External reviews
External reviews are not included in the AWS star rating for the product.
Compliance made easy with excellent support
What do you like best about the product?
Originally I was worried adding a compliance application would cause more problems than it would solve. I was completely wrong. Not only is the interface intuitive, but the support I got was also excellent.
What do you dislike about the product?
It's still a newish platform. They are adding features and integrations daily/weekly but it may not be supported quite yet. We still have a few things I wish it covered but I expect it's only a matter of time.
What problems is the product solving and how is that benefiting you?
Having one organized place to put documents is good enough, but Drata makes it so you don't need many of those documents as they are generated by connecting to your various services and vendors.
- Leave a Comment |
- Mark review as helpful
Superb product and service offering
What do you like best about the product?
Comprehensive, well-structured, and thoughtfully designed product that covers all the key compliance requirements we have (HIPAA, SOC2, ISO), with more on the way.
What do you dislike about the product?
Nothing to complain about whatsoever. Peter Elias, our CSM is fantastic. Professional, easy to work with, and highly responsive.
What problems is the product solving and how is that benefiting you?
We needed a frictionless, automated way to comply with and update our HIPAA and SOC2 compliance requirements. Other service based solutions were just incompatible horrendously expensive for an early stage startup.
Recommendations to others considering the product:
Fantastic product and service. Highly recommended without any reservations.
Essential compliance monitoring software with a great team behind it
What do you like best about the product?
Drata allows you to tailor the software to the company's specific needs with regards to what compliance tasks or policies the company may or may not need to monitor. It comes with frameworks for all standard policies that the company can tailor to fit its own without having to write each policy from scratch if it doesn't already exist. Each employee has an individual account that tracks their individual tasks and completion progress, using simple pass/fail icons which allows management to monitor easily in a dashboard view. The software automates the entire process for all employees, allowing them to complete everything right in the software, and it is continuously testing/checking each required item for each employee, giving a pass/fail percentage and flagging exactly where a failed test has occured so you can quickly and easily fix it.
We recently went through a compliance audit and, because of Drata, got a great report back. I don't know how I would have made it through the audit without Drata. It's a single source of truth for all things compliance for the company, and I can easily search for and locate anything I may need to provide to a customer for their internal compliance at any time. Lifesaver.
We recently went through a compliance audit and, because of Drata, got a great report back. I don't know how I would have made it through the audit without Drata. It's a single source of truth for all things compliance for the company, and I can easily search for and locate anything I may need to provide to a customer for their internal compliance at any time. Lifesaver.
What do you dislike about the product?
There's not much to dislike about Drata because you make it your own and use it only how you need. As a non-compliance person filling in for our regular compliance person, there was a short learning curve to understanding the frameworks of the system and how monitoring in general worked, but nothing that's Drata's fault. They have a very thorough knowledge base for self-help if needed, and a very knowledgeable and responsive team that answered all of my questions.
What problems is the product solving and how is that benefiting you?
They solve the problem of having to keep constant track of all of your compliance documents and required actions/tasks, across the entire company, in one easily searchable place. If you need to locate your company's Terms of Service policy, you know exactly where it is and you know it's the most updated version of it. No need to scour Google Drive for what MIGHT be the right policy and waste time scouring different versions of the document to see if it is the right one. No need to keep asking that one employee if they did their quarterly training and waiting for a response, Drata tells you whether it's been completed or not right there. No need to constantly wonder how you're going to do in an audit or if you're failing any checks at any time, the system is constantly monitoring that and tells you right from the dashboard how you're doing.
From Startup to Enterprise Compliance
What do you like best about the product?
Having worked in many large corporations throughout my career and implemented compliance programs. Absolutely nothing compares to the sheer acceleration you get from using Drata!
What do you dislike about the product?
Drata is a startup on the same rocket ship mode as our company so sometimes you have to wait a while for the next framework. Every integration that has been asked for has been delivered.
What problems is the product solving and how is that benefiting you?
Compliance out of the box without the overhead of a large team to implement and collect evidence during an audit. Truly the perfect integration to bring a new startup into Rock like Compliance.
Recommendations to others considering the product:
Look at the marketplace and truly evaluate what is out of the box versus having to write costly integrations to pull evidence and the decision is clear.
SOC 2 in a box
What do you like best about the product?
- Drata is open-minded, flexible, and agile to meet any of your feature requests or additional requirements. It was the only vendor on the market that was ready to support an immutable cloud-native AWS infrastructure as code at the time we evaluated the available options (end of 2021). Having multiple production releases per day and spinning a brand new version of the infrastructure for every feature branch, we would be overwhelmed with noise and false positives without this.
- They nailed SOC 2 framework and automated testing and evidence gathering significantly. It also looks quite good for ISO 27001.
- Their expert team is always ready to help you with your compliance-related concerns and bring some light to unclear controls and requirements.
- Drata recommends a list of auditors familiar with the tool and providing a significant discount for the audit.
- Drata supports a solid list of compliance frameworks.
- New Trust Center is a killer feature.
- They nailed SOC 2 framework and automated testing and evidence gathering significantly. It also looks quite good for ISO 27001.
- Their expert team is always ready to help you with your compliance-related concerns and bring some light to unclear controls and requirements.
- Drata recommends a list of auditors familiar with the tool and providing a significant discount for the audit.
- Drata supports a solid list of compliance frameworks.
- New Trust Center is a killer feature.
What do you dislike about the product?
- 25MB file size limit for any piece of evidence you are uploading into Drata. Anytime you need to upload something bigger you have to ask the Drata support team.
- The support of some frameworks (e.g., NIST CSF, NIST 800 53, GDPR) is pretty basic and has very little or no automation. For these secondary frameworks the cost doesn't seem justified for what they charge for SOC 2 or ISO 27001 - those that they fully support and automated.
- While Drata has a huge list of available integrations, they don't support Atlassian tools hosted on-prem/in your own cloud accounts - only Atlassian SaaS.
- It would be nice to be able to subscribe to an SNS topic with failing test notifications from Drata to stay up-to-date on the recent issues.
- While Trust Center is a great feature, I believe it should be provided for no additional cost as a part of any framework you have with your Drata subscription. It does not seem fair to charge for this additionally.
- The support of some frameworks (e.g., NIST CSF, NIST 800 53, GDPR) is pretty basic and has very little or no automation. For these secondary frameworks the cost doesn't seem justified for what they charge for SOC 2 or ISO 27001 - those that they fully support and automated.
- While Drata has a huge list of available integrations, they don't support Atlassian tools hosted on-prem/in your own cloud accounts - only Atlassian SaaS.
- It would be nice to be able to subscribe to an SNS topic with failing test notifications from Drata to stay up-to-date on the recent issues.
- While Trust Center is a great feature, I believe it should be provided for no additional cost as a part of any framework you have with your Drata subscription. It does not seem fair to charge for this additionally.
What problems is the product solving and how is that benefiting you?
Using modern solutions like Drata helped us significantly save the time (at least a few months of effort per year) and money (tens of thousand dollars) required to achieve SOC 2 compliance. Of course, Drata will not automatically make your product secure and reliable, but it will help you assess the gaps, eliminate them, and continuously monitor the required controls.
Great Compliance Automation Platform
What do you like best about the product?
Easily connect your systems and great customer success support. Very fast and efficient response times for problem resolution or advice.
What do you dislike about the product?
Takes a little getting used to dashboard navigation; however, the learning curve is quick.
What problems is the product solving and how is that benefiting you?
Single pane of glass for multiple compliance frameworks. Makes auditing much more efficient as well.
Recommendations to others considering the product:
Evaluated several competitive solutions and Drata came out on top. Look no further.
Drata Portal for SOC 2
What do you like best about the product?
The portal is very intuitive to store Controls and other documents.
It gives a clear picture of what Controls are passed what requires to fulfill the gap.
It gives easy access to the external auditors.
It gives a clear picture of what Controls are passed what requires to fulfill the gap.
It gives easy access to the external auditors.
What do you dislike about the product?
The product still has some bugs and we needed to report to fix them and were resolved by Drata team very quickly.
What problems is the product solving and how is that benefiting you?
Storing documents in a SaaS based portal makes it easier to share.
My Drata Review
What do you like best about the product?
I like the automation Drata uses to bring the latest info up front for review.
What do you dislike about the product?
The limited frameworks at this time plus adding more increases our cost to use Drata every year.
What problems is the product solving and how is that benefiting you?
We needed to get started with our compliance efforts and have a centralized place to store evidence and manage our records in preparation for future audits.
Reliable, competitive, affordable. Does exactly what it says it will do.
What do you like best about the product?
The software is simple, most controls and features are straightforward, and the team we got to work with from Drata helped us understand the scope and priorities of how to get our SOC2 compliant done in record time.
What do you dislike about the product?
Not a lot of things to dislike honestly, you have to understand that it's a young / fairly new company, and they keep improving their software every month. Example would be filters. Can they be better? Faster? Simpler? And after a month - you see improvements, so really no complaints, we were able to leverage the platform and get our SOC2 compliance without any issues.
What problems is the product solving and how is that benefiting you?
It's not just a tool for tracking compliance, in a way, it's a framework and a guide for what all falls under SOC2 (or GDPR, etc), so it was very helpful to use their templates and premade controls.
Recommendations to others considering the product:
Understand what you are looking for, check for competitors, and choose what is right for you and your organization.
Simplified my process to get it done!
What do you like best about the product?
As someone that never ran the entire SOC2/ISO certification process from end-to-end, but only as a participant in the process previously, Drata helped me simplify the process by both pulling many of the components required automatically, but also by providing us with an easy step-by-step list of action items to quickly fix and meet the regulatory requirements!
What do you dislike about the product?
I think the one comment I would add as something that could be better (I don't think dislike is the right way to put it), is that the platform could definitely benefit for a few additional integrations to make it even easier and automated with testing.
What problems is the product solving and how is that benefiting you?
Easily explain the gaps in our current platform to meet the regulatory requirements, automate data collection from many platforms and give you simple explanations on how to solve the gaps.
Recommendations to others considering the product:
I would definitely recommend to anyone looking to implement a fast way to complete compliance programs.
showing 571 - 580