I work with Drata on compliance and audit processes.
External reviews
1,158 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Excellence: Your Comprehensive Partner in SOC 2 Compliance
What do you like best about the product?
Our Customer Success Representative, Rachael has been extremely helpful, patient, and quite discerning; able to decipher what issues I am encountering and provides spot-on instructions as well as documentation to help me continue to move forward.
Truly, I cannot say enough of the appreciation I have for the Drata team that has been supporting me and the company in working toward our Soc2.
Rachael is focused and dedicated to our company's success and guides me with every step and follows up with documentation for me to review.
I have stated this before but believe it is well worth pointing out again, Drata is a well thought out platform and easy to use. The integrations with other platforms have been well documented making the setup flawless.
Anytime I've reached out to Drata's support team, without fail, they quickly assist and get me exactly what my company needs to keep us progressing forward.
I use the platform on a daily basis and highly recommend using this platform.
Truly, I cannot say enough of the appreciation I have for the Drata team that has been supporting me and the company in working toward our Soc2.
Rachael is focused and dedicated to our company's success and guides me with every step and follows up with documentation for me to review.
I have stated this before but believe it is well worth pointing out again, Drata is a well thought out platform and easy to use. The integrations with other platforms have been well documented making the setup flawless.
Anytime I've reached out to Drata's support team, without fail, they quickly assist and get me exactly what my company needs to keep us progressing forward.
I use the platform on a daily basis and highly recommend using this platform.
What do you dislike about the product?
I've been using the Drata platform for a year and have yet to find anything that has been a pain point.
What problems is the product solving and how is that benefiting you?
To single out one area where I've noticed a remarkable change within our company is the adoption of a security mindset and a deep focus of best practices.
Drata for ISO 27001:2022
What do you like best about the product?
With Drata I was able to update our ISO 27001:2013 to 2022 in just a few months. The policy templates and the ability to import existing policies made this very efficient.
What do you dislike about the product?
Drata is still a new service. They have developed compliance automation and automated data ingestion for a large number of SaaS providers, but still have a long liist of providers to integrate.
What problems is the product solving and how is that benefiting you?
For SaaS native companies certified under ISO 27001 ad SOC2, Drata saves hundreds of hours preparing the Information Management systems. Creation and Editing of Policies are facilitated by the template documents provided. The service provides expert help from systems and compliance experts. Our success manager was exceptional. Elizabeth kept the goals for configuration organized for us like a project manager, she showed us tips and tricks withh the expertise of a systems admin, her recomendations and advice helped us to achive an ISO audit with No Major and No Minor findings meeting the new 2022 standard. The integration with our Auditors (A-Line) allowed Drata to host the audit and for the Auditors to use the Drata tools. This was a great time and cost savings.
Risk management, Vendor management, Asset management and Tust center services that allow us to share our public facing compliance documents with current and potential customers, are all integrated into Drata.
Our Mac fleet is monitored for compliance continuously. Configuration and patching tests run daily. Policy attestations are requested directly to the users when channges are made. Users know about the changes when they are completed and can read and attest directly from the service.
Risk management, Vendor management, Asset management and Tust center services that allow us to share our public facing compliance documents with current and potential customers, are all integrated into Drata.
Our Mac fleet is monitored for compliance continuously. Configuration and patching tests run daily. Policy attestations are requested directly to the users when channges are made. Users know about the changes when they are completed and can read and attest directly from the service.
We love Drata!
What do you like best about the product?
It seems dumb to say out loud, but it works as expected, every time, and I have the support I need to do what I need to do, when I need to do it. I don't think I've ever waited on help or an answer, and our entire team finds value in the tool each time we use it. You can't say that about much in the software world. We had an easy implementation, easy integration experience, and I love that the chatbot actually works in the after hours when I need to ask my obscure questions. Turns out they're really not all that out of the ordinary, because there's a ready made and easy to find answer no matter what time I want to ask the question.
What do you dislike about the product?
I'm a little sad my person moved onto another job (Claire), but we have a lovely new person and I know we're in good hands.
What problems is the product solving and how is that benefiting you?
Drata has made our lives much easier, and while we still haven't started having all of our users use it themselves, it does greatly simplify our lives in that the integrations have saved us a ton of time in evidence gathering, but also system monitoring and having to reconnect the integrations, which was happening a lot with Vanta. I can't count how many times the integrations broke and caused us to have to restart in the middle of an audit. Such a waste of time and effort (and patience).
Helps eliminate evidence gathering and makes assigning different activities easier, simplifying compliance and audit processes
What is our primary use case?
What is most valuable?
Drata helps eliminate evidence gathering and makes assigning different activities to different team members easier, simplifying compliance and audit processes. In Pennsylvania, we're putting in thousands of hours. Drata improves our security posture by reducing extra work, allowing us to focus on other security directives. I like the control editing and task management features the most. It's easy to use, but it's also easy for people to think they don't need security experts if they have it.
What needs improvement?
In terms of improvements, I'd suggest better marketing since the industry tends to market these tools as security experts, which isn't true.
For how long have I used the solution?
I have been using Drata for the past eight months.
What do I think about the stability of the solution?
I've had no issues with stability.
What do I think about the scalability of the solution?
Drata is very scalable and suitable for larger organizations due to the ability to assign tasks to different business lines. We have around twenty users across various companies, and I still use other tools.
How are customer service and support?
The technical support team is good, though I haven't used them much.
How was the initial setup?
The initial setup is pretty straightforward.
What's my experience with pricing, setup cost, and licensing?
It's one of the more expensive options, but I think it's worth the money if you can afford it.
What other advice do I have?
I'd rate Drata an eight out of ten because there's always room for improvement. We've seen value and impact from this tool, and I would recommend it to others. My advice would be to have a set project plan for implementation and to get help from a security expert if you don't have one in-house.
Achieves both SOC 2 and ISO 27001 compliance with improved security posture
What is our primary use case?
We use the solution to achieve both SOC 2 and ISO 27001 compliance.
How has it helped my organization?
Drata improved our security posture by ensuring that all our laptops were encrypted and all our production environments were validated with MFA access. We tracked all our Jira tickets to ensure timely remediation. Going through SOC 2 compliance, we still had to perform other tasks like external pen testing, which we achieved, and document it. We also developed tabletop exercises, which were conducted annually, and performed disaster recovery testing on the database. All this was tracked in Drata in real-time, allowing us to quickly identify and address issues, such as TLS encryption problems.
Drata helped us publish our ISO and SOC reports, which was essential for the acquisition. The challenge now is whether Drata can scale up to meet the needs of a larger company. Drata is excellent for startups and small—to medium-sized companies but may face challenges in larger organizations with multiple environments.
What needs improvement?
One of the challenges with Drata is that if you're paying for a subscription to ISO 27001, you must undergo a risk assessment. You should have access to all necessary modules on the platform to achieve your compliance posture and certification.
It provides real-time reporting regarding SOC 2 or ISO compliance. The auditors issue the reports. Therefore, if the auditors make a recommendation, such as configuring our alert system internally based on their advice, we implement it. Drata must also address its bugs to improve things for the auditors.
For how long have I used the solution?
I have been using Drata for one and a half years.
What do I think about the stability of the solution?
After the acquisition, we're still integrating Drata into our environment. The challenges of this integration with the new regime are more significant than anticipated. One issue is stability; when Drata releases updates, we notice some bugs, especially those affecting Mac users. While Drata seems well-suited for smaller startups and mid-sized companies, larger enterprises may encounter more hurdles. Such platforms must remain robust despite occasional integration issues, as updates are necessary for continuous improvement.
I rate the solution's stability a nine out of ten.
What do I think about the scalability of the solution?
These platforms provide real-time reporting. For example, if a control fails, such as requiring all users to log in with unique passwords, I receive an alert. If a user hasn't logged in, the system flags it. Drata helps streamline this process. When a new employee starts, I meet with them to configure their laptop with Drata and show them where the training is. Drata's real-time monitoring is beneficial.
Drata is particularly effective for smaller companies, where communication is easier, and departments are not siloed like in larger organizations. This makes Drata a good platform for startups to complete their audit reporting and demonstrate their legitimacy. Companies can use this to attract private equity, go IPO, or secure more funding from investors.
Ultimately, companies reach a certain level of corporate maturity where they recognize the value of these investments. Real-time reporting and monitoring with Drata pay off by highlighting smaller issues early on, which benefits the company's overall operation and growth.
How are customer service and support?
Drata also made certain promises regarding specific features but did not deliver.
Which other solutions did I evaluate?
I've had other demos and due diligence meetings with various vendors, some at the same level as Drata. The challenge becomes whether the bigger company wants to spend the higher cost. It becomes a negotiation between price and service.
What other advice do I have?
Drata has excellent integrations and allows for real-time monitoring. Some tasks require manual uploads for screenshot evidence. It can have company policies within the module. This prevents data islands in Dropbox, Google Drive, or other locations. You can tell critical stakeholders, "Alright, we're having a meeting. Here's the draft; let's edit it." Once edited, the owner can press the green button to publish it, automatically sending alerts to the entire company or specific groups.
For example, if the access control policy is updated, everyone must acknowledge the change. You can create groups, like the dev team, to agree to policies like SDLC, change management, or vulnerability management. Any changes are automatically pushed to designated personnel, who must review and approve them. You can track when they've done this in real-time, which is essential for auditors. Everything within the module shows whether personnel have agreed to specific policies.
There are other competitors out there. If you don't prefer Drata, find a similar platform. Many different companies exist because Drata enables you to monitor things in real time, which is crucial for both short-term and long-term goals. Short-term goals include daily or weekly reviews for compliance, while long-term goals aim to achieve SOC 2 and ISO goals.
Overall, I rate the solution an eight out of ten.
Amazing Support and Relationship Management
What do you like best about the product?
Comprehensive: Risk register, vendor management, compliance frameworks, stellar support bot and human support, excellent customer success manager (Mike Mechling).
As we onboarded the team from drata were not just saying that they were committed to us, they were actually committed and made sure we onboarded with significant ease.
As we work with our audit team for SOC and ISO, we did encounter a few elements on the controls to help indicate if something or was not complete.vThese were UX elements and our customer success manager spent the time to document and ingrst that feedback.
We also integrated to our various systems for HR, IT and other systems without much difficulty.
As we onboarded the team from drata were not just saying that they were committed to us, they were actually committed and made sure we onboarded with significant ease.
As we work with our audit team for SOC and ISO, we did encounter a few elements on the controls to help indicate if something or was not complete.vThese were UX elements and our customer success manager spent the time to document and ingrst that feedback.
We also integrated to our various systems for HR, IT and other systems without much difficulty.
What do you dislike about the product?
Its a really good GRC platform. There is nothing to highlight as truly deficient.
What problems is the product solving and how is that benefiting you?
compliance management and reporting
Cashrewards feedback on DRATA and the support we receive
What do you like best about the product?
As a compliance automation platform it is a feature-rich business tool that provides a way to automate a variety of manual checkpoints. We are an ISO 27001 organisation and the ability to set up an environment that closely mirrors what we need is fantastic.
From a support persepctive Greta Wagner has exhibited an unshakable ability to suppoort and help us drive our use of DRATA by ensuring our requirements are being met for various areas of specific functionality. We have been able to get uplifted functionality for the rsik register and risk measurement process introducing both Inherent and Residual risk scoring and tracking, risk obver time and being able to allocate Risks by deparnent/function versus framework specific risk arrays.
Vendor management: while DATA is not a CLM platform it does have many aspects of a CLM solution. Vendor security questionnaires functionality was uplifted to suit our needs.
Open for suggestion and work with you to deliver. Listening, followup, and delivery. Vital to our success.
From a support persepctive Greta Wagner has exhibited an unshakable ability to suppoort and help us drive our use of DRATA by ensuring our requirements are being met for various areas of specific functionality. We have been able to get uplifted functionality for the rsik register and risk measurement process introducing both Inherent and Residual risk scoring and tracking, risk obver time and being able to allocate Risks by deparnent/function versus framework specific risk arrays.
Vendor management: while DATA is not a CLM platform it does have many aspects of a CLM solution. Vendor security questionnaires functionality was uplifted to suit our needs.
Open for suggestion and work with you to deliver. Listening, followup, and delivery. Vital to our success.
What do you dislike about the product?
Dislike is too strong: I would love to see DRATA expand and establish a footprint in Australia. From here you could then focus on our surrounding countries such as New Zealand and Asia, (Malaysia, Indonesia, Thailand, Singapore, Philippines, etc).
Australia is a mature market and would be an ideal place to set up an AP presence.
Australia is a mature market and would be an ideal place to set up an AP presence.
What problems is the product solving and how is that benefiting you?
Currently we are working to get the platform fully implemented. Once complete we can start better understanding the inherent benefits.
Great product, and even greater customer support
What do you like best about the product?
Drata has helped streamline audits, keep us compliant through out the year by monitoring key controls, which saves me time from performing a number of internal audits so I can focus on other projects.
What do you dislike about the product?
I wish Drata had the ability to integrate with JIRA or other ticketing systems.
What problems is the product solving and how is that benefiting you?
Continous control monitoring helps ensure that we are meeting our compliance obligations on an ongoing basis.
Great product with great support
What do you like best about the product?
We are new to compliance documentation and this product makes the project seemless, keeping everything in one place. The ease of use and customer support allowed us to implement quickly and efficiently. Our implementation specialist is always available and very knowledgable.
What do you dislike about the product?
i am currently still learning everything about the product, but one thing i dislike is that some features are additional costs
What problems is the product solving and how is that benefiting you?
We have to provide our customers with documentation of compliance requirements. This product keeps all our documentation and evidence in one place as well as giving us a quick glance at any non-conformaties we need to fix. Drata allows us to keep up with our daily tasks as it provides our customers access so we dont have to take time to answer surveys and provide information to satisfy each client individually.
Streamlining compliance & dynamic support
What do you like best about the product?
Quick customer support, both practical and content-wise.
Policy templates as guidance.
I like the new risk assesment features as well.
Linked controll mapping.
Automated evidence gathering, eg. though Drata agent.
All these feastures help us streamline our compliance, log our progress, involve our teammembers, keep everything organised.
Policy templates as guidance.
I like the new risk assesment features as well.
Linked controll mapping.
Automated evidence gathering, eg. though Drata agent.
All these feastures help us streamline our compliance, log our progress, involve our teammembers, keep everything organised.
What do you dislike about the product?
It obviously takes a learning curve to get intpo the depths of compliance, but Drata relieves that as much as possible.
What problems is the product solving and how is that benefiting you?
Generating trust in our cloud and security complaince towards customers
showing 401 - 410