I work with Drata on compliance and audit processes.
External reviews
1,089 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Helps eliminate evidence gathering and makes assigning different activities easier, simplifying compliance and audit processes
What is our primary use case?
What is most valuable?
Drata helps eliminate evidence gathering and makes assigning different activities to different team members easier, simplifying compliance and audit processes. In Pennsylvania, we're putting in thousands of hours. Drata improves our security posture by reducing extra work, allowing us to focus on other security directives. I like the control editing and task management features the most. It's easy to use, but it's also easy for people to think they don't need security experts if they have it.
What needs improvement?
In terms of improvements, I'd suggest better marketing since the industry tends to market these tools as security experts, which isn't true.
For how long have I used the solution?
I have been using Drata for the past eight months.
What do I think about the stability of the solution?
I've had no issues with stability.
What do I think about the scalability of the solution?
Drata is very scalable and suitable for larger organizations due to the ability to assign tasks to different business lines. We have around twenty users across various companies, and I still use other tools.
How are customer service and support?
The technical support team is good, though I haven't used them much.
How was the initial setup?
The initial setup is pretty straightforward.
What's my experience with pricing, setup cost, and licensing?
It's one of the more expensive options, but I think it's worth the money if you can afford it.
What other advice do I have?
I'd rate Drata an eight out of ten because there's always room for improvement. We've seen value and impact from this tool, and I would recommend it to others. My advice would be to have a set project plan for implementation and to get help from a security expert if you don't have one in-house.
Achieves both SOC 2 and ISO 27001 compliance with improved security posture
What is our primary use case?
We use the solution to achieve both SOC 2 and ISO 27001 compliance.
How has it helped my organization?
Drata improved our security posture by ensuring that all our laptops were encrypted and all our production environments were validated with MFA access. We tracked all our Jira tickets to ensure timely remediation. Going through SOC 2 compliance, we still had to perform other tasks like external pen testing, which we achieved, and document it. We also developed tabletop exercises, which were conducted annually, and performed disaster recovery testing on the database. All this was tracked in Drata in real-time, allowing us to quickly identify and address issues, such as TLS encryption problems.
Drata helped us publish our ISO and SOC reports, which was essential for the acquisition. The challenge now is whether Drata can scale up to meet the needs of a larger company. Drata is excellent for startups and small—to medium-sized companies but may face challenges in larger organizations with multiple environments.
What needs improvement?
One of the challenges with Drata is that if you're paying for a subscription to ISO 27001, you must undergo a risk assessment. You should have access to all necessary modules on the platform to achieve your compliance posture and certification.
It provides real-time reporting regarding SOC 2 or ISO compliance. The auditors issue the reports. Therefore, if the auditors make a recommendation, such as configuring our alert system internally based on their advice, we implement it. Drata must also address its bugs to improve things for the auditors.
For how long have I used the solution?
I have been using Drata for one and a half years.
What do I think about the stability of the solution?
After the acquisition, we're still integrating Drata into our environment. The challenges of this integration with the new regime are more significant than anticipated. One issue is stability; when Drata releases updates, we notice some bugs, especially those affecting Mac users. While Drata seems well-suited for smaller startups and mid-sized companies, larger enterprises may encounter more hurdles. Such platforms must remain robust despite occasional integration issues, as updates are necessary for continuous improvement.
I rate the solution's stability a nine out of ten.
What do I think about the scalability of the solution?
These platforms provide real-time reporting. For example, if a control fails, such as requiring all users to log in with unique passwords, I receive an alert. If a user hasn't logged in, the system flags it. Drata helps streamline this process. When a new employee starts, I meet with them to configure their laptop with Drata and show them where the training is. Drata's real-time monitoring is beneficial.
Drata is particularly effective for smaller companies, where communication is easier, and departments are not siloed like in larger organizations. This makes Drata a good platform for startups to complete their audit reporting and demonstrate their legitimacy. Companies can use this to attract private equity, go IPO, or secure more funding from investors.
Ultimately, companies reach a certain level of corporate maturity where they recognize the value of these investments. Real-time reporting and monitoring with Drata pay off by highlighting smaller issues early on, which benefits the company's overall operation and growth.
How are customer service and support?
Drata also made certain promises regarding specific features but did not deliver.
How would you rate customer service and support?
Neutral
Which other solutions did I evaluate?
I've had other demos and due diligence meetings with various vendors, some at the same level as Drata. The challenge becomes whether the bigger company wants to spend the higher cost. It becomes a negotiation between price and service.
What other advice do I have?
Drata has excellent integrations and allows for real-time monitoring. Some tasks require manual uploads for screenshot evidence. It can have company policies within the module. This prevents data islands in Dropbox, Google Drive, or other locations. You can tell critical stakeholders, "Alright, we're having a meeting. Here's the draft; let's edit it." Once edited, the owner can press the green button to publish it, automatically sending alerts to the entire company or specific groups.
For example, if the access control policy is updated, everyone must acknowledge the change. You can create groups, like the dev team, to agree to policies like SDLC, change management, or vulnerability management. Any changes are automatically pushed to designated personnel, who must review and approve them. You can track when they've done this in real-time, which is essential for auditors. Everything within the module shows whether personnel have agreed to specific policies.
There are other competitors out there. If you don't prefer Drata, find a similar platform. Many different companies exist because Drata enables you to monitor things in real time, which is crucial for both short-term and long-term goals. Short-term goals include daily or weekly reviews for compliance, while long-term goals aim to achieve SOC 2 and ISO goals.
Overall, I rate the solution an eight out of ten.
Amazing Support and Relationship Management
What do you like best about the product?
Comprehensive: Risk register, vendor management, compliance frameworks, stellar support bot and human support, excellent customer success manager (Mike Mechling).
As we onboarded the team from drata were not just saying that they were committed to us, they were actually committed and made sure we onboarded with significant ease.
As we work with our audit team for SOC and ISO, we did encounter a few elements on the controls to help indicate if something or was not complete.vThese were UX elements and our customer success manager spent the time to document and ingrst that feedback.
We also integrated to our various systems for HR, IT and other systems without much difficulty.
As we onboarded the team from drata were not just saying that they were committed to us, they were actually committed and made sure we onboarded with significant ease.
As we work with our audit team for SOC and ISO, we did encounter a few elements on the controls to help indicate if something or was not complete.vThese were UX elements and our customer success manager spent the time to document and ingrst that feedback.
We also integrated to our various systems for HR, IT and other systems without much difficulty.
What do you dislike about the product?
Its a really good GRC platform. There is nothing to highlight as truly deficient.
What problems is the product solving and how is that benefiting you?
compliance management and reporting
Cashrewards feedback on DRATA and the support we receive
What do you like best about the product?
As a compliance automation platform it is a feature-rich business tool that provides a way to automate a variety of manual checkpoints. We are an ISO 27001 organisation and the ability to set up an environment that closely mirrors what we need is fantastic.
From a support persepctive Greta Wagner has exhibited an unshakable ability to suppoort and help us drive our use of DRATA by ensuring our requirements are being met for various areas of specific functionality. We have been able to get uplifted functionality for the rsik register and risk measurement process introducing both Inherent and Residual risk scoring and tracking, risk obver time and being able to allocate Risks by deparnent/function versus framework specific risk arrays.
Vendor management: while DATA is not a CLM platform it does have many aspects of a CLM solution. Vendor security questionnaires functionality was uplifted to suit our needs.
Open for suggestion and work with you to deliver. Listening, followup, and delivery. Vital to our success.
From a support persepctive Greta Wagner has exhibited an unshakable ability to suppoort and help us drive our use of DRATA by ensuring our requirements are being met for various areas of specific functionality. We have been able to get uplifted functionality for the rsik register and risk measurement process introducing both Inherent and Residual risk scoring and tracking, risk obver time and being able to allocate Risks by deparnent/function versus framework specific risk arrays.
Vendor management: while DATA is not a CLM platform it does have many aspects of a CLM solution. Vendor security questionnaires functionality was uplifted to suit our needs.
Open for suggestion and work with you to deliver. Listening, followup, and delivery. Vital to our success.
What do you dislike about the product?
Dislike is too strong: I would love to see DRATA expand and establish a footprint in Australia. From here you could then focus on our surrounding countries such as New Zealand and Asia, (Malaysia, Indonesia, Thailand, Singapore, Philippines, etc).
Australia is a mature market and would be an ideal place to set up an AP presence.
Australia is a mature market and would be an ideal place to set up an AP presence.
What problems is the product solving and how is that benefiting you?
Currently we are working to get the platform fully implemented. Once complete we can start better understanding the inherent benefits.
Great product, and even greater customer support
What do you like best about the product?
Drata has helped streamline audits, keep us compliant through out the year by monitoring key controls, which saves me time from performing a number of internal audits so I can focus on other projects.
What do you dislike about the product?
I wish Drata had the ability to integrate with JIRA or other ticketing systems.
What problems is the product solving and how is that benefiting you?
Continous control monitoring helps ensure that we are meeting our compliance obligations on an ongoing basis.
Great product with great support
What do you like best about the product?
We are new to compliance documentation and this product makes the project seemless, keeping everything in one place. The ease of use and customer support allowed us to implement quickly and efficiently. Our implementation specialist is always available and very knowledgable.
What do you dislike about the product?
i am currently still learning everything about the product, but one thing i dislike is that some features are additional costs
What problems is the product solving and how is that benefiting you?
We have to provide our customers with documentation of compliance requirements. This product keeps all our documentation and evidence in one place as well as giving us a quick glance at any non-conformaties we need to fix. Drata allows us to keep up with our daily tasks as it provides our customers access so we dont have to take time to answer surveys and provide information to satisfy each client individually.
Streamlining compliance & dynamic support
What do you like best about the product?
Quick customer support, both practical and content-wise.
Policy templates as guidance.
I like the new risk assesment features as well.
Linked controll mapping.
Automated evidence gathering, eg. though Drata agent.
All these feastures help us streamline our compliance, log our progress, involve our teammembers, keep everything organised.
Policy templates as guidance.
I like the new risk assesment features as well.
Linked controll mapping.
Automated evidence gathering, eg. though Drata agent.
All these feastures help us streamline our compliance, log our progress, involve our teammembers, keep everything organised.
What do you dislike about the product?
It obviously takes a learning curve to get intpo the depths of compliance, but Drata relieves that as much as possible.
What problems is the product solving and how is that benefiting you?
Generating trust in our cloud and security complaince towards customers
Superb AI and OnLine Customer Support & Service
What do you like best about the product?
Drata makes the process of preparing for the Compliance Certifications straight-forward. The template process is excellent and allows us to easily customize the tempates to our specific business environment. The best part about Drata is the Customer Service which is on-line and always accessible no matter what time of day I'm working. They have 3 components: 1) A.I. Support, which I'd say meets my needs 60% of the time; 2) Product Support (how to use the software); and Compliance Support (how to understand the details / nuances of compliance). Both are highly accessible and I never wait more than 5 minutes for a response from a Human. Product Support is excellent, while I've come to rely on the Compliance Support greatly. Again, always contact via text with a Human and their service is excellent always guiding your compliance questions in the right direction and don't give up until they know you've understood completely, by offering examples and recommendations often.
What do you dislike about the product?
So far, I cannot give any negatives that I've run into. In my opinion, if the support and service is there when I need it, and my answers are getting adequate replies, I am quite happy with the Drata Product & Services.
What problems is the product solving and how is that benefiting you?
Providing us a templated approach to how we organize to gain SOC-2 Type-2 Compliance. Utilizing the tool and support structure Drata Supplies is greatly helpful.
User-friendly platform enabling GRC automation
What do you like best about the product?
Drata offers an interface that is very intuitive and that reduces the implementation and operation workload. The range of available features matches the scope of a SOC2 or GRC program that a small or medium entreprise typically needs.
What do you dislike about the product?
The audit hub module in Drata requires improvement.
What problems is the product solving and how is that benefiting you?
Centralizes the GRC activities, evidence and collaboration efforts, I also like the various automation functions Drata comes with.
Security Analyst
What do you like best about the product?
Upsides most certainly are making it way more easier for us to stay compliant with numerous frameworks such as SOC 2, GDPR, HIPAA etc. It makes it easy to keep track of all the controls, tests that remind us of failed controls but also tasks that provide a reminder of upcoming taks that will have to be completed.
What do you dislike about the product?
Apart from a few minor issues and bugs that appear on some occasions, not much I can point out. It's been working flawless so far.
What problems is the product solving and how is that benefiting you?
Drata helps us stay compliant with SOC 2.
showing 331 - 340