External reviews
1,144 reviews
from
and
External reviews are not included in the AWS star rating for the product.
DRATA’s Easy Interface and Rapid Updates with Lots of Features
What do you like best about the product?
The Interface and ease of use are two key things for me within DRATA along with the loads of features that are available. However, there is another aspect to it, which is the upgrades that are moved to the platform are quite quick and to the business needs.
What do you dislike about the product?
having access to more frameworks could be an option. limitation of connection that can be created if there are more than 2 apps used under same category.
What problems is the product solving and how is that benefiting you?
GRC and automation around it.
Drata Streamlined Our Policy and Vendor Management for Audit Readiness
What do you like best about the product?
We’ve had an incredibly positive experience with Drata. Implementing their platform has been a game-changer for our organization, especially when it comes to getting our policies, procedures, and vendor management processes structured and audit-ready.
Before Drata, many of our compliance-related documents lived in different places, and maintaining consistency across policies was time-consuming. Drata gave us a centralized, intuitive system to build, organize, and maintain our policies and procedures. The pre-built templates and automated reminders helped ensure nothing fell through the cracks, and version control made updates seamless. What used to take weeks of coordination is now streamlined into a clear, trackable workflow.
Vendor management has also improved dramatically. Drata’s vendor tracking and risk management features give us a single source of truth for all third-party relationships. We can easily monitor due diligence documentation, review timelines, and risk classifications without relying on scattered spreadsheets. This has not only strengthened our compliance posture but also given leadership better visibility into vendor risk.
Before Drata, many of our compliance-related documents lived in different places, and maintaining consistency across policies was time-consuming. Drata gave us a centralized, intuitive system to build, organize, and maintain our policies and procedures. The pre-built templates and automated reminders helped ensure nothing fell through the cracks, and version control made updates seamless. What used to take weeks of coordination is now streamlined into a clear, trackable workflow.
Vendor management has also improved dramatically. Drata’s vendor tracking and risk management features give us a single source of truth for all third-party relationships. We can easily monitor due diligence documentation, review timelines, and risk classifications without relying on scattered spreadsheets. This has not only strengthened our compliance posture but also given leadership better visibility into vendor risk.
What do you dislike about the product?
Overall, our experience with Drata has been very positive, particularly around vendor management, and policy management. However, one area where we’ve felt some limitations is client management.
What problems is the product solving and how is that benefiting you?
On the policy and procedure side, Drata provides a centralized, structured system that makes it easy to create, organize, update, and track documentation. The built-in templates and automated workflows ensure that policies are not only well-documented but also consistently reviewed and acknowledged by the appropriate team members. Instead of chasing approvals or wondering whether a policy is current, we now have clear visibility into ownership, version control, and review cycles.
When it comes to vendor management, Drata gives us a single source of truth for all third-party relationships. We can track due diligence documentation, risk assessments, contract renewals, and ongoing monitoring requirements in one place. Automated reminders and continuous monitoring help ensure that no vendor falls through the cracks, significantly reducing risk and manual administrative effort.
When it comes to vendor management, Drata gives us a single source of truth for all third-party relationships. We can track due diligence documentation, risk assessments, contract renewals, and ongoing monitoring requirements in one place. Automated reminders and continuous monitoring help ensure that no vendor falls through the cracks, significantly reducing risk and manual administrative effort.
Efficient Security Management with Robust Automation
What do you like best about the product?
I really like the automation and integrations that Drata provides. They help me manage information security and privacy much more easily, especially since we have limited resources. Drata significantly reduces manual effort and provides easy, actionable insights into areas that need fixing. The initial setup was pretty straightforward, and I also appreciate its seamless integration with tools like GitHub, Heroku, and Google Workspace.
What do you dislike about the product?
There's a few bits of clunky user flow - e.g. when a control is marked as 'not ready' it's not always clear why it's not ready. It would be better if there was a clear button that showed a step-by-step guide on how to fix something.
What problems is the product solving and how is that benefiting you?
Drata makes security management easier with limited resources by simplifying evidence collection for audits and compliance. Its automation and integrations reduce manual effort significantly and provide actionable insights into areas needing fixes.
Good Control Mapping Across Different Frameworks
What do you like best about the product?
Good control mapping across different frameworks. Drata is easy to use and makes it simpler to manage certifications.
What do you dislike about the product?
Drata doesn’t support a Quality Management System. As a result, organizations with an ISO 9001 certificate can’t use the Drata Policy Management System as a single, central point for managing their policies.
What problems is the product solving and how is that benefiting you?
It helps us stay SOC 2, ISO 27001, and HIPAA certified with minimal effort.
Streamlined Compliance with Automated Evidence Collection
What do you like best about the product?
I use Drata for my GRC program including ISO27001, SOC2, GDPR, and Cyberessentials. I appreciate having better visibility of my controls and risks all in a single console. I like the ability to integrate with my tech stack with automated evidence collection. I don't have to log into AWS and Google Workspace to check compliance as everything is visible from Drata connections. The automation of evidence collection for SOC2 is what made us switch from Rubiq.
What do you dislike about the product?
The asset management module could be improved to generate a consolidated report. It currently doesn’t display device serial numbers and make, which are useful identifiers for an asset list. The serial numbers can only be seen when downloading a report for an individual, not for the entire company. I’d prefer Drata to have out-of-the-box modules like incident management to avoid purchasing a separate solution. Having an incident management report and a business continuity flow would greatly enhance Drata. Also, the integrations with Zoho Desk have been buggy since last year, and the issue remains unresolved despite logging a ticket about it.
What problems is the product solving and how is that benefiting you?
With Drata, I have better visibility of my controls and risks on a single console. I also like the integration with my tech stack and automated evidence collection, which means I don't have to log in to AWS and Google Workspace to check compliance.
Great Compliance Tool with Room for Performance Improvement
What do you like best about the product?
I really like the ease of use and the support that Drata provides, especially for a small team like ours. It's helpful to have a tool that works for us in terms of compliance. Drata gives us an overview of all necessary renewals for evidence, and the use of templates is really handy. It's nice that Drata offers many easy setup configurations.
What do you dislike about the product?
The platform is sometimes a little bit slow and minor bugs. Sometimes I have to wait for tech support to answer for bugs which slows me down, or wait for page loads longer than usual.
What problems is the product solving and how is that benefiting you?
Drata serves as a Compliance Hub and provides an overview, helping our small team manage compliance smoothly. It remembers emails for tasks and offers templates for necessary renewals.
Easy-to-Use Interface, Reliable Security Solution
What do you like best about the product?
I like how easily and friendly the interface of Drata is. It's very clean, and everything is easy to find, which is important since we ask our employees to use this software once a year; having an easy-to-use interface is crucial. It ensures that they can complete courses and understand everything without spending a lot of time figuring out how the software works. The initial setup was easy too; we just needed to set some things, and it was working pretty well. Everyone can do the courses and make sure they're aware of the best practices, so it's easy-going software.
What do you dislike about the product?
I had some issues logging in, but the team was very helpful. They helped me, and I received a reply a few minutes after requesting some help. They can add an option to log in with social media to avoid issues, such as not receiving matching links because they end up in the spam folder.
What problems is the product solving and how is that benefiting you?
I use Drata to ensure my team understands secure best practices and that our computers run smoothly, free of viruses or breaches. It also helps prevent sensitive company data from being compromised.
Effortless Compliance, User-Friendly Interface
What do you like best about the product?
I find Drata to be a really effective tool for company compliance, and I don't see any reason to use another or change it. It's overall very easy to navigate, and the interface is not complicated, which is good for those using it for the first time.
What do you dislike about the product?
I wish there was an option where we didn't have to manually provide evidence if there's already a connection with our HR platform. The sync with Rippling isn't too much of an issue, but it could be improved.
What problems is the product solving and how is that benefiting you?
Drata is an effective tool for company compliance. I find it easy to navigate, with a simple interface suitable for first-time users, making it unnecessary to switch to another tool.
Smooth Onboarding, Budget-Friendly Compliance
What do you like best about the product?
I like the pricing point of Drata, which is important as we are mindful about our budget while trying to achieve SOC2 compliance. The onboarding process was smooth, and we were guided through a series of workshops and onboarding sessions that provided us the tools to start using the platform effectively. The initial setup of Drata was also easy.
What do you dislike about the product?
The UI is a little confusing sometimes. As someone who has already done a SOC2 audit with a competitor product, I sometimes find the Drata platform a little confusing. It's not straightforward to see what tasks are missing and what specific things we need to fix. I think UX could be improved.
What problems is the product solving and how is that benefiting you?
Drata simplifies compliance by having auditors use the same platform for audits, reducing the compliance burden. The reasonable pricing point helps us stay within budget while working toward SOC2 compliance. The onboarding process with workshops and sessions made it easy to start using the platform.
Transforms Compliance with Seamless Automation
What do you like best about the product?
I really appreciate how Drata transforms compliance from a stressful, manual process into a seamless, automated system that runs in the background, keeping me continuously audit-ready without slowing down my business. I find it most powerful when paired with other tools in our compliance and security stack due to its wide integration, eliminating the need to manually bridge gaps. I also find the initial setup straightforward thanks to its guided onboarding and Quick Start process.
What do you dislike about the product?
The main areas where Drata could improve are around customization, integration depth, and cost. I love its automation but often find limitations when workflows get complex.
What problems is the product solving and how is that benefiting you?
Drata solves compliance issues by automating evidence collection, continuous monitoring, and policy management. It replaces manual, error-prone processes, keeping me audit-ready without slowing down my business.
showing 1 - 10