Drata Reviews & Product Details

One of the things I appreciate about Drata is that things just work. We are still working on implementing more of the features that the platform has to offer, but currently we are making use of the policy center, the trust center, and vendors and all these features work smoothly. The platform has been incredibly helpful for us preparing for our HITRUST audit by mapping the controls to our policies and for providing evidence to our auditor of risk tracking and mitigation.

We like keeping our policies in Confluence, so the integration between Drata and Confluence was seamless to set up and maintain.

Additionally, the regular connect meetings we've gotten to do with Greta and now Rob have been some of the best support that we have gotten since I started with my current company a year ago. Review collected by and hosted on G2.com.

The features I mentioned in the section about what I like are the main ones that I actually use currently. Out of these, there's nothing I dislike. Review collected by and hosted on G2.com.

Drata has been a game changer in our audit preperation process, and the Safebase acquisition promises to simplify our third-party engagment even further. Simply the best platform out there. It's notable not only for its excellent capabilities, but its low-TCO and great ease-of-use. Even the best systems still need support - especially with a new client like Lydonia. We struggled with some unique exclusion requirments for an automated test configuration, and reached out using Drata's simple chat interface. Sean Blaine on their team immediately engaged and helped walk through and resolve issues - great service! Review collected by and hosted on G2.com.

No downside to Drata. If anything, the sheer volume of capabilities means there is a lot to leverage - but the intuitive nature of the product and the impeccable support make that not just manageable, but a true pleasure in using the platform. Review collected by and hosted on G2.com.

I'm a vCISO and work with customers on building their security programs and preparing for an audit. Drata has been amazing in preparing my customer for SOC2. It's amazing in that 85% of the evidence is automatically gathered and tested every 24 hours. No more screenshots and manual gathering of evidence. The best part is knowing the control is actually being enforced on a daily basis. Ali McCormick our Drata Customer Success Manager has been great in helping us use Drata and meet the customer's accelerated SOC2 timeline. Review collected by and hosted on G2.com.

I wish the Risk Assessment and Remediation Plan were more automated. Having to map the Remediation to the control manually was disappointing. The SOC2 system description isn't automated. Review collected by and hosted on G2.com.

It seems dumb to say out loud, but it works as expected, every time, and I have the support I need to do what I need to do, when I need to do it. I don't think I've ever waited on help or an answer, and our entire team finds value in the tool each time we use it. You can't say that about much in the software world. We had an easy implementation, easy integration experience, and I love that the chatbot actually works in the after hours when I need to ask my obscure questions. Turns out they're really not all that out of the ordinary, because there's a ready made and easy to find answer no matter what time I want to ask the question. Review collected by and hosted on G2.com.

I'm a little sad my person moved onto another job (Claire), but we have a lovely new person and I know we're in good hands. Review collected by and hosted on G2.com.

We had an awesome experience working with Drata, especially with Elizabeth John, who was incredibly helpful throughout the process. She made setting up everything for our SOC 2 Type 1 and 2 so much easier, guiding us every step of the way and always being available to answer questions. Elizabeth was extremely prompt, responding quickly whenever we needed support, which made the entire process feel smooth and efficient. The platform itself is intuitive and streamlined, taking a lot of the stress out of compliance. Highly recommend Drata if you’re looking for a straightforward compliance journey — and if you get the chance to work with Elizabeth, you’re in great hands! Review collected by and hosted on G2.com.

The only downside we’ve encountered is the lack of integration with Oracle Cloud Infrastructure (OCI), which would make the platform even more versatile for our needs. Review collected by and hosted on G2.com.

1. Drata's compliance automation is a game changer. The available integrations allow a small compliance team to scale to an unlimited size organization. For example, vulnerability scanning, device monitoring, data security testing, policy, network infrastructure, risk assessment, and the list goes on. These were previously controlled and documented in independent places and my compliance team 1) struggled to manage all of the compliance evidence and 2) "pushed" the information to the SOC 2 auditor. Drata consolidates this into one portal and the auditor has on demand access. This truly is automated compliance.

2. Live chat support, compliance library, policy templates, risk assessment guide. The provided tools help you effectively set up a compliance program.

3. My vendor rep has been extremely helpful and available throughout the process. We meet every two weeks to ensure we are progressing sufficiently. But also, I appreciate that she understands everyone works at their own pace so is not pushing us if not necessary. Review collected by and hosted on G2.com.

The vendor management functionality is lacking. Specifically, the questionairre function is very limited and not very useful. Review collected by and hosted on G2.com.

Drata has been great to map from the ISO 27001 framework requirements to actual controls. Whilst it doesn't replace compliance activities, it has sped up our alignment of our existing process to the ISO 27001 framework controls. The in-built policies have been great to use a base for review and sometimes wholly draft new policies. The risk assessment area is also very good for keeping and scoring risks.

Finally the automation of controls is very good and suited to our environment (circa 150 employees + AWS infratructure). The tool makes it easy to disable tests (where not appropriate) or exclude particular items from the test (and justify this). The raw evidence is often very helpful for troubleshootin why our infrastructure may fail a particular test.

Their customer success folk are absolutely excellent and work with you the whole way, and the interface is very intuitive and so it's as 'self-service' as you can imagine. The onboarding of the various integrations/connections was seamless with little need for help.

During the "getting compliant", Drata has been used pretty mcuh every day by the security team in order to keep track of progress. Review collected by and hosted on G2.com.

Dislike is a strong word. Given the relative youngness of the company, there are a few rough edges spread around none of which stop getting the value from the tool. It sometimes feel like the tool is geared more towards "keeping compliant" than "getting compliant" - which of course will be the vast majority of the platform's use.

Occasionally, the platform is a little limited (integrating with Enterprise Intune policies needs to be done in a very particular way) - though this we managed to overcome with the help our Customer Success manager. In other areas, we disagreed with some of the automated monitoring tests and their implementation (for example around production access to Gitlab). but that was overcome by using their API to upload evidence automatically from a small CI/CD job and disabling that single test. On the whole, we use almost every test provided by Drata out of the box. Review collected by and hosted on G2.com.

Drata supports the most common compliance frameworks. It effectively translates compliance requirements into readable control items. Each control item consists of a set of tests that are defined with clear specifications. For example, if an organization wants to adhere to the compliance NIST CSF, personnel responsible for achieving compliance simply focus on the control items of target compliance that Drata organized. Some tests can be shared across multiple compliance frameworks! It is easier for them to implement other compliances more efficiently in the future. Secondly, the most impressive design is the capability of automated evidence collection. With easy configuration on integrations to popular platforms, it can save effort when collecting the evidence of control items. To manage the overall readiness of compliance continuously, Drata provides efficient monitoring of controls, the status of tests, and the integrity of essential evidence. It provides users with real-time status and benchmarks in the dashboard. That helps internal or external auditors to track progress, identify gaps, and demonstrate compliance to key stakeholders. Finally, when I was new to Drata in the beginning, the Drata support team consistently delivered effective solutions to customer issues. The experience of customer support really touched my heart. Review collected by and hosted on G2.com.

The automated evidence-collection feature is a very productive design. However, it has both pros and cons. The limitations on integrations may become a burden if the target platform is not on the support list. Another thing that needs to be improved is the instructions for fixing the failed/error tests. Sometimes, I can not directly understand the root cause of the failed test. I hope the error information or solution instructions become more transparent or readable. Review collected by and hosted on G2.com.

Drata streamlines compliance journey from start to audit-ready and provides professional support from its team of security and compliance experts, specially Ali!

And I would like to take a moment to commend her (Ali) for an exceptional efforts and dedication. She has consistently gone above and beyond in providing assistance, following up on meetings, and keeping us updated on Drata.

Ali’s proactive approach in ensuring that the our team remains as compliant as possible has been invaluable. Her diligence and commitment to excellence are truly commendable and have greatly contributed to the success of our compliance efforts.

We appreciate Ali’s hard work and dedication!

She's truly an asset! Review collected by and hosted on G2.com.

None . Review collected by and hosted on G2.com.

The Drata platform is very user friendly and provides great support and help articles for users to navigate and understand the compliance requirements. The Drata team is also extremely helpful, responsive, and approachable any time they are needed. Review collected by and hosted on G2.com.

I would like to see a feature that requires manual user updates (i.e. marking items ready for audit) as opposed to automatically checking off as green since this could lead to confusion. Review collected by and hosted on G2.com.