External reviews
1,160 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Huge Time-Saver: Smart Control Mapping, Helpful Onboarding, and an Intuitive UI
What do you like best about the product?
The best feature Drata has is the mapping of recurring requirements of different frameworks/standards to generic Drata Controls. What this means is that if multiple of your frameworks require pretty much the same thing, you only have one Drata control you need to comply with to satisfy all the requirements of your frameworks. This also means only one place to store evidence, add policies, do tasks, etc. This is tremendous time-saver compared to other GRC tools.
Another great feature is the onboarding service they offer. Every subscription has a number of hours attached that you can use to call in GRC-specialists to help you set up something, or just ask questions. You don't have to struggle to get Drata up and running, but can lean on their expertise.
The AI policy builder they have works quite well. It starts you off with a template for whatever policy you selected, but it can also analyse something you made yourself to see if it adheres with the requirements of the Drata controls. It also makes suggestions for what is missing. It isn't always foolproof, so you do need to review the suggestions yourself, but it is a good tool to pinpoint where you are lacking.
Connections are important to get your compliance evidence in Drata in an automated way, and it is adequate. There are many out-of-the-box intergrations, but frankly some of them are missing automated evidence collection. As an example, we integrated our password manager using the built-in Drata connection, and it was easy to set up and gather our list of users. However, it didn't get data to show that our security-related settings were configured properly. We ended up having to use a custom integration.
Lastly some praise for the UI. It is clean, easy to navigate and most importantly, is intuitive. If I want to see my Risk Register, you just navigate to "Risks".
Another great feature is the onboarding service they offer. Every subscription has a number of hours attached that you can use to call in GRC-specialists to help you set up something, or just ask questions. You don't have to struggle to get Drata up and running, but can lean on their expertise.
The AI policy builder they have works quite well. It starts you off with a template for whatever policy you selected, but it can also analyse something you made yourself to see if it adheres with the requirements of the Drata controls. It also makes suggestions for what is missing. It isn't always foolproof, so you do need to review the suggestions yourself, but it is a good tool to pinpoint where you are lacking.
Connections are important to get your compliance evidence in Drata in an automated way, and it is adequate. There are many out-of-the-box intergrations, but frankly some of them are missing automated evidence collection. As an example, we integrated our password manager using the built-in Drata connection, and it was easy to set up and gather our list of users. However, it didn't get data to show that our security-related settings were configured properly. We ended up having to use a custom integration.
Lastly some praise for the UI. It is clean, easy to navigate and most importantly, is intuitive. If I want to see my Risk Register, you just navigate to "Risks".
What do you dislike about the product?
As a premium offering, the only real barrier to entry is the price. It isn't the most expensive GRC tool I have seen, but it is up there. This can be compounded if you need alot of extras (more frameworks, etc.).
Our experiences with customer support have also been mixed. Some responded very quickly and accurately, while other times the response was too vague to actually answer our question.
Our experiences with customer support have also been mixed. Some responded very quickly and accurately, while other times the response was too vague to actually answer our question.
What problems is the product solving and how is that benefiting you?
Our company prides itself on (cybersecurity) compliance, and in the course of several years we have achieved quite a number of certifications to international standards. When the company was smaller, it was feasible to, by hand, maintain our spreadsheets, documents and make screenshots of relevant information needed to pass our audits.
Some time later we saw the added value of a GRC system, but weren't ready to commit to something with a larger price tag, so we started working with a small local SaaS offering. It definately helped give us a better overview of our entire compliance landscape, but frankly it didn't save us alot of time, because everything still had to be done by hand. I estimate that I spent roughly 30% of my hours maintaining and updating our GRC system. This manual work was time-intensive and error-prone, so that was the moment we decided to invest in a established GRC solution.
We now use Drata as our single source of truth when it comes to businness compliance, and the main benefit is the time saved. No more manual labor to get the right evidence from the right person, it is all automated and sent to the platform.
Some time later we saw the added value of a GRC system, but weren't ready to commit to something with a larger price tag, so we started working with a small local SaaS offering. It definately helped give us a better overview of our entire compliance landscape, but frankly it didn't save us alot of time, because everything still had to be done by hand. I estimate that I spent roughly 30% of my hours maintaining and updating our GRC system. This manual work was time-intensive and error-prone, so that was the moment we decided to invest in a established GRC solution.
We now use Drata as our single source of truth when it comes to businness compliance, and the main benefit is the time saved. No more manual labor to get the right evidence from the right person, it is all automated and sent to the platform.
Comprehensive Alerts and Excellent Support—Key to Passing Our SOC 2 Audit
What do you like best about the product?
Comprehensive alerts on tasks and status pf controls. Could not have passed SOC2 audit without Drata. Initial onboarding was difficult as the platform is not intuitive, especially for folks new to the CRG arena. Good documention but not easy to formulate searches as a newbie.
What do you dislike about the product?
Usage is not intuitive, UI is OK
Support is excellent
Support is excellent
What problems is the product solving and how is that benefiting you?
Prior to utilizing the platform we had not idea as to the work necessary to become SOC2 certified.
It took a while to understand the the template policies were just that, templates. I suggest an onboarding specialist work with folks new to the platform in designing a customized workflow and how policies, controls and evidence relate to each other.
There is a plethora of documentation which is pretty good
It took a while to understand the the template policies were just that, templates. I suggest an onboarding specialist work with folks new to the platform in designing a customized workflow and how policies, controls and evidence relate to each other.
There is a plethora of documentation which is pretty good
Automates SOC 2 & ISO 27001 Compliance with Real-Time Monitoring and Clear Dashboards
What do you like best about the product?
how it automates compliance tasks like SOC 2 and ISO 27001, saving a lot of manual effort.
It also gives real-time monitoring and clear dashboards, making audits much faster and less stressful.
It also gives real-time monitoring and clear dashboards, making audits much faster and less stressful.
What do you dislike about the product?
it can feel expensive, especially for small teams or startups.
Also, initial setup and integrations can be a bit complex and time-consuming if your systems aren’t already well organized.
Also, initial setup and integrations can be a bit complex and time-consuming if your systems aren’t already well organized.
What problems is the product solving and how is that benefiting you?
solves the problem of manual, time-consuming compliance work by automating evidence collection, monitoring controls, and audit preparation.
This benefits me by saving a lot of time, reducing human errors, and helping achieve certifications like SOC 2 much faster with less stress.
This benefits me by saving a lot of time, reducing human errors, and helping achieve certifications like SOC 2 much faster with less stress.
Drata is the gold-standard for compliance management with steadily improving AI functionality
What do you like best about the product?
Their monitoring dashboard is fantastic for identifying monitoring and compliance gaps, and their policy creation module is a game-changer for getting company policies created or updated.
What do you dislike about the product?
The way test failures are presented in the pure JSON test output can sometimes make it take an unnecessarily long time to figure out which resource is causing a compliance error. The AI-generated output for these failures has improved, but they could still benefit from better JSON parsing so that, even when the raw output is shown, the user only sees the failures.
What problems is the product solving and how is that benefiting you?
Drata makes managing certification testing and policy creation ridiculously easy. We used it to track the myriad of items necessary for a SOC-2 Type 2 audit, and it saved our company literally months of time and alot of money on contract workers.
Recommendations to others considering the product:
Make sure the infrastructure that will be evaluated by Drata is as up-to-date as possible, and provide a clear internal champion within the company to handle all Drata coordination and data entry.
Structured ISMS and ICS support with strong risk and vendor management
What do you like best about the product?
Structured support in the development of an ISMS and ICS, good risk and vendor management.
What do you dislike about the product?
Not all areas create documented information, so you are not 100% compliant with ISO27001.
What problems is the product solving and how is that benefiting you?
Creating a good ISMS structure, Drata supports enormously here!
Strong Framework Structure and Seamless Connections
What do you like best about the product?
Framework structure and connections with different sources for tests.
What do you dislike about the product?
Generic policy templates. Not many connectors available in comparison with other tools.
What problems is the product solving and how is that benefiting you?
Compliance roadmap. Fast deployment. Governance, audit readiness and view from customers.
Drata Keeps Us Continuously Audit-Ready with Hands-Off Evidence Collection
What do you like best about the product?
What I like about Drata is how it transforms compliance from a manual, point-in-time effort into a continuous, automated process. Its integrations with tools like cloud providers and identity systems make evidence collection largely hands-off. The dashboard is clear and accessible, giving both technical and non-technical stakeholders quick insight into compliance status. Overall, Drata makes it much easier to stay audit-ready without the usual operational burden, and it scales well as organizations grow.
What do you dislike about the product?
What I dislike about Drata is that the initial setup and configuration can be time-consuming and sometimes confusing, especially when mapping controls across multiple frameworks.The platform can also generate a high volume of alerts or tasks, which may create noise if not carefully tuned.
What problems is the product solving and how is that benefiting you?
Drata solves the problem of time-consuming, manual compliance processes by automating evidence collection, control monitoring, and audit preparation. Instead of scrambling to gather documentation at audit time, it keeps everything continuously up to date, which reduces stress and minimizes the risk of missing requirements. This benefits me by saving significant time, improving accuracy, and providing real-time visibility into our compliance posture. It also makes it easier to stay audit-ready year-round and focus more on higher-value work rather than repetitive administrative tasks.
DRATA’s Easy Interface and Rapid Updates with Lots of Features
What do you like best about the product?
The Interface and ease of use are two key things for me within DRATA along with the loads of features that are available. However, there is another aspect to it, which is the upgrades that are moved to the platform are quite quick and to the business needs.
What do you dislike about the product?
having access to more frameworks could be an option. limitation of connection that can be created if there are more than 2 apps used under same category.
What problems is the product solving and how is that benefiting you?
GRC and automation around it.
Clean, Intuitive, and Packed with the Key Features We Need
What do you like best about the product?
It's easy to use - clean, well-structured, and intuitive. It has all the key features we need without a lot of unnecessary junk to get in the way.
What do you dislike about the product?
I have few complaints about Drata. I do yearn to use it more heavily for our audit management needs, as well as expediting our security questionnaire processes. However, I see this as my own limitations in capacity to invest in understanding and building out those modules to make better use of the components that are already available.
What problems is the product solving and how is that benefiting you?
Drata manages the majority of our GRC needs. It supports tracking vendor records, policies, and audit-related processes.
Recommendations to others considering the product:
Think in terms of your user workflows and how those people will perform their jobs on a day-to-day basis. For me, the usability is a huge selling point, on top of having the full suite of necessary components (policy management, continuous monitoring, risk assessments, etc.)
Drata Streamlined Our Policy and Vendor Management for Audit Readiness
What do you like best about the product?
We’ve had an incredibly positive experience with Drata. Implementing their platform has been a game-changer for our organization, especially when it comes to getting our policies, procedures, and vendor management processes structured and audit-ready.
Before Drata, many of our compliance-related documents lived in different places, and maintaining consistency across policies was time-consuming. Drata gave us a centralized, intuitive system to build, organize, and maintain our policies and procedures. The pre-built templates and automated reminders helped ensure nothing fell through the cracks, and version control made updates seamless. What used to take weeks of coordination is now streamlined into a clear, trackable workflow.
Vendor management has also improved dramatically. Drata’s vendor tracking and risk management features give us a single source of truth for all third-party relationships. We can easily monitor due diligence documentation, review timelines, and risk classifications without relying on scattered spreadsheets. This has not only strengthened our compliance posture but also given leadership better visibility into vendor risk.
Before Drata, many of our compliance-related documents lived in different places, and maintaining consistency across policies was time-consuming. Drata gave us a centralized, intuitive system to build, organize, and maintain our policies and procedures. The pre-built templates and automated reminders helped ensure nothing fell through the cracks, and version control made updates seamless. What used to take weeks of coordination is now streamlined into a clear, trackable workflow.
Vendor management has also improved dramatically. Drata’s vendor tracking and risk management features give us a single source of truth for all third-party relationships. We can easily monitor due diligence documentation, review timelines, and risk classifications without relying on scattered spreadsheets. This has not only strengthened our compliance posture but also given leadership better visibility into vendor risk.
What do you dislike about the product?
Overall, our experience with Drata has been very positive, particularly around vendor management, and policy management. However, one area where we’ve felt some limitations is client management.
What problems is the product solving and how is that benefiting you?
On the policy and procedure side, Drata provides a centralized, structured system that makes it easy to create, organize, update, and track documentation. The built-in templates and automated workflows ensure that policies are not only well-documented but also consistently reviewed and acknowledged by the appropriate team members. Instead of chasing approvals or wondering whether a policy is current, we now have clear visibility into ownership, version control, and review cycles.
When it comes to vendor management, Drata gives us a single source of truth for all third-party relationships. We can track due diligence documentation, risk assessments, contract renewals, and ongoing monitoring requirements in one place. Automated reminders and continuous monitoring help ensure that no vendor falls through the cracks, significantly reducing risk and manual administrative effort.
When it comes to vendor management, Drata gives us a single source of truth for all third-party relationships. We can track due diligence documentation, risk assessments, contract renewals, and ongoing monitoring requirements in one place. Automated reminders and continuous monitoring help ensure that no vendor falls through the cracks, significantly reducing risk and manual administrative effort.
showing 1 - 10