I use it as a way to shift from using spreadsheets for SOC2 compliance to something where I can operationalize it into a platform and manage my documents and schedules when needed and where attention needs to be given to the auditor's review of the tools.
External reviews
1,084 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Very pleasant experience. Both our account manager and live support are very responsive and helpful.
What do you like best about the product?
Automation of control checks. Customer support is great. Easy to use.
What do you dislike about the product?
Just started using it at the moment haven't experienced anything I dislike.
What problems is the product solving and how is that benefiting you?
Given the users of our technology could be in all sectors, some,but not all, industries may require SOC-2, GDPR, or HIPPA certification for use in their markets.
Easy to use product and great customer experience
What do you like best about the product?
Drata takes away the worry about making sure you have not forgotten any compliance task that needs to get done in your audit window. Additionall it has a great team of customer success people (ours was Elizabeth John) and if you ever have a specific question for an auditor, they have a team available that you can chat with at anytime to answer your questions quickly.
What do you dislike about the product?
It needs to have a way to automatically watermark reports in Trust Center for specific users.
What problems is the product solving and how is that benefiting you?
Ensuring we obtained and continue to maintain our SOC 2 Type II certification.
Great product and team = great overall experience
What do you like best about the product?
Drata takes the pain out of the compliance process by tapping into our existing systems and offering detailed insights into our compliance status. They have a wonderful customer success team that is both knowledgeable and helpful. Additionally, the support team available through the in-platform chat is extremely responsive and well-informed. As someone who had never managed a compliance project before, I was initially apprehensive. However, Drata's system and support has made the entire process seamless and worry-free.
What do you dislike about the product?
When starting my only worry was that the CS team were based in the US so not in my timezone. However, they have recentlt launched their UK team and I now have a UK-based CS manager 👍🏼
What problems is the product solving and how is that benefiting you?
The Drata platform benefits us by significantly reducing the time and effort required to achieve and maintain compliance. The knowledgeable and responsive customer success and support teams further enhance our experience, ensuring that any issues or questions are promptly addressed. For someone like me, who had no prior experience with compliance projects, Drata's user-friendly system and excellent support have made the process straightforward and stress-free.
Best Product Development I Have Experienced
What do you like best about the product?
The company is focused on solving problems that have persisted in the GRC space and reimagining what a GRC can and should be capable of in today's fast moving environment. It started as a compliance automation platform and has added features at a pace I have not experienced in my career to become a complete GRC platform that can perform with the best on features while being much more streamlined and easy to use. Not suprisingly, their feedback mechanisms and prioritization is amazing and the amount of engagement watching something you requested become a live feature in a matter of months with additional questions and QA along the way to ensure its meeting the use case.
Best Aspects of Drata:
1. Product development quality and speed
2. Ease of mapping frameworks to policies to controls to risks for end to end management
3. Balance of configuration versus customization, Drata is still easy to setup and manage while allowing you to meet your current process in the middle
4. Focus on automation whether its automated control tests or smart use of AI for repetitive tasks
Best Aspects of Drata:
1. Product development quality and speed
2. Ease of mapping frameworks to policies to controls to risks for end to end management
3. Balance of configuration versus customization, Drata is still easy to setup and manage while allowing you to meet your current process in the middle
4. Focus on automation whether its automated control tests or smart use of AI for repetitive tasks
What do you dislike about the product?
Drata is a very new company and does still have some gaps in capabilities. However, I am confident based at their speed of development they won't be gaps for long.
What problems is the product solving and how is that benefiting you?
1. Migrating our framework and GRC processes into a single tool.
2. Implementing the principle of "assess once, report many".
3. Ensuring that our framework is grounded by what is happening in security operations and engineering through integrations and process/framework alignment.
2. Implementing the principle of "assess once, report many".
3. Ensuring that our framework is grounded by what is happening in security operations and engineering through integrations and process/framework alignment.
Manages documents and schedules with integrations and organizational efficiency
What is our primary use case?
What is most valuable?
Once the tool is set up, Drata offers several valuable features. One key aspect is its integrations, which connect seamlessly with your ecosystem, including cloud services, HR systems, and various security tools. It checks configurations to determine compliance, significantly reducing the overhead of creating evidence from screenshots and configuration changes. This proactive approach allows users to address issues as they arise.
Another important feature relates to organizational efficiency during audits. Typically, you would need to review folder structures where specific controls are located and manually set up calendar events to remind you when to upload documents or screenshots as proof of compliance. Drata streamlines this process by providing a platform that automates control management. You can check your policies and procedures, conduct reviews, and automatically generate evidence for tracking compliance.
What needs improvement?
I consider my team and myself to be advanced users of Drata, continually pushing the boundaries of use cases and feature requests. We were actively involved in enhancements related to metrics from the risk register and compliance areas, focusing on visualizing trends in risk closure over time and assessing tolerance levels across different categories.
We engaged with customer success on improvements for the Trust Center, seeking metrics like the most downloaded documents, visitor analytics, and insights into which verticals access our site most frequently. This information is crucial for identifying hotspots and areas for improvement across sectors such as K-12, higher education, corporate, and government.
The readiness state of compliance frameworks can sometimes be misleading. For instance, despite having been in SOC 2 Type II compliance for a few years and being 36 months into using Drata, our readiness metric may still show around 60%. This often doesn't reflect our readiness, which is closer to 90-100%. The score can be impacted by recent policy revisions, such as updates made in Q3 or Q4, which may not yet be reflected in the system. These nuances often require additional explanation regarding the reported readiness status.
For how long have I used the solution?
I have been using Drata for a year and a half.
What do I think about the stability of the solution?
Some minor bugs occasionally appeared in the web UI, and when reported, they were quickly fixed. There was also a minor outage on the Trust Center caused by an issue with CloudFlare that was outside their control. They provide a status page where users can check for such incidents and their resolutions.
What do I think about the scalability of the solution?
We have about fifteen people with access to Drata, each in different roles. As a global company, these users are spread across various locations around the world.
How are customer service and support?
Our experience with customer success at Drata has been quite positive, largely due to the quality of the personnel assigned to us and the frequency of our meetings, which occurred every two to three weeks for about a year and a half. Having a game plan for these meetings and treating them like office hour sessions has been valuable, as it allows for timely answers to our questions, either on the spot or as follow-ups. This level of involvement from Drata's team stands in stark contrast to some other vendors, where you might not even know who your representative is, and they typically only reach out during quarterly business reviews or renewal discussions.
How would you rate customer service and support?
Positive
How was the initial setup?
I strongly advocate for evaluations that prioritize objectivity by removing emotions from the decision-making process. During my assessment of various tools, I utilized a scorecard and test plan that included clear requirements and priorities. I compared options such as Fanta, OneTrust, and Drata, which was emerging as a strong contender.
Throughout the evaluation, we encountered several bugs within Drata's platform, but their team quickly addressed these issues in production. Additionally, having visibility into their roadmap was a crucial factor that indicated Drata would be a reliable vendor and partner for us.
It supports my privacy and legal team with features like auto consent and AI capabilities, which meet our needs. We chose this tool because of its agility; we felt confident it would grow alongside us and allow us to influence its roadmap.
The platform includes a helpful wizard for setting up integrations, organizing our policies and procedures, and addressing unready controls through a punch list. Additionally, we have assigned a customer success manager who will collaborate with us to tackle these items. We aim to ensure all controls are ready, connected, and scheduled, enabling us to transition to an operational state.
Five people are required for the deployment.
What was our ROI?
Before implementing Drata, I managed compliance tasks using spreadsheets, which required significant discipline and involvement. With Drata, I could transition most responsibilities to a more junior team member in security, allowing them to take on the bulk of the work, except for certain nuances like writing policies or phrasing things correctly to support sales. The value of Drata is quite high in terms of trust enablement, which can nearly pay for itself from an organizational standpoint.
What's my experience with pricing, setup cost, and licensing?
There’s a dependence on licensing with Drata, as it varies based on the frameworks you purchase and whether you opt for advanced capabilities like the Trust Center and risk module. Pricing is influenced by the number of frameworks you buy. The price ranges from about $18,000 to $30,000, with a sweet spot for small and medium-sized businesses around $20,000. The pricing is reasonable, and it’s worth noting that software can often be heavily discounted if you know how to negotiate.
What other advice do I have?
Our Drata package has a risk register capability that allows you to track all organizational risks while providing insights and metrics to support that tracking. The proactive integration checks compliance against the controls set for different compliance frameworks. The Trust Center is significant for the company, as it showcases all the controls you test against, whether automated or manual—in a public-facing format. This transparency allows customers and prospects to see how we monitor our infrastructure and integrations. If a control fails, it will appear amber on the public Trust Center, demonstrating our commitment to oversight.
The package streamlines the NDA process, reducing the time required for technical reviews by minimizing reliance on the legal team for manual NDA sign-offs. This functionality decreases the manual work involved for each prospect and has proven a competitive advantage, significantly supporting sales efforts and expediting the review process.
It becomes much easier to use once you familiarize yourself with the web UI and its documentation. Jira has a solid knowledge base, and we also create internal documentation to address specific nuances. After getting past the initial learning curve, the UI is relatively straightforward. I had someone new to security successfully take over most of the operational tasks.
Some nuances are involved in getting your onboarding with Drata set up, particularly in understanding how the AuditHub and its capabilities function. The process can be straightforward as long as everyone is on the same page.
Overall, I rate the solution a nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Compliance Guidance Made Easy
What do you like best about the product?
Breaks down the monumental task of SOC 2 compliance into smaller, easily understood pieces. And for what you don't understand, there's a great CS team and a large amount of literature from Drata that explains things for you. Having monitoring support for popular 3rd party applications also makes implementation a breaze across your many platforms.
What do you dislike about the product?
Lack of audit trails in certain parts of the platform. An example being the Risk Assessment hub.
What problems is the product solving and how is that benefiting you?
Monitoring and preparation for a SOC 2 audit.
Excellence: Your Comprehensive Partner in SOC 2 Compliance
What do you like best about the product?
Our Customer Success Representative, Rachael has been extremely helpful, patient, and quite discerning; able to decipher what issues I am encountering and provides spot-on instructions as well as documentation to help me continue to move forward.
Truly, I cannot say enough of the appreciation I have for the Drata team that has been supporting me and the company in working toward our Soc2.
Rachael is focused and dedicated to our company's success and guides me with every step and follows up with documentation for me to review.
I have stated this before but believe it is well worth pointing out again, Drata is a well thought out platform and easy to use. The integrations with other platforms have been well documented making the setup flawless.
Anytime I've reached out to Drata's support team, without fail, they quickly assist and get me exactly what my company needs to keep us progressing forward.
I use the platform on a daily basis and highly recommend using this platform.
Truly, I cannot say enough of the appreciation I have for the Drata team that has been supporting me and the company in working toward our Soc2.
Rachael is focused and dedicated to our company's success and guides me with every step and follows up with documentation for me to review.
I have stated this before but believe it is well worth pointing out again, Drata is a well thought out platform and easy to use. The integrations with other platforms have been well documented making the setup flawless.
Anytime I've reached out to Drata's support team, without fail, they quickly assist and get me exactly what my company needs to keep us progressing forward.
I use the platform on a daily basis and highly recommend using this platform.
What do you dislike about the product?
I've been using the Drata platform for a year and have yet to find anything that has been a pain point.
What problems is the product solving and how is that benefiting you?
To single out one area where I've noticed a remarkable change within our company is the adoption of a security mindset and a deep focus of best practices.
Drata for ISO 27001:2022
What do you like best about the product?
With Drata I was able to update our ISO 27001:2013 to 2022 in just a few months. The policy templates and the ability to import existing policies made this very efficient.
What do you dislike about the product?
Drata is still a new service. They have developed compliance automation and automated data ingestion for a large number of SaaS providers, but still have a long liist of providers to integrate.
What problems is the product solving and how is that benefiting you?
For SaaS native companies certified under ISO 27001 ad SOC2, Drata saves hundreds of hours preparing the Information Management systems. Creation and Editing of Policies are facilitated by the template documents provided. The service provides expert help from systems and compliance experts. Our success manager was exceptional. Elizabeth kept the goals for configuration organized for us like a project manager, she showed us tips and tricks withh the expertise of a systems admin, her recomendations and advice helped us to achive an ISO audit with No Major and No Minor findings meeting the new 2022 standard. The integration with our Auditors (A-Line) allowed Drata to host the audit and for the Auditors to use the Drata tools. This was a great time and cost savings.
Risk management, Vendor management, Asset management and Tust center services that allow us to share our public facing compliance documents with current and potential customers, are all integrated into Drata.
Our Mac fleet is monitored for compliance continuously. Configuration and patching tests run daily. Policy attestations are requested directly to the users when channges are made. Users know about the changes when they are completed and can read and attest directly from the service.
Risk management, Vendor management, Asset management and Tust center services that allow us to share our public facing compliance documents with current and potential customers, are all integrated into Drata.
Our Mac fleet is monitored for compliance continuously. Configuration and patching tests run daily. Policy attestations are requested directly to the users when channges are made. Users know about the changes when they are completed and can read and attest directly from the service.
We love Drata!
What do you like best about the product?
It seems dumb to say out loud, but it works as expected, every time, and I have the support I need to do what I need to do, when I need to do it. I don't think I've ever waited on help or an answer, and our entire team finds value in the tool each time we use it. You can't say that about much in the software world. We had an easy implementation, easy integration experience, and I love that the chatbot actually works in the after hours when I need to ask my obscure questions. Turns out they're really not all that out of the ordinary, because there's a ready made and easy to find answer no matter what time I want to ask the question.
What do you dislike about the product?
I'm a little sad my person moved onto another job (Claire), but we have a lovely new person and I know we're in good hands.
What problems is the product solving and how is that benefiting you?
Drata has made our lives much easier, and while we still haven't started having all of our users use it themselves, it does greatly simplify our lives in that the integrations have saved us a ton of time in evidence gathering, but also system monitoring and having to reconnect the integrations, which was happening a lot with Vanta. I can't count how many times the integrations broke and caused us to have to restart in the middle of an audit. Such a waste of time and effort (and patience).
Helps eliminate evidence gathering and makes assigning different activities easier, simplifying compliance and audit processes
What is our primary use case?
I work with Drata on compliance and audit processes.
What is most valuable?
Drata helps eliminate evidence gathering and makes assigning different activities to different team members easier, simplifying compliance and audit processes. In Pennsylvania, we're putting in thousands of hours. Drata improves our security posture by reducing extra work, allowing us to focus on other security directives. I like the control editing and task management features the most. It's easy to use, but it's also easy for people to think they don't need security experts if they have it.
What needs improvement?
In terms of improvements, I'd suggest better marketing since the industry tends to market these tools as security experts, which isn't true.
For how long have I used the solution?
I have been using Drata for the past eight months.
What do I think about the stability of the solution?
I've had no issues with stability.
What do I think about the scalability of the solution?
Drata is very scalable and suitable for larger organizations due to the ability to assign tasks to different business lines. We have around twenty users across various companies, and I still use other tools.
How are customer service and support?
The technical support team is good, though I haven't used them much.
How was the initial setup?
The initial setup is pretty straightforward.
What's my experience with pricing, setup cost, and licensing?
It's one of the more expensive options, but I think it's worth the money if you can afford it.
What other advice do I have?
I'd rate Drata an eight out of ten because there's always room for improvement. We've seen value and impact from this tool, and I would recommend it to others. My advice would be to have a set project plan for implementation and to get help from a security expert if you don't have one in-house.
showing 321 - 330