External reviews
1,160 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Huge Time-Saver: Smart Control Mapping, Helpful Onboarding, and an Intuitive UI
What do you like best about the product?
The best feature Drata has is the mapping of recurring requirements of different frameworks/standards to generic Drata Controls. What this means is that if multiple of your frameworks require pretty much the same thing, you only have one Drata control you need to comply with to satisfy all the requirements of your frameworks. This also means only one place to store evidence, add policies, do tasks, etc. This is tremendous time-saver compared to other GRC tools.
Another great feature is the onboarding service they offer. Every subscription has a number of hours attached that you can use to call in GRC-specialists to help you set up something, or just ask questions. You don't have to struggle to get Drata up and running, but can lean on their expertise.
The AI policy builder they have works quite well. It starts you off with a template for whatever policy you selected, but it can also analyse something you made yourself to see if it adheres with the requirements of the Drata controls. It also makes suggestions for what is missing. It isn't always foolproof, so you do need to review the suggestions yourself, but it is a good tool to pinpoint where you are lacking.
Connections are important to get your compliance evidence in Drata in an automated way, and it is adequate. There are many out-of-the-box intergrations, but frankly some of them are missing automated evidence collection. As an example, we integrated our password manager using the built-in Drata connection, and it was easy to set up and gather our list of users. However, it didn't get data to show that our security-related settings were configured properly. We ended up having to use a custom integration.
Lastly some praise for the UI. It is clean, easy to navigate and most importantly, is intuitive. If I want to see my Risk Register, you just navigate to "Risks".
Another great feature is the onboarding service they offer. Every subscription has a number of hours attached that you can use to call in GRC-specialists to help you set up something, or just ask questions. You don't have to struggle to get Drata up and running, but can lean on their expertise.
The AI policy builder they have works quite well. It starts you off with a template for whatever policy you selected, but it can also analyse something you made yourself to see if it adheres with the requirements of the Drata controls. It also makes suggestions for what is missing. It isn't always foolproof, so you do need to review the suggestions yourself, but it is a good tool to pinpoint where you are lacking.
Connections are important to get your compliance evidence in Drata in an automated way, and it is adequate. There are many out-of-the-box intergrations, but frankly some of them are missing automated evidence collection. As an example, we integrated our password manager using the built-in Drata connection, and it was easy to set up and gather our list of users. However, it didn't get data to show that our security-related settings were configured properly. We ended up having to use a custom integration.
Lastly some praise for the UI. It is clean, easy to navigate and most importantly, is intuitive. If I want to see my Risk Register, you just navigate to "Risks".
What do you dislike about the product?
As a premium offering, the only real barrier to entry is the price. It isn't the most expensive GRC tool I have seen, but it is up there. This can be compounded if you need alot of extras (more frameworks, etc.).
Our experiences with customer support have also been mixed. Some responded very quickly and accurately, while other times the response was too vague to actually answer our question.
Our experiences with customer support have also been mixed. Some responded very quickly and accurately, while other times the response was too vague to actually answer our question.
What problems is the product solving and how is that benefiting you?
Our company prides itself on (cybersecurity) compliance, and in the course of several years we have achieved quite a number of certifications to international standards. When the company was smaller, it was feasible to, by hand, maintain our spreadsheets, documents and make screenshots of relevant information needed to pass our audits.
Some time later we saw the added value of a GRC system, but weren't ready to commit to something with a larger price tag, so we started working with a small local SaaS offering. It definately helped give us a better overview of our entire compliance landscape, but frankly it didn't save us alot of time, because everything still had to be done by hand. I estimate that I spent roughly 30% of my hours maintaining and updating our GRC system. This manual work was time-intensive and error-prone, so that was the moment we decided to invest in a established GRC solution.
We now use Drata as our single source of truth when it comes to businness compliance, and the main benefit is the time saved. No more manual labor to get the right evidence from the right person, it is all automated and sent to the platform.
Some time later we saw the added value of a GRC system, but weren't ready to commit to something with a larger price tag, so we started working with a small local SaaS offering. It definately helped give us a better overview of our entire compliance landscape, but frankly it didn't save us alot of time, because everything still had to be done by hand. I estimate that I spent roughly 30% of my hours maintaining and updating our GRC system. This manual work was time-intensive and error-prone, so that was the moment we decided to invest in a established GRC solution.
We now use Drata as our single source of truth when it comes to businness compliance, and the main benefit is the time saved. No more manual labor to get the right evidence from the right person, it is all automated and sent to the platform.
Comprehensive Alerts and Excellent Support—Key to Passing Our SOC 2 Audit
What do you like best about the product?
Comprehensive alerts on tasks and status pf controls. Could not have passed SOC2 audit without Drata. Initial onboarding was difficult as the platform is not intuitive, especially for folks new to the CRG arena. Good documention but not easy to formulate searches as a newbie.
What do you dislike about the product?
Usage is not intuitive, UI is OK
Support is excellent
Support is excellent
What problems is the product solving and how is that benefiting you?
Prior to utilizing the platform we had not idea as to the work necessary to become SOC2 certified.
It took a while to understand the the template policies were just that, templates. I suggest an onboarding specialist work with folks new to the platform in designing a customized workflow and how policies, controls and evidence relate to each other.
There is a plethora of documentation which is pretty good
It took a while to understand the the template policies were just that, templates. I suggest an onboarding specialist work with folks new to the platform in designing a customized workflow and how policies, controls and evidence relate to each other.
There is a plethora of documentation which is pretty good
Easy-to-Use Interface That Simplifies Ecosystem Configuration
What do you like best about the product?
The easiness of the interface, and how everything is align so you can configure you entire ecosystem with such ease
What do you dislike about the product?
That the inventory section could make some improvements so i can track hardware on real time
What problems is the product solving and how is that benefiting you?
Is a platform that allows you to certify on any standard that you desire for your company (HIPPA, SOC, ISO 27001, etc)
Slick, Easy-to-Use Experience Across Mac App and Web
What do you like best about the product?
Drata is easy to use, and the user experience is pretty slick in terms of the downloaded app for Mac and the web browser version as well
What do you dislike about the product?
What I didn't like about Rata sometimes the multi factor authentication email doesn't arrive on time. That's really frustrating because you keep on waiting.
What problems is the product solving and how is that benefiting you?
It is helping me stay compliant as far as security is concerned
Automates SOC 2 & ISO 27001 Compliance with Real-Time Monitoring and Clear Dashboards
What do you like best about the product?
how it automates compliance tasks like SOC 2 and ISO 27001, saving a lot of manual effort.
It also gives real-time monitoring and clear dashboards, making audits much faster and less stressful.
It also gives real-time monitoring and clear dashboards, making audits much faster and less stressful.
What do you dislike about the product?
it can feel expensive, especially for small teams or startups.
Also, initial setup and integrations can be a bit complex and time-consuming if your systems aren’t already well organized.
Also, initial setup and integrations can be a bit complex and time-consuming if your systems aren’t already well organized.
What problems is the product solving and how is that benefiting you?
solves the problem of manual, time-consuming compliance work by automating evidence collection, monitoring controls, and audit preparation.
This benefits me by saving a lot of time, reducing human errors, and helping achieve certifications like SOC 2 much faster with less stress.
This benefits me by saving a lot of time, reducing human errors, and helping achieve certifications like SOC 2 much faster with less stress.
Drata is the gold-standard for compliance management with steadily improving AI functionality
What do you like best about the product?
Their monitoring dashboard is fantastic for identifying monitoring and compliance gaps, and their policy creation module is a game-changer for getting company policies created or updated.
What do you dislike about the product?
The way test failures are presented in the pure JSON test output can sometimes make it take an unnecessarily long time to figure out which resource is causing a compliance error. The AI-generated output for these failures has improved, but they could still benefit from better JSON parsing so that, even when the raw output is shown, the user only sees the failures.
What problems is the product solving and how is that benefiting you?
Drata makes managing certification testing and policy creation ridiculously easy. We used it to track the myriad of items necessary for a SOC-2 Type 2 audit, and it saved our company literally months of time and alot of money on contract workers.
Recommendations to others considering the product:
Make sure the infrastructure that will be evaluated by Drata is as up-to-date as possible, and provide a clear internal champion within the company to handle all Drata coordination and data entry.
Decent SOC 2 Tracking, but would prefer more advanced capabilities for the price
What do you like best about the product?
It’s a decent tool for tracking SOC 2 compliance rules and controls. It also integrates with our HRIS, which helps keep things connected and easier to manage.
What do you dislike about the product?
The “tests” for various controls aren’t very intuitive, and at times they feel more arbitrary than helpful. Pricing also seems high relative to the platform’s actual capabilities. During onboarding, the reliability of the tool was oversold, which made it harder to gauge how deep we needed to go with our controls and any supplemental tracking tools. I would have preferred clearer, more practical guidance throughout.
What problems is the product solving and how is that benefiting you?
SOC 2 security and compliance.
Broken UI/UX and Unexplained Platform Changes
What do you like best about the product?
The recent improvement in vendor management and risk management module and the addition of evidence library,
What do you dislike about the product?
The UI, UX is very broken, everytime you exit a page you will end up in an unintuitive place. Integrations are still limited compared to other products. So many unexpected things happen in the platform, data and settings changes, without the customer service providing the proper explanation.
What problems is the product solving and how is that benefiting you?
Compliance.
Structured ISMS and ICS support with strong risk and vendor management
What do you like best about the product?
Structured support in the development of an ISMS and ICS, good risk and vendor management.
What do you dislike about the product?
Not all areas create documented information, so you are not 100% compliant with ISO27001.
What problems is the product solving and how is that benefiting you?
Creating a good ISMS structure, Drata supports enormously here!
Automated Compliance Made Easy, But Needs User Management Improvements
What do you like best about the product?
I find Drata easy to track my compliance status, and it helps me identify compliance gaps. I also appreciate the automated monitoring that integrates with my existing tools, making real-time tracking possible. Setting up Drata was easy, which was a definite plus for me.
What do you dislike about the product?
The user review process is a bit tedious as it does not allow you to remove offboarded users directly from products. Right now, we do not have a way to exclude users directly in integrations, so you have to manually exclude them on each review which is a tedious process.
What problems is the product solving and how is that benefiting you?
I use Drata for SOC 2 compliance, making compliance effortless with automated monitoring. It's easy to track my compliance status and identify gaps in real-time.
showing 1 - 10