External reviews
1,086 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Comprehensive platform with excellent support
What do you like best about the product?
The support, including access to compliance professionals
What do you dislike about the product?
The UI not always intuitive, and you can bounce between sections easily
What problems is the product solving and how is that benefiting you?
Helping us achieve ISO27001 compliance.
Drata has been helpful for client audits, but is often a bit confusing to work with.
What do you like best about the product?
Policy center, risk register, vendor inventory, and other sections are very helpful.
What do you dislike about the product?
The automated tests, evidence, and policy mappings are often confusing. I find myself asking how to turn a control green often.
What problems is the product solving and how is that benefiting you?
Simplifying SOC 2 audits, saves everyone time.
Good but implementation heavy, needs more features for mature capabilities
What do you like best about the product?
The interface is clear and straightforward, easy to navigate, has a lot of options to cover different areas of GRC. When fully implemented, it can be very useful. Convenient - A lot of auditors are familiar with Drata and can integrate their audits into Drata, both internal and external. The support teams are responsive.
What do you dislike about the product?
Lack of customization, which limits capabilities. Implementation is more complex than was estimated.
The implementation team could benefit from prioritizing the features of Drata that give the most value to each organization, instead of basically going through a checklist of Drata features that may not save the org any time/effort.
The audit hub is very basic at this point and doesn't give much visibility into the progress of an audit. I will also include that, if you have a repository of past evidence in your auditor's portal, you will not have that when you go through an audit in Drata. Some of our users have complained that it felt like going through our first audit, when they were unsure what evidence is needed for each control.
The implementation team could benefit from prioritizing the features of Drata that give the most value to each organization, instead of basically going through a checklist of Drata features that may not save the org any time/effort.
The audit hub is very basic at this point and doesn't give much visibility into the progress of an audit. I will also include that, if you have a repository of past evidence in your auditor's portal, you will not have that when you go through an audit in Drata. Some of our users have complained that it felt like going through our first audit, when they were unsure what evidence is needed for each control.
What problems is the product solving and how is that benefiting you?
Control documentation and evidence collection
Exceptional Compliance Support & Automation
What do you like best about the product?
Drata has been a game-changer for our compliance program. From seamless evidence collection to real-time monitoring of control effectiveness, it’s given us back hours each week. Integrations with Jira, AWS, and other tooling mean everything just “talks” to Drata without extra effort. Their dedicated compliance support team has been outstanding, providing tailored guidance, swift responses, and deep expertise at every turn. You also get a glimpse into what's coming and can submit suggestions for features in the portal.
What do you dislike about the product?
Its built-in control templates aren’t always flexible enough for fully bespoke workflows, and integrations with niche or legacy systems can require manual workarounds.
What problems is the product solving and how is that benefiting you?
Drata addresses the headache of scattered, manual evidence gathering by automatically pulling configuration snapshots, user access logs, and policy attestations from your tech stack; it eliminates the risk of compliance drift by continuously monitoring control health and flagging deviations in real time; and it streamlines audit preparation by organizing all artifacts and mapping them directly to relevant PCI DSS requirements. As a result, we spend far less time chasing down screenshots or spreadsheet entries, gain clear visibility into our compliance posture at any moment, and enter audits with confidence—knowing that our controls are both documented and functioning as intended.
Great way to get up and running
What do you like best about the product?
Great support, templates to help get things rolling. Easy for end users.
What do you dislike about the product?
Not as strong as a reference, fixed format and limited searchability for more advanced users.
What problems is the product solving and how is that benefiting you?
Helps us develop and maintain standardization and certification, giving us a better and clearer offering to present to customers.
Great tool for compliance automation
What do you like best about the product?
Continuous monitoring, Drata policy management templates, Trust center and AIQA
What do you dislike about the product?
Some integrations errors happen and those are difficult to debug
What problems is the product solving and how is that benefiting you?
We are using Drata as our GRC automation tool to help with annual certifications and audits. It is easy to keep track of monitoring, risk assessments and everything in one centralized place.
Compliance platform that facilitates certification
What do you like best about the product?
The automation of controls and integration with tools like GitHub, Microsoft 365, and Azure greatly facilitate the continuous monitoring of compliance with standards such as ISO 27001 and SOC 2. The platform also features intuitive dashboards and proactive alerts that help keep the requirements updated and visible to all parties involved.
What do you dislike about the product?
Learning curve for non-technical users: For team members outside the security or compliance area, the platform can be challenging at first.
What problems is the product solving and how is that benefiting you?
Obtain ISO 27001 certification
Drata has really helped us centralise tech compliance.
What do you like best about the product?
One stop shop for early stage startups to automate compliance across multiple frameworks
What do you dislike about the product?
Once you need to demonstrate compliance out of scope of the integrations that Drata offers, you're back to screenshots and manual copy-pasting. Eventually you'll need a compliance automation team just to keep up.
What problems is the product solving and how is that benefiting you?
We're able to use Drata to automate device posture checks,
Comprehensive tool and excellent support for both technical and compliance questions
What do you like best about the product?
Out of the box compliant policy drafts, security controls and support for required practices like vendor management or user access reviews.
Easy to use and support is always there for you. Event the bot is pretty good and if it is not enough the professional and nice human is available too.
Easy to use and support is always there for you. Event the bot is pretty good and if it is not enough the professional and nice human is available too.
What do you dislike about the product?
Asset management could have more features and more useful manual asset management.
What problems is the product solving and how is that benefiting you?
Drata gives me a clear path towards compliance with ISO 27001. It spared me a lot of effort with integrations and ISMS procedures support.
Drata Support
What do you like best about the product?
Drata is great for monitoring compliance against the frameworks which Atlantis Health need to be compliant against.
The support staff are friendly and helpful.
Our assigned CSM is always willing to assist and answer any questions along with keeping us focus on achieving our goals.
The support staff are friendly and helpful.
Our assigned CSM is always willing to assist and answer any questions along with keeping us focus on achieving our goals.
What do you dislike about the product?
Ensuring policies & evidence is kept current.
What problems is the product solving and how is that benefiting you?
Compliance with GDPR, HIPAA, ISO27001 and SOC2 for start.
Focus efforts on what is required to achieve compliance.
Focus efforts on what is required to achieve compliance.
showing 31 - 40