What do you like best about the product?

I liked that for a compliance novice like me, Drata's system walks you through the various stages to get setup. They also have some great templates for documentation if your organization is starting from ground zero.

What do you dislike about the product?

At the time, it seemed like Drata didn't allow for the administrator to assign different compliance tasks or controls to different control owners. Although it's possible that they have added this feature now.

What problems is the product solving and how is that benefiting you?

Ultimately, Drata is helping to make it easier to ensure that we're staying compliant throughout the year, instead of just madly focusing it around audit-time. The monitoring is a great help.

What do you like best about the product?

The on-going support. The willingneess to explain the product and contrast feature-to-feature with our environmen w/ our compliance manager.

What do you dislike about the product?

No main complaints at the moment. So good so far.

What problems is the product solving and how is that benefiting you?

Discover where we are in our SOC 2 Type 2 compliance and document what we have and fix what we don't.

Recommendations to others considering the product:

get your team involved .

What do you like best about the product?

What I like most about drata is knowing my data and records are being protected by drata's program.

What do you dislike about the product?

What I dislike about drata, is some times I wonder if drata is looking through my private information

What problems is the product solving and how is that benefiting you?

The problems drata solves are mainly with customers. They believe their data will be protected by Us. Drata helps to confirm that thought.

What do you like best about the product?

Ease of use and accessibility. Clear and easy interface.

What do you dislike about the product?

Nothing so far. Drata is not something our employees need to interact with daily.

What problems is the product solving and how is that benefiting you?

Policy compliance and ensuring we are all up to date and secure.

What do you like best about the product?

Ease of access.
Issue triage.
Excellent support and personnel. They listen and follow up. Especillay Raahsaan Fox our CSM
Easy integration

What do you dislike about the product?

not being able to send individual emails out to users from Drata or batch emails to a group of users

What problems is the product solving and how is that benefiting you?

SOC 2 Related issues and security volunoribities

What do you like best about the product?

There are many aspects of the application that I like, I will break these down into sections and are based upon the user experience of one individual looking to get a startup company through SOC2 type 1 and 2 compliance. My background is not in any way compliance-focused in these matters.

- Sales Pitch
This was good and gave me a lot of information on the type of compliance we are looking for and indications of the upfront costs for many systems we would have to implement into our company. Knowing this gave me a good benefit that there was nothing hidden or a lack of surprises while our company goes on this journey.

- Support team
The Support team has been great, as someone who is more in the Quality Assurance sector than compliance officer, they have been more than helpful in guiding me through the journey of SOC2, I have been assigned a dedicated customer representative to answer any questions, but have also been grateful for feedback to help improve the application. Where questions they couldn't quite answer due to the difference on how auditors would approach a situation, they were more than handy in providing information until we obtained an auditor.

-Start and Setup
Connecting the various company systems to Drata was easy and painless, for reference we were using Google Workspace for employee administration, Github for both code repository and ticket management and AWS for our infrastructure. All were set up within minutes (if you have the right permissions in said applications to grant access for Drata)

-Frameworks
For the package that we went with first, we concentrated on SOC2 type 1 and 2, but also have the option of another compliance framework to choose from which we have yet to choose. These include ISO 27001 v2013, GDPR, HIPAA and PCI DSS although other frameworks might be available, this is just the view of other frames that I could also look to do.

The Framework details page is broken down into handy sections to do with certain aspects of SOC2 type 1. Security, Availability, Processing Integrity, Confidentiality and Privacy. Clicking into each control will advise what sections of the SOC2 framework it belongs to and provides a description of said control to help you better understand it. In the Framework section, you can also choose to mark in or out of scope said controls.

-Dashboard
The dashboard screen is a handy quick glance at where you are sitting in terms of your chosen control. It has handy areas to show how many controls are failing and a button to take you to the relevant area (Monitoring) to investigate further the failing controls, the overall % of tests passed and also a quick general view of the company overall.

-Monitoring
The monitoring page is the main bread and butter of the application from the user's perspective. This is the section that shows you all of the failing tests, what to do to fix them and to retest the failing controls. It can be broken down into sections: policy, monitored in Drata, Device, infrastructure, identity provider, version control and developer tools. This is handy so you will know who to approach in your company to fix the failing controls. When clicking on a failing control, the information provided is great. it shows you the offending account, storage or other things that is affecting it. There is a help document for that specific control to assist in fixing it as well as a button to retest the failing control.

-Personal
This is another main area of the application where I ended up spending a majority of my time, attempting to moan at my fellow co-workers into doing the necessary tasks to complete compliance. The page is great and easily shows what is left to be done, and is very satisfying when all of the ticks are green. The Drata app that is downloadable onto workstations making collecting evidence automatically about OS version, anti-virus installed and other things made it super easy.

-Policy Centre
The policy centre was handy to create and set policies with either we didn't have or thought we needed. In some cases, we imported our own for ones we already had in place, and the handy tool to create them made it easy to have a simple policy put in place. Great auditing on it, ownership and editing capabilities.


-User Account
This was easy for the staff to log in to Drata and see simple steps on what they needed to do. reviewing the policies, enabling MFA on identity provider, installing the agent, changing computer settings and completing the security training was easy.

What do you dislike about the product?

Although there are some dislikes with the platform, I have found these dislikes to be very minimal in terms of daily use

- Framework
Although the frameworks are set up to have all of the controls in place unless you speak to an advisor and or your auditor you are unsure which is mandatory and what is best practice. Making this clearer would be beneficial for smaller companies who are looking to obtain this certification without having the resources that bigger companies have to put in best practices rather than what is actually required.

- Risk Assessment
After completing the risk assessment Drata personnel are required to create the risk document for you removing the automation of the platform. After speaking with them this is something that is already in the process of being automated and was just not available to me yet.

- Setting Up Auditor
Setting up the auditor caused some confusion in the platform over the placement of dates and information. This process looks like it was created from the perspective of an auditor and a singular auditor in what they would do rather than going to check a range of auditors who might approach auditing a client differently from them, rather than taking the approach from the perspective of an end-user on the platform. The process in place is making the processes more manual for the customer rather than the auditor or automating the process completely. When explained the reasons for said processes this caused further questions as the clarity of the process made even less sense. After speaking to my customer engagement rep about this, I actually got put through and spoke with the product team who were very enthusiastic at taking my feedback to improve this further. Due to my end-user confusion, I hope that they take the feedback and look to make improvements or changes in this area as the platform is for the end-user first to make it easy for them and using technology to adjust things in place to make it easier for auditors to get the evidence they require.

- no mobile device readiness
being a super small startup, the technology we use is appropriate for the personnel in the company. Our CEO doesn't use a desktop or workstation but an IPAD, Currently there is no iPad support in place to even access the site for going through the personal checks like accepting policies and completing security awareness training.

What problems is the product solving and how is that benefiting you?

The ability to obtain the evidence required for auditing. Before and for a singular person, the task looks like a mountain. With the platform, this has made it so much easier to do the certification.

Recommendations to others considering the product:

You can either to it the hard way, or spend the cash and make it easy!

What do you like best about the product?

Drata's ability to connect to all our systems (HRIS, Identity, Infrastrastructure, Version Control, Issue Management) and monitor our security and compliance.

What do you dislike about the product?

No API to export data about our security and compliance status, no API to configure Drata remotely, no terraform provider to follow the IaC principle.

What problems is the product solving and how is that benefiting you?

SOC2 and ISO270k audit

What do you like best about the product?

Drata's hyper-focus on the customer is why they have succeeded in building a great platform and why they have quickly become one of our most trusted partners.

What do you dislike about the product?

Nothing, at this point. Drata is focused on what matters, so the platform may not seem as configurable to those looking for very tailored functionality or workflows. For us, the focus is a benefit as too many options creates noise and blockers to adoption.

What problems is the product solving and how is that benefiting you?

We are a young company and were looking for a partner/platform to help us manage security/compliance and help us prepare for SOC 2. Drata not only helped us achieve those goals but became an extension of our team and program.

What do you like best about the product?

Automated compliance tracking + inbuilt software

What do you dislike about the product?

Some integrations (Checkr, GCP) don't function as intended

What problems is the product solving and how is that benefiting you?

Soc 2 Type 2 audit + ongoing compliance tracking

What do you like best about the product?

Drata allows companies to automate the control of what's going on internally, having these controls monitored every single second rather than just seeing pictures of this over time is the most helpful thing ever for people and companies that care about their compliance.

What do you dislike about the product?

Ohh, if you could complete the endless security questionnaires that come to our emails it would be so good :)

What problems is the product solving and how is that benefiting you?

Automated compliance controls for achieving SOC2. It should be awesome to see how we compare to all the other standards, but I guess we'll check it over time