External reviews
1,085 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Applying Drata to SaMD context
What do you like best about the product?
The onboarding process was smooth, the sales process was informative but not pushy.
Since signing up we have had excellent support from our CSM Ashley who has made herself available at all times if we need assistance.
The tool itself is easy to navigate and after only a week of use has already helped us get more than 50% of the way to being compliant with our first target framework, HIPAA.
There is a lot to work for customers (and only the customer could do it) in regards to policies and company processes but the Drata tool does help a lot by centralizing these documents and storing sign-off. Daily monitoring of control checks which can be automated is a wonderful timesaver, anything getting out of alignment will be alerted for remediation immediately.
Since signing up we have had excellent support from our CSM Ashley who has made herself available at all times if we need assistance.
The tool itself is easy to navigate and after only a week of use has already helped us get more than 50% of the way to being compliant with our first target framework, HIPAA.
There is a lot to work for customers (and only the customer could do it) in regards to policies and company processes but the Drata tool does help a lot by centralizing these documents and storing sign-off. Daily monitoring of control checks which can be automated is a wonderful timesaver, anything getting out of alignment will be alerted for remediation immediately.
What do you dislike about the product?
We've stumbled over a few minor things that don't quite fit our needs:
- Having the ability to have one of several leaders sign off on policies instead of just a single person
- Being able to store multiple security-related documents against a single vendor (e.g. SOC 2 documentation and HIPAA documentation)
- How to manage skills matrix
Our CSM has been responsive in taking these needs onboard an hopefully we'll see them in a future release!
- Having the ability to have one of several leaders sign off on policies instead of just a single person
- Being able to store multiple security-related documents against a single vendor (e.g. SOC 2 documentation and HIPAA documentation)
- How to manage skills matrix
Our CSM has been responsive in taking these needs onboard an hopefully we'll see them in a future release!
What problems is the product solving and how is that benefiting you?
We're primarily looking to assure our customers of our dedication to security posture. Combining the extensive policy suite along with automated monitoring gives us the ability to provide evidence of our commitment directly to customers without delay.
SOC 2 in a box
What do you like best about the product?
- Drata is open-minded, flexible, and agile to meet any of your feature requests or additional requirements. It was the only vendor on the market that was ready to support an immutable cloud-native AWS infrastructure as code at the time we evaluated the available options (end of 2021). Having multiple production releases per day and spinning a brand new version of the infrastructure for every feature branch, we would be overwhelmed with noise and false positives without this.
- They nailed SOC 2 framework and automated testing and evidence gathering significantly. It also looks quite good for ISO 27001.
- Their expert team is always ready to help you with your compliance-related concerns and bring some light to unclear controls and requirements.
- Drata recommends a list of auditors familiar with the tool and providing a significant discount for the audit.
- Drata supports a solid list of compliance frameworks.
- New Trust Center is a killer feature.
- They nailed SOC 2 framework and automated testing and evidence gathering significantly. It also looks quite good for ISO 27001.
- Their expert team is always ready to help you with your compliance-related concerns and bring some light to unclear controls and requirements.
- Drata recommends a list of auditors familiar with the tool and providing a significant discount for the audit.
- Drata supports a solid list of compliance frameworks.
- New Trust Center is a killer feature.
What do you dislike about the product?
- 25MB file size limit for any piece of evidence you are uploading into Drata. Anytime you need to upload something bigger you have to ask the Drata support team.
- The support of some frameworks (e.g., NIST CSF, NIST 800 53, GDPR) is pretty basic and has very little or no automation. For these secondary frameworks the cost doesn't seem justified for what they charge for SOC 2 or ISO 27001 - those that they fully support and automated.
- While Drata has a huge list of available integrations, they don't support Atlassian tools hosted on-prem/in your own cloud accounts - only Atlassian SaaS.
- It would be nice to be able to subscribe to an SNS topic with failing test notifications from Drata to stay up-to-date on the recent issues.
- While Trust Center is a great feature, I believe it should be provided for no additional cost as a part of any framework you have with your Drata subscription. It does not seem fair to charge for this additionally.
- The support of some frameworks (e.g., NIST CSF, NIST 800 53, GDPR) is pretty basic and has very little or no automation. For these secondary frameworks the cost doesn't seem justified for what they charge for SOC 2 or ISO 27001 - those that they fully support and automated.
- While Drata has a huge list of available integrations, they don't support Atlassian tools hosted on-prem/in your own cloud accounts - only Atlassian SaaS.
- It would be nice to be able to subscribe to an SNS topic with failing test notifications from Drata to stay up-to-date on the recent issues.
- While Trust Center is a great feature, I believe it should be provided for no additional cost as a part of any framework you have with your Drata subscription. It does not seem fair to charge for this additionally.
What problems is the product solving and how is that benefiting you?
Using modern solutions like Drata helped us significantly save the time (at least a few months of effort per year) and money (tens of thousand dollars) required to achieve SOC 2 compliance. Of course, Drata will not automatically make your product secure and reliable, but it will help you assess the gaps, eliminate them, and continuously monitor the required controls.
My Drata Review
What do you like best about the product?
I like the automation Drata uses to bring the latest info up front for review.
What do you dislike about the product?
The limited frameworks at this time plus adding more increases our cost to use Drata every year.
What problems is the product solving and how is that benefiting you?
We needed to get started with our compliance efforts and have a centralized place to store evidence and manage our records in preparation for future audits.
Strong Compliance Platform
What do you like best about the product?
Easy to use, simplifies an otherwise complex process, and the support team is great.
What do you dislike about the product?
Integrations are a little lacking (ex. Slack notifications if a test fails for faster responsiveness), but this is on their roadmap.
What problems is the product solving and how is that benefiting you?
We are working through SOC 2, Type 1 & 2. The software provides an overview of the requirements of SOC 2 and allows us to easily monitor progress. This has helped us move faster and more efficiently.
Recommendations to others considering the product:
Make sure to not discount the value of Drata's support team. They make life a lot easier, and you will need them once you start on your compliance journey (regardless of the framework).
Drata as been seamless
What do you like best about the product?
Very intuitive UI, it was a fast learning curve to figure out what needed to be done, especially being new to SOC2 compliance.
What do you dislike about the product?
This more so pertains to the designated auditor. There's a lot of repeat work sometimes, depending on the auditor you choose. There could be some workflow efficiencies when navigating from Monitoring, Fixing Controls, Controls, and filtering for Control ownership from the Monitoring section.
What problems is the product solving and how is that benefiting you?
SOC2 compliance was a guided process when using Drata. Financially, it's around the same ballpark when comparing other services. However, Drata's demo was the best and it seemed best in class from a product UX standpoint.
Automated, Helpful Tool for Compliance
What do you like best about the product?
Drata has been very helpful with keeping records of our staff compliance needs and which areas are outstanding for which staff members. I also really like the helpful articles and great customer support offered - thanks Alex!
What do you dislike about the product?
It's a helpful tool if you use it right. We are still learning how to utilize all of the available features so we are making the most of this investment
What problems is the product solving and how is that benefiting you?
SOC2 compliance. We are able to keep our audit evidence in one place and get automated tests run so we can know quickly if something has fallen behind.
Intuitive interface and compliance team to make SOC 2 compliance easy
What do you like best about the product?
Drata greatly increased our speed and knowledge while decreasing the number of hours required from our team to get SOC 2 compliant. We really like the ability to check all of our W2 employee's and contractors' compliance in one simple place as well as the continuous monitoring of our security items. Without the continuous monitoring, it would have taken us a lot of time to ensure our security items are still compliant over time (especially for SOC 2 Type 2 which has a longer monitoring period).
Drata's available compliance team was also super valuable and easy to communicate within the web application. We had many questions on best practices and how to ensure compliance on certain items that the compliance team made easy.
Drata's available compliance team was also super valuable and easy to communicate within the web application. We had many questions on best practices and how to ensure compliance on certain items that the compliance team made easy.
What do you dislike about the product?
There were a few items we had to complete for our SOC 2 compliance with our auditor company that was outside of the Drata platform. However, this was fairly minimal and might be specific to just what the auditor looks at.
What problems is the product solving and how is that benefiting you?
Solving SOC 2 compliance in a short period without sacrificing quality. We received our SOC 2 compliance is a much faster timeline (< 2 months) with a lot less work because of Drata.
Seamless automated compliance monitoring based on systems available to connect
What do you like best about the product?
Automated tests that runs everyday and the detailed Raw test evidence gives us a granular view of non compliant controls. DRATA technical architects are great to work with and gives us regular insights on how to fix the errors to increase our compliance percentage. SOC2 automated evidence gathering and providing results to auditors becomes a frictionless effort for cloud native organizations. The available frameworks keeps growing in DRATA and happy to be part of the product journey.
What do you dislike about the product?
Like to see more connections in DRATA to Cloud native systems that cover key cyber domains. Like to see more IAM capabilities and support for multiple IDP's. More insights into failed results within Raw test evidence and extrapolating that for analysis could be more mature.
What problems is the product solving and how is that benefiting you?
DRATA showed us what infrastructure controls failed, why they failed and how to remediate them. This will help us improve our overall SOC2 compliance posture as well as reduce cyber risk from misconfigured infrastructure
Great Experience with Drata.
What do you like best about the product?
East of use & compliance mapping!!!!!!!!
What do you dislike about the product?
Parent-Child relationship - LOOKING FOR THEM
What problems is the product solving and how is that benefiting you?
Multiple Compliance Initiatives and trying to simplify it with testing once and utilizing many standards.
Recommendations to others considering the product:
LOOKING FOR A TOOL THAT WILL MAKE YOUR COMPLIANCE AUDITS MORE LIKE BUSINESS AS USUAL AND NOT AN ANNUAL EVENT DRATA IS THE WAY TO GO
SOC 2 and HIPAA in 10 Days
What do you like best about the product?
We started on SOC 2 and HIPAA compliance journey when a large customer requested a SOC 2 Report. We had a month to get it done so we turned to Drata to see how fast and effectively we can attain SOC 2 Type 1 and HIPAA compliance.
Within 10 days we were able to achieve 98% compliance posture thanks to their automated system, template policies, and most importantly their excellent audit compliance and customer success teams who were there at every turn to answer questions, help us draft policies and guide us through the maze of regulations, controls, and developer support.
You heard it right! In 10 days we were ready for our auditor to start reviewing the documentation and prepping our drat SOC 2 Type 1 Report
Within 10 days we were able to achieve 98% compliance posture thanks to their automated system, template policies, and most importantly their excellent audit compliance and customer success teams who were there at every turn to answer questions, help us draft policies and guide us through the maze of regulations, controls, and developer support.
You heard it right! In 10 days we were ready for our auditor to start reviewing the documentation and prepping our drat SOC 2 Type 1 Report
What do you dislike about the product?
Need custom controls.
At the time of SOC 2 Type 1 journey, they did not have a way to create custom controls and apply automation. That would be a very helpful feature.
At the time of SOC 2 Type 1 journey, they did not have a way to create custom controls and apply automation. That would be a very helpful feature.
What problems is the product solving and how is that benefiting you?
We use Drata to comply with SOC 2 Type I & II, as well as HIPAA requirements.
Additionally, we use Drata to provide high-level monitoring for continuous compliance.
Additionally, we use Drata to provide high-level monitoring for continuous compliance.
showing 271 - 280