require manual updating- why are my changes to the policy not filling out the changelog itself? The Statement of Applicability in the ISO27001 frameworks are a large table, but most of that information should be part of the continuous compliance so why am I having to create so much? There are also lots of little things, like the Statement of Applicability, where I pulled things out of policy/out of Drata, and ended up creating a spreadsheet for them all over again because it's just going to be easier to maintain over time. Yes my Statement of Applicability will be uploaded to Drata as evidence, but I'd rather have something like this more built-in to the program rather then feeling that the best option is to create a spreadsheet & do it myself.
What problems is the product solving and how is that benefiting you?
Drata helps us with observability into our control infrastructure. I can see our management responsibilities, our technical controls, & plan for the future. In a very disorganized company, this is extremely effective for assisitng with holding people accountable to completing their responsibilities. Their support is fantastic & Hailee at Drata has been absolutely amazing. The Drata help articles are detailed & excellent when you are searching for something with only a few search terms. It is sometimes hard to find things if you don't know where they are- for instance, the templates used in vendor upload, business continuity/disaster recovery, etc & without Hailee's help, we would have never known about them. But our Customer Success Manager Hailee, was excellent at providing these documents. It would be nice if the Help Section had a dedicated Resources section for items like this.
Still A Challenging Process, But Great Partnership and ROI
What do you like best about the product?
Anyone who tells you that obtaining certifications, reviewing policies, and mapping controls to data privacy and security frameworks is easy, fast, or fun is a liar. You need a partner to embrace the suck and guide you along the way. Easy to use, easy to implement, and regular check-ins with our customer support team. The Drata team mixes the right amount of compassion and empathy for those challenged in the technical area but enough accountability that consistent progress is possible. Data privacy and security shouldn't be a race, so take your time, make the most of the support, and the service provided will pay a healthy return in the short and long term. Good Luck!
What do you dislike about the product?
This is the intersection of compliance and technology. What's not to love? The Drata team has done their best to make these challenging topics easier—no complaints about Drata, just the complexity of this space.
What problems is the product solving and how is that benefiting you?
I'm too small to spend time on data compliance and privacy, but it's too big an issue to ignore. Drata has given me confidence that I'm doing what's right for my business and my customers.
Powerful platform, great docs and human support
What do you like best about the product?
After 10 years in a previous role in a highly regulated domain, I wish I had a tool like Drata. It made document management far simpler, had ties into my compliance goals with excellent documentation as well. The human support is also fantastic, either via the online support chat or conversations with our customer success manager. This allows us to be more transparent in security posture to our customers, while also having automated checks to ensure compliance. The product is easy to use, and pretty feature complete.
What do you dislike about the product?
There isn't much to complain about! I do wish that the policy editor would allow for embedded diagrams/images, rather than having to refer to them elsewhere. Allowing for collaborative editing as well would be a nice to have, but definitely not a necessity.
What problems is the product solving and how is that benefiting you?
The templates with links into InfoSec framework requirements has made compliance far easier than doing it on our own. Also giving us a means for our clients to see our security posture and automated checks under NDA allows our clients to use our services with confidence.
Good to work many to learn
What do you like best about the product?
Its user friendlyness an easy to access
What do you dislike about the product?
Alert messages not received to email or any other mode.
What problems is the product solving and how is that benefiting you?
Employees monitoring is secured and easy to access
SOC 1/2 Type 2
What do you like best about the product?
Compliance experts available through chat was invaluable. They took the time to understand the specific set of circumstances and varaibles to my question and did not provide templated answers.
What do you dislike about the product?
A little click heavy for certain workflows but they are working to stream line them.
What problems is the product solving and how is that benefiting you?
Reduction of timeline and internal effort to become SOC 1/2 compliant.
Great tool for our SOC 2 journey
What do you like best about the product?
Ease of use in gathering and reporting evidence. Followed closely by response from CS.
What do you dislike about the product?
Not much to dislike. Early on there wasn't the interface to several tools we use but that's slowly improving.
What problems is the product solving and how is that benefiting you?
Gathering evidence for our SOC 2 audits.
showing 191 - 200