External reviews
1,123 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Comprehensive Compliance Tools with Real-Time Monitoring
What do you like best about the product?
Drata has so many tools to help with policy creation and real-time compliance monitoring. It's more that just a GRC tool, it provides live data when policy, process, and assets fall out of compliance so you can quickly reign them back in.
What do you dislike about the product?
There have been issues with rolling out new features. Support responsiveness has slowed lately, especially after the introduction of the chatbot.
What problems is the product solving and how is that benefiting you?
We are able to monitor all aspects of our internal and cloud infrastructure to ensure our employees are applying what we state in our internal policy. They also keep us up to date on any new changes to the frameworks we implement.
Simplifies SOC 2 Compliance with Ease
What do you like best about the product?
I like that Drata is easy to use and has great customer service. The evidence library is the feature we use the most, as it plays a big part in our SOC 2 compliance efforts, and it integrates with other features well. Drata itself was very easy to set up and continues to be easy to use, even though there was a learning curve because we were new to SOC 2 compliance.
What do you dislike about the product?
It seems that the automated testing is what gives us the most problems. At least once a year, there's kind of a significant problem with the automated testing that requires interaction with their support team.
What problems is the product solving and how is that benefiting you?
I use Drata to navigate the complexities of SOC 2 compliance, like implementing controls, creating policies, doing automated testing, and managing risks.
Streamlined PCI Management with Intuitive Ease
What do you like best about the product?
Drata has been incredibly easy to use—simple, intuitive, and very well designed. Their support has been outstanding. We were paired with an onboarding specialist who stayed with us for nine months during our first year and guided us all the way through completing our audit. Setting up Drata was straightforward, and the automated monitoring features worked well with just a bit of tuning for our environment. The workflows make it easy to manage controls, maneuver through the platform, and upload evidence. Overall, Drata has helped us stay extremely organized and efficient with our PCI compliance program.
What do you dislike about the product?
One area that could be improved is the level of detail provided within the control environment. Drata goes one or two layers deep, but for more complex compliance programs, it would be helpful if the platform went further into the nitty-gritty details. Another area is around certain automated monitoring features that rely on specific applications. Expanding support to a broader range of third-party tools would make the monitoring even more flexible and effective.
What problems is the product solving and how is that benefiting you?
Drata helps us manage the entire PCI process end to end. It keeps us organized operationally, from daily compliance tasks all the way through the audit cycle. The platform centralizes everything we need, streamlines evidence collection, and makes the audit process significantly more efficient. Overall, Drata removes a lot of manual effort and gives us structure and visibility, which saves time and reduces audit stress.
Outstanding Experience with This Software
What do you like best about the product?
Tracking and monitoring the controls and requirements to accomplish the targeted frameworks
What do you dislike about the product?
It takes some time to see the changes reflected in the application
What problems is the product solving and how is that benefiting you?
Tracking and monitoring the controls and requirements to accomplish the targeted frameworks
Automation and pre-filling that save time
What do you like best about the product?
Automation and pre-filling of controls.
What do you dislike about the product?
The price of frameworks.
I would prefer an access price to the platform, with all frameworks allowed.
I would prefer an access price to the platform, with all frameworks allowed.
What problems is the product solving and how is that benefiting you?
Pass the certifications efficiently, allowing for simplified tracking.
Outstanding for Security Compliance and Evidence Collection
What do you like best about the product?
Evidence collection and ability to ensure 100% security awareness compliance with personnel.
What do you dislike about the product?
Ability to contact a real person for best practices and quick implementation.
What problems is the product solving and how is that benefiting you?
Having everything in one place for the auditor, that helps me a lot.
Digitizes Compliance, Easy Setup, But Pricey Globally
What do you like best about the product?
I love how Drata has transformed the way I handle compliance by digitizing everything, eliminating the hassle of maintaining spreadsheets. The detailed and descriptive nature of Drata is incredibly helpful; it's well-labeled and grouped, which simplifies the setup process and makes it easier to ensure compliance. The initial setup was very easy, and I appreciate how it integrates seamlessly with other tools I use, such as Jumpcloud, AWS, GitHub, and Jira. The comprehensive nature of Drata makes my compliance tasks more manageable and efficient, offering a user-friendly experience that truly stands out.
What do you dislike about the product?
The cost of using Drata is a concern for me. While the cost might be justified, the annual fee of $30,000 may not be affordable in countries other than the US.
What problems is the product solving and how is that benefiting you?
I use Drata to digitize compliance processes, eliminating the hassle of spreadsheets. Its detailed and organized nature simplifies setup and compliance opt-ins.
Convenient Training and Compliance Management
What do you like best about the product?
I primarily use Drata for training, which is extremely convenient for me. I really appreciate how it helps me stay on top of compliance, especially given how busy we are. The setup process was straightforward and easy when I initially installed it, which was a pleasant surprise. Additionally, Drata appears to effectively manage important functions like antivirus and hard drive encryption, which adds to its value. Overall, it operates better than I had initially expected, and I'm quite satisfied with its performance, as reflected in my high likelihood of recommending it to others.
What do you dislike about the product?
Nothing comes to mind right now. I've only been using it for about a year.
What problems is the product solving and how is that benefiting you?
I use Drata for managing compliance training, which helps me stay on top of requirements and is convenient for my busy schedule.
Audit-Ready Dashboard and Automation Save Us Time
What do you like best about the product?
It's always audit-ready: I can literally look at the dashboard and see our real-time compliance status for SOC 2 or ISO 27001. If a control fails, I get an alert immediately, not six months later during a review.
Massive time savings: It has seriously automated 90% of the manual evidence collection. I no longer spend days or weeks before an audit compiling screenshots and documentation.
The Audit Hub is a game-changer: When the auditor shows up, everything they need is centralized in one place. Communication and evidence requests are streamlined, which makes the entire audit process so much smoother and faster.
Massive time savings: It has seriously automated 90% of the manual evidence collection. I no longer spend days or weeks before an audit compiling screenshots and documentation.
The Audit Hub is a game-changer: When the auditor shows up, everything they need is centralized in one place. Communication and evidence requests are streamlined, which makes the entire audit process so much smoother and faster.
What do you dislike about the product?
Limited Niche Integrations: We use a few niche tools, and Drata either doesn't have an integration for them or the pre-built connection is very limited in the evidence it can pull. This forces us back to the manual process for those specific controls, which defeats the whole purpose of the automation.
Lack of Flexibility in Control Mapping: For standard frameworks (like SOC 2), it's great. But if your organization has unique workflows, internal policies, or needs a less common framework, customizing or mapping your controls to fit those needs can be rigid and challenging. It can feel like it's a "my way or the highway" platform.
Lack of Flexibility in Control Mapping: For standard frameworks (like SOC 2), it's great. But if your organization has unique workflows, internal policies, or needs a less common framework, customizing or mapping your controls to fit those needs can be rigid and challenging. It can feel like it's a "my way or the highway" platform.
What problems is the product solving and how is that benefiting you?
The problem Drata solves is a huge one: It replaces the manual, fragmented, and panic-driven traditional approach to compliance (GRC) with a continuous, automated, and proactive system.
Before Drata, preparing for an audit (like SOC 2 or ISO 27001) was a company-wide crisis. It involved:
Manual Evidence Collection: Running reports from our cloud provider, HR system, ticketing system, and endpoint management tool.
Point-in-Time Compliance: Knowing we were compliant only on the day we pulled the evidence. As soon as a setting was changed, we were blind again.
Human Error and High Effort: Endless spreadsheets, copy-pasting, and chasing people for screenshots—all time that my security and engineering teams could have spent on actual security work
Before Drata, preparing for an audit (like SOC 2 or ISO 27001) was a company-wide crisis. It involved:
Manual Evidence Collection: Running reports from our cloud provider, HR system, ticketing system, and endpoint management tool.
Point-in-Time Compliance: Knowing we were compliant only on the day we pulled the evidence. As soon as a setting was changed, we were blind again.
Human Error and High Effort: Endless spreadsheets, copy-pasting, and chasing people for screenshots—all time that my security and engineering teams could have spent on actual security work
From Manual Work to Automation: Why We Love Drata
What do you like best about the product?
The most valuable feature for us is the continuous monitoring and real-time alerts, which provide reassurance that our controls are consistently effective. Drata also simplifies evidence collection and audit preparation, helping us save time and reduce the risk of errors. As a result, we are able to maintain compliance proactively and dedicate more attention to strategic security improvements instead of getting bogged down by administrative work.
In terms of usability, the platform is highly intuitive and user-friendly, making it easy for even new team members to navigate and complete tasks. The implementation process was smooth and quick, thanks to clear instructions and minimal disruption to our existing workflows. Drata’s integration with our current tools and systems is seamless, which cuts down on manual work and keeps our data consistent across platforms. The customer support team is always responsive, knowledgeable, and eager to help, which greatly enhances our overall experience. We rely on Drata daily for monitoring and compliance activities, and it has become an essential part of our security operations.
In terms of usability, the platform is highly intuitive and user-friendly, making it easy for even new team members to navigate and complete tasks. The implementation process was smooth and quick, thanks to clear instructions and minimal disruption to our existing workflows. Drata’s integration with our current tools and systems is seamless, which cuts down on manual work and keeps our data consistent across platforms. The customer support team is always responsive, knowledgeable, and eager to help, which greatly enhances our overall experience. We rely on Drata daily for monitoring and compliance activities, and it has become an essential part of our security operations.
What do you dislike about the product?
It would be great to have more available integrations, for example with popular observability tools such as Grafana.
What problems is the product solving and how is that benefiting you?
Drata has been instrumental in removing the complexity and manual work typically associated with maintaining compliance. By automating evidence collection, continuous monitoring, and control verification, it greatly reduces the time needed for audit preparation and helps minimize the risk of human error. This shift enables our team to dedicate more attention to strategic security initiatives rather than getting bogged down by repetitive administrative duties. Furthermore, Drata offers real-time insight into our compliance status, allowing us to proactively identify and address any gaps, which helps us maintain trust with both customers and partners.
showing 11 - 20