External reviews
1,115 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Excellent experience
What do you like best about the product?
The platform helps to simplify the compliance process for various industry standards. Their cloud automation integrations help to reduce the amount of time and manual labor involved in the arduous process of continious compliance. It's all backed by an dedicated team of caring professionals.
What do you dislike about the product?
Customized risk register could use some work.
What problems is the product solving and how is that benefiting you?
Drata is helping us maintain our SOC 2 Type 2 certification via their cloud compliance platform and easy of controls management. Their automations help reduce the onus involved in the historic manual efforts.
An effective tool to assist with SOC2 compliance
What do you like best about the product?
Drata makes it easy to establish the necessary technology controls for a particular framework, like SOC2. Drata maintains a library of these controls, with the appropriate descriptions and common ways these controls are implemented technically (e.g. MFA implemented on admin accounts or CPU/memory usage is monitored).
It also provides a library of auditor-approved policies, maps these to the appropriate controls and connects with your key business systems to monitor the implementation of the controls. It would have taken a lot of manual effort to do this without a platform like Drata.
Drata has also begun implementing task management, to streamline activities when a control fails, new evidence is required or a policy needs to be reviewed. It provides a number of integrations with task management systems like Trello.
Drata also makes it easy to maintain a Vendor / Supplier register.
I recommend it to anyone looking to meet the requirements of a framework like SOC2 or ISO27001.
It also provides a library of auditor-approved policies, maps these to the appropriate controls and connects with your key business systems to monitor the implementation of the controls. It would have taken a lot of manual effort to do this without a platform like Drata.
Drata has also begun implementing task management, to streamline activities when a control fails, new evidence is required or a policy needs to be reviewed. It provides a number of integrations with task management systems like Trello.
Drata also makes it easy to maintain a Vendor / Supplier register.
I recommend it to anyone looking to meet the requirements of a framework like SOC2 or ISO27001.
What do you dislike about the product?
Drata doesn't connect with every system that you may have, albeit it is continually adding more integrations. In cases where it cannot monitor a particular control, you need to manually link evidence. This process can be a little time consuming. It would be nice to see a function that allows for configuration of a custom integration (e.g. a webhook that an application could call to post data to Drata, or pointing drata an application's APIs and then having a data/field mapping function in Drata to pick out data as evidence (and indicate compliant/non-compliant) for a particular control).
I would also like to see Drata implement an Incident Management tool, to centrally record incidents and map these against potential control failures or the need for new controls. Similarly, it would be nice to see a Risks Register module to record all risks associated with the organisation, and map these risks to mitigating technology controls.
I would also like to see Drata implement an Incident Management tool, to centrally record incidents and map these against potential control failures or the need for new controls. Similarly, it would be nice to see a Risks Register module to record all risks associated with the organisation, and map these risks to mitigating technology controls.
What problems is the product solving and how is that benefiting you?
Drata helps us maintain the appropriate technology and operational controls for us to be SOC2 compliant. We have successfully used Drata with our external auditor in two audits now, and we have received feedback from the auditor that it makes their job easier and there is less back-and-forth to get things in order.
Drata's control monitoring has been especially useful as it alerts us when a configuration change or something else has caused a technical control to fail. This ensures not only that we are fulfiling our SOC2 obligations throughout the entire period, but it also has a direct benefit of uplifting our security and mitigating potential security holes.
Drata has enabled a relatively small business (compared to major financial institutions) to achieve a high standard of compliance. This has enabled us to provide services to these large financial institutions, which demand a high degree of compliance.
Drata's control monitoring has been especially useful as it alerts us when a configuration change or something else has caused a technical control to fail. This ensures not only that we are fulfiling our SOC2 obligations throughout the entire period, but it also has a direct benefit of uplifting our security and mitigating potential security holes.
Drata has enabled a relatively small business (compared to major financial institutions) to achieve a high standard of compliance. This has enabled us to provide services to these large financial institutions, which demand a high degree of compliance.
Compliance automation done right
What do you like best about the product?
Comprehensive compliance automation platform. I particularly like the monitoring and automated testing.
What do you dislike about the product?
Support is sometimes slow, requiring me to follow up with them.
What problems is the product solving and how is that benefiting you?
Drata is solving the need to manage a diversity of controls across different areas, with monitoring and automation of things like AD accounts, version control, endpoints etc. Their Drata Agent is fantastic, saves us from either collecting screenshots or deploying more heavyweight monitoring tools
All in one compliance management
What do you like best about the product?
Drata simplifies your compliance journey. It has a predefined set of controls that you can map to automated compliance checks or manually upload evidence. It reminds you about upcoming tasks. For small companies just starting out, Drata provides and easy to use set of pre-written policies you can quickly customize for yourre organization. That was a huge time saver for us.
What do you dislike about the product?
I do not have any real complaints about Drata. Customer support is always quick to respond and has helped us find solutions to our issues.
What problems is the product solving and how is that benefiting you?
Drata checks our end user compliance daily as well as automating a host of other checks against our cloud setup. This reduces the amount of manual work in maintaining continous compliance. And if something does fall out of compliance, I get alerted.
Extremely useful
What do you like best about the product?
Very easy to set up and interconnect with other systems.
The automations do half the job an analyst would do.
Great structure to catalogue the documentes, controls.
Great overview for management.
The automations do half the job an analyst would do.
Great structure to catalogue the documentes, controls.
Great overview for management.
What do you dislike about the product?
Lacks a proper reporting feature to get in depth information about user compliance.
What problems is the product solving and how is that benefiting you?
Automate tasks for SOC2 compliance.
Seamless ISO 27001 Compliance with Stellar Support
What do you like best about the product?
Drata simplifies the complex process of achieving and maintaining ISO 27001 compliance. Its automated monitoring and intuitive platform ensure continuous adherence to compliance standards. The standout feature is the exceptional support from the Drata team, particularly the dedicated account managers who offer timely, knowledgeable assistance. Overall, Drata’s combination of powerful software and outstanding support makes it an invaluable asset for any compliance-driven organisation.
What do you dislike about the product?
While Drata is a robust tool for compliance, navigating through the wealth of features and options can be a bit overwhelming for new users at first. However, the learning curve is quickly overcome with the help of their support team.
What problems is the product solving and how is that benefiting you?
Drata addresses the challenge of managing complex compliance requirements by automating continuous security control monitoring and evidence collection.
Drata simplified our compliance monitoring.
What do you like best about the product?
It has a clean interface, is easy to use, and has reputable auditors.
What do you dislike about the product?
There are still some frameworks drata doesn't have that we have to purchase "custom" frameworks.
What problems is the product solving and how is that benefiting you?
Compliance monitoring and ease of auditing.
SOC it 2 me (sorry... had to)
What do you like best about the product?
Drata tools and processes save my teams 100's of hours and our Customer Service Manager is an excellent task master.
What do you dislike about the product?
It would be great if Drata had a separate yet organic team to perform the audit.
What problems is the product solving and how is that benefiting you?
Our customers are mandating SOC2 compliance by a specified time. We needed the right tools and processes that would allow us to prepare for SOC2 in a short time frame.
Best SOC 2 readiness platform we investigated
What do you like best about the product?
- Best in class UI for compliance readiness
- Live customer support in-app
- Straightforward to use
- Agentless monitoring (I don't want 3rd party agents monitoring cloud infrastructure as that's very deep access)
- Live customer support in-app
- Straightforward to use
- Agentless monitoring (I don't want 3rd party agents monitoring cloud infrastructure as that's very deep access)
What do you dislike about the product?
- Overly prescriptive SOC 2 controls and evidence; there are workarounds for custom controls and evidence, but they require much more manual work
What problems is the product solving and how is that benefiting you?
- Manages policies, controls, and evidence for SOC 2 compliance
- Automated monitoring (quality varies) for continuous control compliance - e.g. checking that all users' endpoint devices match our security policies and recording for the auditor
- Formalized method for sharing compliance documents with customers and organizing readiness with auditors
- Automated monitoring (quality varies) for continuous control compliance - e.g. checking that all users' endpoint devices match our security policies and recording for the auditor
- Formalized method for sharing compliance documents with customers and organizing readiness with auditors
Drata: Making Compliance Easy and Effective
What do you like best about the product?
Drata is a big win for anyone dealing with compliance. It's super easy to set up, which is a huge relief. What's really cool is the number of integrations it offers, letting you automate pretty much all your compliance tasks and keep an eye on them all year round.
If something goes wrong, Drata doesn't just leave you hanging. They have really helpful guides that show you how to fix issues, which is great for peace of mind. The team behind Drata really listens to what users need and keeps adding new stuff to make it even better. We've been using it for three years now, and it just keeps getting better. We're big fans of everything Drata does!
If something goes wrong, Drata doesn't just leave you hanging. They have really helpful guides that show you how to fix issues, which is great for peace of mind. The team behind Drata really listens to what users need and keeps adding new stuff to make it even better. We've been using it for three years now, and it just keeps getting better. We're big fans of everything Drata does!
What do you dislike about the product?
We haven't found anything to dislike about Drata. It's been an excellent tool for us, especially since we're using multiple frameworks like SOC2, HIPAA, and GDPR. Drata handles them all brilliantly.
What problems is the product solving and how is that benefiting you?
Drata's integration capabilities are a game-changer for us. They make our life so much simpler. We don't need to stress about constant monitoring because Drata does it for us. This saves us a lot of time and effort every year, ensuring that our compliance is always in check without the extra hassle.
showing 261 - 270