--- title: Drata Reviews meta_title: 'Drata Reviews 2026: Details, Pricing, & Features | G2' meta_description: Filter 1329 reviews by the users' company size, role or industry to find out how Drata works for a business like yours. aggregate_rating: rating_value: 4.7 review_count: 1329 scale: '5' date_modified: '2026-06-17' parent_category: name: Cloud Security url: https://www.g2.com/categories/cloud-security --- # Drata Reviews **Vendor:** Drata **Category:** [Cloud Compliance Software](https://www.g2.com/categories/cloud-compliance) **Average Rating:** 4.7/5.0 **Total Reviews:** 1,329 ## About Drata Founded in 2020 and headquartered in San Francisco, California, Drata provides the trust network that enables businesses to operate, scale, and partner with confidence. Born from experience in mission-critical aerospace work and the painful reality of manual security audits, Drata was created to turn trust into an always-on state instead of a point-in-time exercise. Today, the Drata Agentic Trust Management Platform helps more than 8,500 organizations worldwide build continuous trust across the cloud and prove their posture to customers, partners, and auditors. Drata unifies governance, risk, compliance, and assurance so security and GRC teams can manage everything in one place. Drata's core capabilities include Automated Governance to streamline policy management, control monitoring, evidence collection, and access reviews; Integrated Risk Management to centralize internal and third-party risk with real-time visibility and ownership; Continuous Compliance to automate evidence collection and control testing across frameworks; and Accelerated Security Assurance to show your security posture in real time and shorten review cycles while supporting faster, more confident sales and vendor decisions. Together, these capabilities deliver Continuous Real-Time Trust, Enterprise-Grade Flexibility, and Agentic AI Productivity. Drata continuously monitors controls, flags risks immediately, and makes always-current proof easy to share so you're demonstrating effective security every day—not just at audit time. The platform scales across multiple frameworks and connects to hundreds of tools to fit complex environments, and AI-driven automation helps assess vendors, collect evidence, and draft questionnaire responses—eliminating repetitive manual work, reducing operational overhead, and turning assurance into a strategic business enabler for modern, trust-driven organizations. ## Drata Pros & Cons **What users like:** - Users appreciate the **round-the-clock customer support** from Drata, making compliance management seamless and efficient. (161 reviews) - Users appreciate the **intuitive setup** of Drata, making it easy to use for everyone, even beginners. (148 reviews) - Users value the **automated compliance monitoring** and real-time tracking that Drata offers, enhancing efficiency and support. (130 reviews) - Users appreciate the **time-saving automation** of Drata, simplifying SOC2 audits and compliance checks significantly. (106 reviews) - Users value the **ease of integration** in Drata, seamlessly connecting various tools for efficient compliance management. (103 reviews) - Users find Drata to be **simple to use and set up** , enhancing automation and support for audit processes. (102 reviews) - Automation (94 reviews) - Easy Integrations (85 reviews) - Easy Setup (76 reviews) - Team Expertise (70 reviews) **What users dislike:** - Users express a need for improved **limited integrations** with third-party tools to enhance Drata's flexibility and effectiveness. (47 reviews) - Users find that **improvements are needed** in Drata's configurability and auditor experience, affecting transition efficiency. (42 reviews) - Users find **integration issues** with Drata, including complications during transitions and manual configuration challenges. (41 reviews) - Users find the **lack of clarity** in Drata's UI can complicate navigation and understanding of tasks. (31 reviews) - Users desire **missing features** in Drata, including improved formatting, user interface, and essential tool integrations. (24 reviews) - Users find the **user interface confusing** at times, making navigation and task management challenging. (23 reviews) - Limited Customization (22 reviews) - Policy Management (22 reviews) - Users find Drata’s services to be **expensive** , especially for startups looking for cost-effective compliance solutions. (20 reviews) - Onboarding Difficulties (18 reviews) ## Drata Reviews ### 1. Super helpful for SOC-2, but some Integrations and the Tasks module could be improved **Rating:** 3.5/5.0 stars **Reviewed by:** Alain F. | Sr. Software, Security & Compliance Engineer, Small-Business (50 or fewer emp.) **Reviewed Date:** June 03, 2026 **What do you like best about Drata?** It's complete: when well configured, it covers efficiently all the controls necessary to reach SOC-2 compliance (and presumably other standards, that I haven't checked yet). It even goes further with list of vendors, risk assessments, and a partnership with SafeBase to host your Trust Center. Great! The product was pretty responsive and easy to navigate, administrate and use (I haven't worked much with the new UI/UX, tho), and integration with our tech stack (IDP, code-base, etc.) is simple. Their AI-chatbot is most of the time helpful for basic support, although the corresponding doc is not always up-to-date (so the chatbot may be out-of-date too; but there's always a human to take over). **What do you dislike about Drata?** Integration with Linear was supported, but the main point is to submit Linear ticket as evidence… which is not possible (and frustrating). The "Tasks" module of Drata could be a powerful tool to manage/plan/track/remind all the tasks to do, recurring or punctual, but it is not as complete and smooth as a good old Google or Outlook Calendar (to invite several people, to link to a document, etc.), so we have quickly stopped using it. Also, like all other GRC tools, it's always hard to justify the price to our management when everything goes well and no threat was directly addressed via Drata. **What problems is Drata solving and how is that benefiting you?** We wanted a tool that our auditors could access to answer most of their questions for a SOC-2 audit. Apart from the on-boarding and some permissions issues, Drata did all the work I would have had to do to satisfay the auditors. ### 2. Intuitive, Well-Organized UX with Helpful Auditors and Time-Saving Integrations **Rating:** 4.0/5.0 stars **Reviewed by:** Sarah J. | People Ops Lead, Small-Business (50 or fewer emp.) **Reviewed Date:** May 29, 2026 **What do you like best about Drata?** The connection to the auditors. I would not have connected with Sensible if it weren't for them, and our auditing team is incredibly helpful and informative. The My Personnel section makes it easy to monitor the progress of my teams MyDrata section. I can send them a nudge in the page to remind them to complete their tasks. It is overall, well-organized, intuitive UX/UI. I like the integrations feature, this has made completing many of our controls much more simple. **What do you dislike about Drata?** I was extremely confused around the mandatory controls for the SOC2, and this was not explained to me clearly when we were onboarded. There was 208 controls, and once speaking with the auditor, it became clear that we would only need to complete 25% of that. Also receiving explanation on the risk management and vendor management page. I was very confused with what to do with these, and how they related to the final audit. **What problems is Drata solving and how is that benefiting you?** We are not SOC2 compliant, and Drata is helping us obtain that certification through frameworks and structure. it is benefiting me because the learning curve of figuring out how to be soc2 compliant and the necessary structures to build would take much time, and I imagine would be incredibly confusing. ### 3. Huge Time-Saver: Smart Control Mapping, Helpful Onboarding, and an Intuitive UI **Rating:** 4.5/5.0 stars **Reviewed by:** Dylan E. | Information Security Officer, Mid-Market (51-1000 emp.) **Reviewed Date:** May 03, 2026 **What do you like best about Drata?** The best feature Drata has is the mapping of recurring requirements of different frameworks/standards to generic Drata Controls. What this means is that if multiple of your frameworks require pretty much the same thing, you only have one Drata control you need to comply with to satisfy all the requirements of your frameworks. This also means only one place to store evidence, add policies, do tasks, etc. This is tremendous time-saver compared to other GRC tools. Another great feature is the onboarding service they offer. Every subscription has a number of hours attached that you can use to call in GRC-specialists to help you set up something, or just ask questions. You don't have to struggle to get Drata up and running, but can lean on their expertise. The AI policy builder they have works quite well. It starts you off with a template for whatever policy you selected, but it can also analyse something you made yourself to see if it adheres with the requirements of the Drata controls. It also makes suggestions for what is missing. It isn't always foolproof, so you do need to review the suggestions yourself, but it is a good tool to pinpoint where you are lacking. Connections are important to get your compliance evidence in Drata in an automated way, and it is adequate. There are many out-of-the-box intergrations, but frankly some of them are missing automated evidence collection. As an example, we integrated our password manager using the built-in Drata connection, and it was easy to set up and gather our list of users. However, it didn't get data to show that our security-related settings were configured properly. We ended up having to use a custom integration. Lastly some praise for the UI. It is clean, easy to navigate and most importantly, is intuitive. If I want to see my Risk Register, you just navigate to "Risks". **What do you dislike about Drata?** As a premium offering, the only real barrier to entry is the price. It isn't the most expensive GRC tool I have seen, but it is up there. This can be compounded if you need alot of extras (more frameworks, etc.). Our experiences with customer support have also been mixed. Some responded very quickly and accurately, while other times the response was too vague to actually answer our question. **What problems is Drata solving and how is that benefiting you?** Our company prides itself on (cybersecurity) compliance, and in the course of several years we have achieved quite a number of certifications to international standards. When the company was smaller, it was feasible to, by hand, maintain our spreadsheets, documents and make screenshots of relevant information needed to pass our audits. Some time later we saw the added value of a GRC system, but weren't ready to commit to something with a larger price tag, so we started working with a small local SaaS offering. It definately helped give us a better overview of our entire compliance landscape, but frankly it didn't save us alot of time, because everything still had to be done by hand. I estimate that I spent roughly 30% of my hours maintaining and updating our GRC system. This manual work was time-intensive and error-prone, so that was the moment we decided to invest in a established GRC solution. We now use Drata as our single source of truth when it comes to businness compliance, and the main benefit is the time saved. No more manual labor to get the right evidence from the right person, it is all automated and sent to the platform. **Official Response from Lizzie Higgins:** > Hi Dylan! Thank you so much for the feedback and for highlighting the time-savings you've experienced as a result of using Drata as a single source of truth for your program. We love hearing that you found the platform intuitive and easy to onboard, that controls mapped to multiple frameworks has helped, and that you found so much value in the AI-powered control suggestions for policies. We know the importance of efficiency and accuracy as you continually build and maintain trust, and we're so pleased that Drata has reduced the manual work for you and your team. ### 4. Clear Tickets and Fast AWS Integration Make Issue Tracking Effortless **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Financial Services | Small-Business (50 or fewer emp.) **Reviewed Date:** June 04, 2026 **What do you like best about Drata?** The tickets include detailed and clear instructions, which makes most of them quick to fix, re-test, and resolve. It feels like steady progress rather than one large chunk of work and pressure. I also really like the historical results bar chart, as it provides clarity on when an issue was reintroduced. The web platform and the AWS account integration are consistently accessible, fast, and technical-user friendly. **What do you dislike about Drata?** Well, I dislike 2 things: 1. There are no filters on AWS account id or Git project, which would be really nice to have and apply. We have multiple connections to 1 Drata account, so figuring out what account affected via findings is time consuming. Or maybe custom filters sit somewhere, but I haven't found them yet. 2. There was one case of Drata tightening rules on Infra ticket, that caused a lot of confusion. On Jan 28th 2026 NACL rules with ALLOW TCP 0–65535 from 0.0.0.0/0 and ALLOW UDP 0–65535 from 0.0.0.0/0 satisfied Drata test case 227, but on Jan 29th the test 227 started failing. I couldn't find any details on the test rules change, at least it was my understanding that something had been changed in the test settings. Maybe adding "last updated at" + short info would have given some clarity. **What problems is Drata solving and how is that benefiting you?** The biggest benefit is from Infra/Compliance monitoring. I'm a software/cloud engineer who is looking at failed tickets and resolving them. ### 5. Intuitive Compliance Tracking with Smooth Performance and Responsive Support **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Computer Software | Mid-Market (51-1000 emp.) **Reviewed Date:** May 29, 2026 **What do you like best about Drata?** We use it for compliance tracking. It has a very intuitive framework with automatic tests and controls mapped to specific compliance requirements. It also offers tools to keep track of compliance requirements like Personnel compliance list, Vendor and Subprocessor inventories, a policy center, and a risk register - all of which we use as part of our day-to-day company processes. It easily connected to our infrastructure console, cloud workspace, HR system, and trust portal - automatically running tests and checking controls, which reduces our workload. The performance is smooth, and the AI agent gives quick advice when you bump into an unknown. Tickets were addressed and resolved quickly, so technical support is responsive and gives ample explanation and updates. The pricing is competitive and can be compared to other alternatives. **What do you dislike about Drata?** There are really no big downsides for me - it offers more than we are using now. Maybe the connection between assets and personnel could offer more actions to easily reflect changes/updates and record what changed. In specific cases, we need to involve TS to resolve unusual states. **What problems is Drata solving and how is that benefiting you?** We use it as a Compliance hub: We track our compliance controls, upload evidence, track personnel compliance, host our policies, log our subprocessors and risks. Also, it is an assessment hub to communicate with our auditors. And we also host our trust portal on the child product Safebase. ### 6. Streamlines Compliance and Audit Processes **Rating:** 5.0/5.0 stars **Reviewed by:** Nadeem A. | Mid-Market (51-1000 emp.) **Reviewed Date:** May 28, 2026 **What do you like best about Drata?** I use Drata to review and sign off on company policies, ensuring compliance readiness and supporting audit processes by keeping documentation and acknowledgements centralized and traceable. It helps our company stay organized and prepared for audits by providing clear records of policy acceptance and compliance activity. Drata removes the manual overhead of tracking compliance and acknowledgments, storing everything in one centralized system. Specifically, it reduces admin work for me around signing policies, clearly indicates what still needs attention, and prevents missed acknowledgment. It's straightforward, with clear reminders and required actions to ensure nothing is missed during audits or internal checks. I also appreciate that Drata connects with other platforms, like Microsoft SSO and iHASCO, which greatly reduces the need to manually sync data. Overall, I'm glad we have it. **What do you dislike about Drata?** Nothing of note. **What problems is Drata solving and how is that benefiting you?** I use Drata to centralize compliance tracking and policy sign-offs, reducing admin work and manual overhead. It keeps documentation organized, which helps in audits and internal checks, ensuring nothing is missed. ### 7. Easy Entra ID Setup and Strong Integrations for Streamlined Compliance **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Marketing and Advertising | Mid-Market (51-1000 emp.) **Reviewed Date:** May 29, 2026 **What do you like best about Drata?** There are a lot of native integrations available for you to connect to ensure compliance for workstations, identity, and policy acknolwedgements Very easy to connect Entra ID to pull in all your users and from there you can connect your MDM (Intune or JAMF/Kandji), RMM tools, and security training (KnowBe4) platforms to match up with the respective end user. Its really easy to manage users and their associated devices and check for device and policy compliance. **What do you dislike about Drata?** Particularly for MDM platforms such as Intune or JAMF, a workstation might have all the appropiate policies in place for compliance but Drata sometimes doesn't pull in that data correctly for some users/devices. In Intune, a device could show that all compliance policies have been sucessfully deployed however Drata might still list it as "non compliant" **What problems is Drata solving and how is that benefiting you?** It's a single platform for managing our end user and device compliance for audits and ceritifications. ### 8. Intuitive UI and Strong Integrations, But Support and Key Features Need Work **Rating:** 3.5/5.0 stars **Reviewed by:** Verified User in Leisure, Travel & Tourism | Mid-Market (51-1000 emp.) **Reviewed Date:** May 21, 2026 **What do you like best about Drata?** Intuitive User Interface (UI): The great UI makes navigating complex compliance tasks much easier, contributing to a smoother user experience. Robust Connections and Integrations: Drata's ability to integrate seamlessly with other tools automates evidence collection, significantly reducing manual effort and ensuring continuous monitoring. Customizable Frameworks: The flexibility to set up custom frameworks (like PCI 3DS) allows for tailored compliance programs that meet specific industry and business requirements. **What do you dislike about Drata?** Inconsistent Support Experience: You've noted that support can be hit or miss. While some interactions are super quick, others suffer from poor communication, a lack of progress updates, and extended resolution times. Consistent and transparent support is vital for compliance tools. Missing Key Features: The absence of certain functionalities, such as bulk evidence upload, can create inefficiencies and increase manual workload, especially for organizations with large volumes of data or evidence. This suggests opportunities for feature enhancement to streamline processes. Perceived High Cost: Although you weren't involved in the pricing, the sense that Drata is "rather expensive" when compared to previously used platforms like Vanta indicates a potential concern regarding value proposition or competitive pricing. Cost-effectiveness is a significant factor in tool adoption **What problems is Drata solving and how is that benefiting you?** Refining Current PCI DSS Compliance: Problem Solved: PCI DSS (Payment Card Industry Data Security Standard) has stringent requirements for handling cardholder data. Refining compliance means ensuring all controls are met, evidence is up-to-date, and potential gaps are identified. Benefit: Drata likely provides a centralized platform to monitor PCI DSS controls, automate evidence collection from integrated systems, and continuously assess your posture. This reduces the manual effort in maintaining compliance, minimizes the risk of non-compliance (and associated penalties), and helps ensure your systems are securely handling payment data. It streamlines the ongoing process, making audits less disruptive. Preparing for Future SOC 2 and ISO 27001 Certifications: Problem Solved: SOC 2 (Service Organization Control 2) focuses on trust service principles (security, availability, processing integrity, confidentiality, and privacy), while ISO 27001 (Information Security Management System) provides a framework for managing information security risks. Both require extensive preparation, policy development, and evidence gathering. Benefit: Drata acts as a compliance roadmap and automation engine for these new frameworks. It helps you: Understand requirements: Clearly outline the controls needed for SOC 2 and ISO 27001. Automate evidence: Leverage existing integrations (or set up new ones) to automatically collect evidence relevant to these standards. Track progress: Monitor your readiness in real-time, identifying what still needs to be done. Streamline policies: Manage and version control the necessary security policies. This proactive preparation saves significant time and resources compared to a manual approach, reduces audit fatigue, and accelerates your readiness for obtaining these crucial certifications, which can enhance trust with customers and partners. **Official Response from Lizzie Higgins:** > Thank you so much for the feedback, we truly appreciate it! So glad to hear you're enjoying the UI, and that our custom frameworks and deep integrations are reducing your manual effort. We are so happy that we're helping your team with multiple frameworks in a way that reduces audit fatigue and accelerates readiness. That's our hope, that you are able to do more strategic work in a scalable way. Our support and product teams also very much appreciate your thoughts on support consistency and the features that would help you save even more time. We've raised these items to the correct leaders internally, and if there is any particular open items that you need help with, feel free to email me anytime at lizziehiggins@drata.com. Thanks again! ### 9. Drata is the gold-standard for compliance management with steadily improving AI functionality **Rating:** 4.5/5.0 stars **Reviewed by:** Nate S. | Senior Director, Infrastructure and Security, Mid-Market (51-1000 emp.) **Reviewed Date:** April 22, 2026 **What do you like best about Drata?** Their monitoring dashboard is fantastic for identifying monitoring and compliance gaps, and their policy creation module is a game-changer for getting company policies created or updated. **What do you dislike about Drata?** The way test failures are presented in the pure JSON test output can sometimes make it take an unnecessarily long time to figure out which resource is causing a compliance error. The AI-generated output for these failures has improved, but they could still benefit from better JSON parsing so that, even when the raw output is shown, the user only sees the failures. **Recommendations to others considering Drata:** Make sure the infrastructure that will be evaluated by Drata is as up-to-date as possible, and provide a clear internal champion within the company to handle all Drata coordination and data entry. **What problems is Drata solving and how is that benefiting you?** Drata makes managing certification testing and policy creation ridiculously easy. We used it to track the myriad of items necessary for a SOC-2 Type 2 audit, and it saved our company literally months of time and alot of money on contract workers. **Official Response from Lizzie Higgins:** > Hi Nate, thanks so much for the feedback! We're thrilled to hear that you found our continuous monitoring and policy creation functions to be game-changing, and of course are delighted that Drata was able to save you months of time (& money too!). We also appreciate your feedback on the JSON test output and have surfaced to the team. Thank you for recommending Drata to others considering our platform, especially with such thoughtful advice about onboarding. We appreciate you! ### 10. The most horrible experience in my prof. life. **Rating:** 0.0/5.0 stars **Reviewed by:** Verified User in Information Services | Mid-Market (51-1000 emp.) **Reviewed Date:** June 05, 2026 **What do you like best about Drata?** Pricing. I do not like nothing else in this SW **What do you dislike about Drata?** The role-based model is horrible. You need this software for compliance, but you can’t properly manage your users within it. It feels like they only give you two options: either you do everything yourself, or you have to grant overly broad permissions to others, which then breaks compliance. You cannot manage different companies simuntenioustly because other they cannot spleat access between entities. And DRATA has no trust center, in their case Trust center it is other company and you will need to have addtitional discuttions with them about pricing and functionality. Limit list of integrations. Integration which exist is often are not working. The company deleted support and replace it with AI agent. **What problems is Drata solving and how is that benefiting you?** ISO27001 documentation storage **Official Response from Ashley Hyman:** > Thank you for your candid feedback. I’m sorry to hear your experience has been frustrating. I do want to clarify a few points. Drata does provide role-based access controls and user management capabilities (all meeting compliance and security standards—we take that very seriously). Drata customers also do have access to a Trust Center solution. Last year, we acquired SafeBase, the first and top Trust Center in the market. We have a streamlined SSO process directly from the Drata interface or the option to keep it separate—most appreciate the flexibility. Our assurance functionality (Trust Center and AIQA) is all managed within your Drata contract and can be reviewed with your Drata account team. More importantly, if the product did not work the way your team needed it to, that is something we want to understand and address. I’d welcome the chance to speak directly and learn more about the issues you ran into. You can reach me at ashley@drata.com. Sincerely, Ashley Hyman VP of Customer Experience ### 11. Effortless Compliance Management, Pricy Add-Ons **Rating:** 4.5/5.0 stars **Reviewed by:** Alex R. | Chief Information Officer & Co-Founder, Mid-Market (51-1000 emp.) **Reviewed Date:** June 05, 2026 **What do you like best about Drata?** I love that Drata makes the compliance process so much easier for our ISO27001, SOC2, and HIPAA certifications by doing all the heavy lifting for us. I also appreciate the ease of use; it was so easy to get started, and the UI just makes sense. The way it breaks things down into sections like compliance and risk is really helpful. Setting up Drata was incredibly easy, I was set up in a day. **What do you dislike about Drata?** Buying a new framework is incredibly expensive! One additional framework I've been quoted 1/3 of my subscription price! **What problems is Drata solving and how is that benefiting you?** Drata simplifies compliance governance for ISO27001, SOC2, and HIPAA. It eases the process by automating heavy lifting and eliminating manual spreadsheet management. ### 12. Effortless Compliance with Room for Improvement in Collaboration **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User | Mid-Market (51-1000 emp.) **Reviewed Date:** June 08, 2026 **What do you like best about Drata?** I use Drata for security and compliance, especially for policy creation and ensuring SOC, HIPPA, and GDPR compliance. Drata is crucial in policy creation and control monitoring, making the process of policy creation easy and allowing us to account for all the controls needed for audits. The platform is very easy to use, with a user-friendly web UI and layout that makes navigation simple. I appreciate how well-organized everything is in the Drata UI, allowing me to see, acknowledge, and collaborate on policies effortlessly. It's intuitive and doesn't feel cumbersome like other platforms. Setting up Drata was also easy, and our representatives made the process smooth. This was my first experience with a compliance tool like Drata, but it was easy to learn, and I would definitely recommend it. **What do you dislike about Drata?** The collaboration when drafting policy could be better. I've run into issues where multiple people working on the same policy end up conflicting with each other's edits. We tried using Word for live collaboration, but that was clumsy. A live editor would be a game changer! Also, versioning could be improved and more detailed. I think a feature to 'check out' a policy so it isn't editable by others could help avoid conflicts. **What problems is Drata solving and how is that benefiting you?** I use Drata for easy policy creation and compliance with SOC, HIPPA, and GDPR. It simplifies policy creation, making it intuitive and organized for monitoring controls during audits. ### 13. Decent SOC 2 Tracking, but would prefer more advanced capabilities for the price **Rating:** 3.0/5.0 stars **Reviewed by:** Emily B. | Chief of Staff, Small-Business (50 or fewer emp.) **Reviewed Date:** April 21, 2026 **What do you like best about Drata?** It’s a decent tool for tracking SOC 2 compliance rules and controls. It also integrates with our HRIS, which helps keep things connected and easier to manage. **What do you dislike about Drata?** The “tests” for various controls aren’t very intuitive, and at times they feel more arbitrary than helpful. Pricing also seems high relative to the platform’s actual capabilities. During onboarding, the reliability of the tool was oversold, which made it harder to gauge how deep we needed to go with our controls and any supplemental tracking tools. I would have preferred clearer, more practical guidance throughout. **What problems is Drata solving and how is that benefiting you?** SOC 2 security and compliance. **Official Response from Lizzie Higgins:** > Hi Emily! Thanks so much for the candid and thoughtful feedback. We're glad to hear that Drata is helping with your SOC 2 compliance tracking and lightening the load with the HRIS integration. I know our product team would appreciate hearing more about your experience with the test library, and our CS team would love to ensure you're getting the most value you can out of the platform overall. If you'd like to email me at lizziehiggins@drata.com I'd be more than happy to set up time for a feedback call with the relevant folks on our team. Hope to hear from you soon, and thank you for the continued partnership! ### 14. Drata Keeps Us Continuously Audit-Ready with Hands-Off Evidence Collection **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Marketing and Advertising | Mid-Market (51-1000 emp.) **Reviewed Date:** March 17, 2026 **What do you like best about Drata?** What I like about Drata is how it transforms compliance from a manual, point-in-time effort into a continuous, automated process. Its integrations with tools like cloud providers and identity systems make evidence collection largely hands-off. The dashboard is clear and accessible, giving both technical and non-technical stakeholders quick insight into compliance status. Overall, Drata makes it much easier to stay audit-ready without the usual operational burden, and it scales well as organizations grow. **What do you dislike about Drata?** What I dislike about Drata is that the initial setup and configuration can be time-consuming and sometimes confusing, especially when mapping controls across multiple frameworks.The platform can also generate a high volume of alerts or tasks, which may create noise if not carefully tuned. **What problems is Drata solving and how is that benefiting you?** Drata solves the problem of time-consuming, manual compliance processes by automating evidence collection, control monitoring, and audit preparation. Instead of scrambling to gather documentation at audit time, it keeps everything continuously up to date, which reduces stress and minimizes the risk of missing requirements. This benefits me by saving significant time, improving accuracy, and providing real-time visibility into our compliance posture. It also makes it easier to stay audit-ready year-round and focus more on higher-value work rather than repetitive administrative tasks. **Official Response from Lizzie Higgins:** > Thank you for sharing your positive experience with Drata! We're glad to hear that our automated tests and integrations have made evidence collection easier and saved you time, without sacrificing accuracy. Also, we love to hear that information about your compliance posture is clear and accessible for your technical and non-technical teams. Trust is everyone's job, and we're happy to be enabling your whole team to maintain that trust. ### 15. Great Compliance Tool with Room for Performance Improvement **Rating:** 4.5/5.0 stars **Reviewed by:** Zeyd Taha C. | Co-Founder, Small-Business (50 or fewer emp.) **Reviewed Date:** January 16, 2026 **What do you like best about Drata?** I really like the ease of use and the support that Drata provides, especially for a small team like ours. It's helpful to have a tool that works for us in terms of compliance. Drata gives us an overview of all necessary renewals for evidence, and the use of templates is really handy. It's nice that Drata offers many easy setup configurations. **What do you dislike about Drata?** The platform is sometimes a little bit slow and minor bugs. Sometimes I have to wait for tech support to answer for bugs which slows me down, or wait for page loads longer than usual. **What problems is Drata solving and how is that benefiting you?** Drata serves as a Compliance Hub and provides an overview, helping our small team manage compliance smoothly. It remembers emails for tasks and offers templates for necessary renewals. ### 16. User-Friendly with Room for Integration Improvement **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User | Small-Business (50 or fewer emp.) **Reviewed Date:** May 30, 2026 **What do you like best about Drata?** I like Drata's interface and the ease of usage. It's great that it updates automatically when something needs fixing, so I don't have to worry about manual interventions. Compared to other tools, it gives me a sense of knowing exactly what to expect and how things will work. Also, the integrations are pretty good, even though there's room for more apps to be added. Great policy templats. **What do you dislike about Drata?** Lack of integrations and maybe a little bit of lack of comprehensive rules regarding for example systems that should not be included / scanned. It doesnt use most secure way of connecting applications via OIDC / workload identity systems. There was a lack of ability to import evidence from other vendors, so we had to do a lot of stuff manually. **What problems is Drata solving and how is that benefiting you?** I use Drata to set up ISO 27001 and SOC 2. The interface is easy to use and updates automatically when something needs fixing, so I always know what to expect. ### 17. Streamlined Compliance with Some Room for Improvement **Rating:** 3.5/5.0 stars **Reviewed by:** Verified User | Mid-Market (51-1000 emp.) **Reviewed Date:** May 28, 2026 **What do you like best about Drata?** I find Drata quite intuitive to use, and I appreciate that it has a lot of built-in integrations along with the ability to build custom ones for the things that are missing. The quick support and the good template library also stand out to me. The initial setup was quite easy and intuitive as well, and I found the documentation to be pretty good. **What do you dislike about Drata?** The policy editor isn't great and could use better formatting options. There are generally bugs in the system and there's absent functionality, like the inability to download all policies regardless of their status. Controls aren't automatically mapped to the ISO framework, and having an internal mapping would make things easier. Support availability in the APAC timezone is missing. I'd also like the ability to export data sets from all views based on selection or all of it. **What problems is Drata solving and how is that benefiting you?** I use Drata for ISO27001 certification preparation, evidence gathering, audit centralization, continuous tracking, and compliance, helping streamline testing across infrastructure and workstations. **Official Response from Ashley Hyman:** > Thank you so much for your review! We really appreciate the feedback. You saying you find the system intuitive is one of the best compliments we could receive. I would love to connect with you directly to review our pre-mapped ISO 27001 framework. This has been in place for many years, so I want to ensure you have access to what you need. Additionally, we do provide 24/5 support so the APAC timezone is supported within that. But again, connecting with you directly to dig into any gaps would be awesome. You can reach me at ashley@drata.com. Looking forward to speaking with you! Best, Ashley Hyman VP of Customer Experience ### 18. Expect things to break all the time silently **Rating:** 0.0/5.0 stars **Reviewed by:** Verified User in Hospital & Health Care | Mid-Market (51-1000 emp.) **Reviewed Date:** March 09, 2026 **What do you like best about Drata?** Comes with a Drata Trust Center that's relatively easy to manage. That's pretty much the only thing that hasn't broken on me this past year. **What do you dislike about Drata?** Drata seems to have major breakage on what seems to be a monthly basis. - MDM integration is currently broken - Audit hub messages from auditors are currently broken - Using a custom framework, only your auditors can create the controls (and control mappings in the audit hub vs what's in your view of the custom framework are not kept in sync) I've reached the point where I'm running audits outside of Drata because Drata is so broken. Customer Service seems to have taken a major step back in quality. I've been advised at least twice to make dangerous changes that each time broke my Drata instance (Google, HRIS). **What problems is Drata solving and how is that benefiting you?** Their Trust Center does give me a way to manage showing our compliance documents under NDA to prospects and customers. **Official Response from Ashley Hyman:** > Thank you so much for taking the time to provide your feedback. While difficult to hear, your feedback is important to us, and we’d like the opportunity to address directly with you. It sounds like you’ve dealt with repeated problems across important parts of the product, and that’s clearly eroded your trust in us. While this is not representative of the experience most Drata customers have, I want to apologize on behalf of the entire Drata team - this is not the way we strive to support the customers who place their trust in us. I have already shared this feedback with our internal teams, but would love to connect with you so we can gather additional details and dig into this further. Our goal is to support you to resolution. Please reach out to me directly at ashley@drata.com to set up time to connect, and I’ll ensure we pull in our top experts to address your concerns. Sincerely, Ashley Hyman VP of Customer Experience ### 19. Comprehensive Alerts and Excellent Support—Key to Passing Our SOC 2 Audit **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Computer Software | Small-Business (50 or fewer emp.) **Reviewed Date:** April 30, 2026 **What do you like best about Drata?** Comprehensive alerts on tasks and status pf controls. Could not have passed SOC2 audit without Drata. Initial onboarding was difficult as the platform is not intuitive, especially for folks new to the CRG arena. Good documention but not easy to formulate searches as a newbie. **What do you dislike about Drata?** Usage is not intuitive, UI is OK Support is excellent **What problems is Drata solving and how is that benefiting you?** Prior to utilizing the platform we had not idea as to the work necessary to become SOC2 certified. It took a while to understand the the template policies were just that, templates. I suggest an onboarding specialist work with folks new to the platform in designing a customized workflow and how policies, controls and evidence relate to each other. There is a plethora of documentation which is pretty good **Official Response from Lizzie Higgins:** > Thank you so much for sharing your experience with Drata. We're pleased to hear that our comprehensive alerts and excellent support were instrumental as you completed your SOC 2 audit process. We'd love to hear more details about the challenges you had with the UI and onboarding process, so we can ensure the particulars make it to the right team for review. Feel free to email me at lizziehiggins@drata.com with any specific feedback, or to set up time to chat! Thanks again! ### 20. SOC2 Compliance with a little help from our friends. **Rating:** 5.0/5.0 stars **Reviewed by:** Sheldon J. | Director, Information Technology, Mid-Market (51-1000 emp.) **Reviewed Date:** February 19, 2026 **What do you like best about Drata?** What I like best is the Integration with MS365, CERTN, Defender, Meraki ect. the automation makes it easier to manage several endpoints and users. **What do you dislike about Drata?** Clearly defined policy renewal steps should be given prior to renewal, simply renewing a policy without updates changes the version of the document eg: 1.1, 1.2 and the tables inside don't reflect the changes. there's no point in doing the renew without updates as the table below has not reflected the version change. **What problems is Drata solving and how is that benefiting you?** We required SOC2TII to continue doing business with our banking partners. It was critical that we chose a partner who can best help us acheive this in a timely and effective manner. Drata has been a great partner to help us do that. **Official Response from Lizzie Higgins:** > Thank you so much for the insightful feedback! We're happy to hear that Drata's wide variety of integrations have enabled automation that makes things easier to manage for you and your team. We're so glad to be partnering with you and helping you to run an effective and efficient compliance program which enables your business to grow! ### 21. Clear, Concise Compliance Playbook That Keeps Evidence Organized **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Internet | Small-Business (50 or fewer emp.) **Reviewed Date:** May 28, 2026 **What do you like best about Drata?** My favorite part of using Drata is that it provides a clear, concise playbook to work off of when I am going about organizing my evidence for my compliance framework. **What do you dislike about Drata?** The user interface is not always as intuitive as it could be. There are times when I am not sure where to find what I am looking for even after using the site off and on for over a year. **What problems is Drata solving and how is that benefiting you?** Before Drata we were largely having to guess about the criteria needed to meet the requirements for our compliance framework. With Drata we have a clear outline and guidance on what those requirements are and how to satisfy them. ### 22. Drata: Simplifying Your Compliance Journey **Rating:** 4.5/5.0 stars **Reviewed by:** Eric L. | Security Engnieer, Electrical/Electronic Manufacturing, Mid-Market (51-1000 emp.) **Reviewed Date:** January 15, 2025 **What do you like best about Drata?** Drata supports the most common compliance frameworks. It effectively translates compliance requirements into readable control items. Each control item consists of a set of tests that are defined with clear specifications. For example, if an organization wants to adhere to the compliance NIST CSF, personnel responsible for achieving compliance simply focus on the control items of target compliance that Drata organized. Some tests can be shared across multiple compliance frameworks! It is easier for them to implement other compliances more efficiently in the future. Secondly, the most impressive design is the capability of automated evidence collection. With easy configuration on integrations to popular platforms, it can save effort when collecting the evidence of control items. To manage the overall readiness of compliance continuously, Drata provides efficient monitoring of controls, the status of tests, and the integrity of essential evidence. It provides users with real-time status and benchmarks in the dashboard. That helps internal or external auditors to track progress, identify gaps, and demonstrate compliance to key stakeholders. Finally, when I was new to Drata in the beginning, the Drata support team consistently delivered effective solutions to customer issues. The experience of customer support really touched my heart. **What do you dislike about Drata?** The automated evidence-collection feature is a very productive design. However, it has both pros and cons. The limitations on integrations may become a burden if the target platform is not on the support list. Another thing that needs to be improved is the instructions for fixing the failed/error tests. Sometimes, I can not directly understand the root cause of the failed test. I hope the error information or solution instructions become more transparent or readable. **What problems is Drata solving and how is that benefiting you?** Readiness status: make the estimation on the progress of compliance adherence easier and more readable. Continuous monitoring: easy to track progress and identify gaps, minimize the risk of non-compliance and reduces the likelihood of costly audit findings. Automation on evidence: Drata automates many of the manual tasks associated with compliance, frees up valuable resource for the security team and product teams ### 23. Simple, Straightforward Design with Engaging Gamification **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Computer & Network Security | Small-Business (50 or fewer emp.) **Reviewed Date:** June 08, 2026 **What do you like best about Drata?** Simple & straight forward design. Easy to understand what I need to do. And what's my responsibility. Easy to sign and consume info. I like the gamification as well. **What do you dislike about Drata?** Sometimes it's difficult to understand just how much signatures one need to go through, it's duteous and tiring to go over paper works- especailly important ones. So I'd have loved to have a AI summary or maybe highlighting of certain areas that I would need to focus on. **What problems is Drata solving and how is that benefiting you?** Solving managing the security tasks - set by our CISO and making sure everyone signed all the relevant paperwork. Team accountablility **Official Response from Lizzie Higgins:** > Hi there! Thank you so much for the feedback! We're glad to hear that you find our design simple and straightforward, and that you appreciate the gamification aspect. We like that too! We appreciate your feedback about the review of documentation being tedious, and will keep it in consideration for future improvements and AI features. Thank you for sharing your experience with us! ### 24. Simplifies Auditing with Minimal Effort **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Translation and Localization | Mid-Market (51-1000 emp.) **Reviewed Date:** January 21, 2025 **What do you like best about Drata?** I like the graphical interface of Drata. It's fairly easy to use, and after using it for a while, it becomes very easy. You can quickly look at various areas, from monitoring to pass and fail metrics, and risk assessment and assets. It's just easy to move around and understand where you're at and what you're doing. It breaks everything down simply in front of me, so I can see what's been done and what needs to be done without getting overwhelmed. The initial setup was fairly easy, with the majority of everything going smoothly, and I needed minimal assistance to get set up and running. I'm very happy and impressed with the product overall. **What do you dislike about Drata?** Sometimes scrolling is a bit of an issue for me if I have a smaller monitor. There can be up to three slide bars on the right-hand side, and I have to move the page to go through a longer list. **What problems is Drata solving and how is that benefiting you?** Drata helps our small company with SOC 2 Type 2 attestation, clarifying steps for auditing and certifications, and tracking progress efficiently. ### 25. Continuous compliance that turns audits into a non-event **Rating:** 3.5/5.0 stars **Reviewed by:** Verified User in Internet | Mid-Market (51-1000 emp.) **Reviewed Date:** May 18, 2026 **What do you like best about Drata?** The continuous compliance monitoring is the standout, automated evidence collection from AWS, GitHub, and HR tools means SOC2 audits stop being a fire drill. The control dashboard gives a clear real-time view of what's passing, failing, or drifting. **What do you dislike about Drata?** Initial setup and integration tuning takes effort, and some automated checks produce false positives that need manual review. Pricing scales quickly as you add frameworks or users. **What problems is Drata solving and how is that benefiting you?** It turns SOC2 (and other frameworks) from a once-a-year scramble into a continuous, automated process. Evidence is collected on its own, policies are versioned, and personnel onboarding/offboarding is tracked — which means audits become a review instead of a rebuild. **Official Response from Lizzie Higgins:** > Thank you so much for the transparent feedback! We are delighted to hear that using Drata has helped your team move from fire drill audits to consistent and continuous reviews with clear visibility and automated evidence collection. Our team also appreciates the feedback on the setup effort and automated tests, and if there are any specific examples you'd like to share or raise to our product team, feel free to reach out anytime (lizziehiggins@drata.com). Thanks again, and keep up the great work! ### 26. Exceptional Security and Customer Service **Rating:** 5.0/5.0 stars **Reviewed by:** Heather R. | C, Small-Business (50 or fewer emp.) **Reviewed Date:** December 30, 2025 **What do you like best about Drata?** I like that Drata is easy to use, and I feel confident that everything is safe and secure when I store my information. I appreciate that I can just click into it whenever I need to. The support I receive is fast and efficient. It's very fast and efficient overall. Installing Drata was extremely easy; the instructions were simple, and it was ready to go right after downloading. The customer service is exceptional. **What do you dislike about Drata?** I can't think of anything that I dislike about Drata. I found it so simple to install based on the instructions that were sent to me from my IT team. **What problems is Drata solving and how is that benefiting you?** Drata helps us avoid any kind of security breaches, ensuring everything is safe so we don't have to worry about our computers. ### 27. Clean, Intuitive Interface and a Smooth User-Friendly Experience **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.) **Reviewed Date:** May 29, 2026 **What do you like best about Drata?** The interface is clean, intuitive, and visually appealing. The platform communicates issues effectively, maintains a professional design, and provides a smooth, user-friendly experience overall today. **What do you dislike about Drata?** Drata experienced performance issues today, with repeated “Too many concurrent requests” errors disrupting access and workflow. **What problems is Drata solving and how is that benefiting you?** Drata helps automate compliance and security management by centralizing evidence collection, monitoring security controls, and simplifying audit preparation. This reduces manual effort, saves time during compliance reviews, improves visibility into security posture, and helps maintain certifications such as SOC 2 and ISO 27001 more efficiently. However, today's performance issues limited these benefits by causing delays and reducing productivity. ### 28. Streamlined Compliance with Exceptional Support **Rating:** 5.0/5.0 stars **Reviewed by:** Renato C. **Reviewed Date:** February 13, 2026 **What do you like best about Drata?** I find Drata's UI easy to use, and their support team is sharp and quick to reply. They have incredible integration capabilities, and as a small, lean startup team, Drata has been an excellent investment to achieve compliance. I also appreciate that we don't need prior knowledge to onboard thanks to their great guides that help us focus on what matters most. The initial setup of Drata was very easy, offering a great onboarding experience. **What do you dislike about Drata?** The policy review process is lengthy in terms of steps. We manage our policies outside in Notion to allow for collaboration. It would be great if they could have a 'change request' that's comment-driven, reducing the back and forth across different tools to support collaboration. **What problems is Drata solving and how is that benefiting you?** I use Drata for compliance management, handling everything from framework selection to monitoring and integrating with various tools. Its UI is user-friendly, and the integration and support are excellent. It manages policies, audit logs, and ensures a solid paper trail for SOC 2. **Official Response from Lizzie Higgins:** > Hi Renato, Thanks so much for the detailed and thoughtful feedback! We are delighted that you are finding the UI, platform and integrations helpful, as well as our incredible team and content supporting you along the way. We look forward to a continued partnership, and have raised your policy collaboration note to our product team internally. Thanks again, and keep the feedback coming! ### 29. Intuitive ISO Compliance with Room for Compatibility Improvement **Rating:** 5.0/5.0 stars **Reviewed by:** Vish A. | CEO and Principal Architect, Mid-Market (51-1000 emp.) **Reviewed Date:** May 28, 2026 **What do you like best about Drata?** I like that Drata is easy to use. It sends emails to our employees properly, which is really handy. It helps our team get things done quickly, much faster than doing things manually. I also find the portal pretty intuitive. **What do you dislike about Drata?** I think their desktop software is not compatible with all the Windows versions that we have. So we ran into some challenges with that. **What problems is Drata solving and how is that benefiting you?** I use Drata for ISO 27000 compliance, and it's easy to use, sending emails to employees properly. It helps our team get things done quickly compared to the manual process. ### 30. Efficient Security Management with Robust Automation **Rating:** 4.5/5.0 stars **Reviewed by:** Tim P. | Small-Business (50 or fewer emp.) **Reviewed Date:** February 19, 2026 **What do you like best about Drata?** I really like the automation and integrations that Drata provides. They help me manage information security and privacy much more easily, especially since we have limited resources. Drata significantly reduces manual effort and provides easy, actionable insights into areas that need fixing. The initial setup was pretty straightforward, and I also appreciate its seamless integration with tools like GitHub, Heroku, and Google Workspace. **What do you dislike about Drata?** There's a few bits of clunky user flow - e.g. when a control is marked as 'not ready' it's not always clear why it's not ready. It would be better if there was a clear button that showed a step-by-step guide on how to fix something. **What problems is Drata solving and how is that benefiting you?** Drata makes security management easier with limited resources by simplifying evidence collection for audits and compliance. Its automation and integrations reduce manual effort significantly and provide actionable insights into areas needing fixes. **Official Response from Lizzie Higgins:** > Hi Tim! Thanks so much for the feedback, as it helps us continue to improve. We are so happy to hear that our seamless integrations and automated evidence collection are not only helping ease the manual workload on a smaller team, but also providing real, actionable insights into items that can be fixed. This is truly valuable in building and maintaining trust across great companies. :) We also very much appreciate the feedback on control readiness, and will ensure its been raised to the appropriate product team. Thanks so much for your input, and keep up the great work! ### 31. Streamlined Compliance with Automated Evidence Collection **Rating:** 4.0/5.0 stars **Reviewed by:** Arther M. | Head of Information security, Telecommunications, Mid-Market (51-1000 emp.) **Reviewed Date:** January 29, 2026 **What do you like best about Drata?** I use Drata for my GRC program including ISO27001, SOC2, GDPR, and Cyberessentials. I appreciate having better visibility of my controls and risks all in a single console. I like the ability to integrate with my tech stack with automated evidence collection. I don't have to log into AWS and Google Workspace to check compliance as everything is visible from Drata connections. The automation of evidence collection for SOC2 is what made us switch from Rubiq. **What do you dislike about Drata?** The asset management module could be improved to generate a consolidated report. It currently doesn’t display device serial numbers and make, which are useful identifiers for an asset list. The serial numbers can only be seen when downloading a report for an individual, not for the entire company. I’d prefer Drata to have out-of-the-box modules like incident management to avoid purchasing a separate solution. Having an incident management report and a business continuity flow would greatly enhance Drata. Also, the integrations with Zoho Desk have been buggy since last year, and the issue remains unresolved despite logging a ticket about it. **What problems is Drata solving and how is that benefiting you?** With Drata, I have better visibility of my controls and risks on a single console. I also like the integration with my tech stack and automated evidence collection, which means I don't have to log in to AWS and Google Workspace to check compliance. ### 32. From Manual Work to Automation: Why We Love Drata **Rating:** 5.0/5.0 stars **Reviewed by:** Artem T. | Chief Information Security Officer, Mid-Market (51-1000 emp.) **Reviewed Date:** November 13, 2025 **What do you like best about Drata?** The most valuable feature for us is the continuous monitoring and real-time alerts, which provide reassurance that our controls are consistently effective. Drata also simplifies evidence collection and audit preparation, helping us save time and reduce the risk of errors. As a result, we are able to maintain compliance proactively and dedicate more attention to strategic security improvements instead of getting bogged down by administrative work. In terms of usability, the platform is highly intuitive and user-friendly, making it easy for even new team members to navigate and complete tasks. The implementation process was smooth and quick, thanks to clear instructions and minimal disruption to our existing workflows. Drata’s integration with our current tools and systems is seamless, which cuts down on manual work and keeps our data consistent across platforms. The customer support team is always responsive, knowledgeable, and eager to help, which greatly enhances our overall experience. We rely on Drata daily for monitoring and compliance activities, and it has become an essential part of our security operations. **What do you dislike about Drata?** It would be great to have more available integrations, for example with popular observability tools such as Grafana. **What problems is Drata solving and how is that benefiting you?** Drata has been instrumental in removing the complexity and manual work typically associated with maintaining compliance. By automating evidence collection, continuous monitoring, and control verification, it greatly reduces the time needed for audit preparation and helps minimize the risk of human error. This shift enables our team to dedicate more attention to strategic security initiatives rather than getting bogged down by repetitive administrative duties. Furthermore, Drata offers real-time insight into our compliance status, allowing us to proactively identify and address any gaps, which helps us maintain trust with both customers and partners. ### 33. Strong Compliance Visibility and Effortless Audit Readiness with Drata **Rating:** 5.0/5.0 stars **Reviewed by:** Dawn M. | Compliance Officer, Mid-Market (51-1000 emp.) **Reviewed Date:** May 19, 2026 **What do you like best about Drata?** Drata offers strong visibility into compliance readiness across frameworks and significantly reduces the manual effort required for evidence collection, control tracking, and audit coordination. Having a centralized view of controls, integrations, and audit status makes it much easier to manage ongoing compliance work and keep teams aligned. **What do you dislike about Drata?** Nothing to add—overall, we’re very pleased with Drata. **What problems is Drata solving and how is that benefiting you?** Drata streamlines compliance management by centralizing controls, evidence collection, and audit tracking in one platform. It cuts down on manual follow-ups across teams, improves visibility into audit readiness, and helps us manage ongoing compliance activities more efficiently across frameworks. **Official Response from Lizzie Higgins:** > Hi Dawn! Thanks so much for the feedback, we are so pleased to know that your team has more visibility, less manual work, and increased readiness using Drata. Keep up the great work! ### 34. A Top Tool for Maintaining Real Security Beyond Certifications **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Program Development | Mid-Market (51-1000 emp.) **Reviewed Date:** May 28, 2026 **What do you like best about Drata?** It’s honestly one of the best tools to help you maintain security, and not just to complete certifications. It helps you stay genuinely secure, instead of only checking off tasks when they’re needed. **What do you dislike about Drata?** Sometimes the tasks and controls aren’t very easy to read, and I’ve had to upload evidence manually even when the case isn’t correct. Cases that the control is off and is not actually needed **What problems is Drata solving and how is that benefiting you?** How can I maintain and save proof for all the information and other materials needed for certifications like SOC 2 or similar? ### 35. Automates SOC 2 & ISO 27001 Compliance with Real-Time Monitoring and Clear Dashboards **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Computer Software | Mid-Market (51-1000 emp.) **Reviewed Date:** April 28, 2026 **What do you like best about Drata?** how it automates compliance tasks like SOC 2 and ISO 27001, saving a lot of manual effort. It also gives real-time monitoring and clear dashboards, making audits much faster and less stressful. **What do you dislike about Drata?** it can feel expensive, especially for small teams or startups. Also, initial setup and integrations can be a bit complex and time-consuming if your systems aren’t already well organized. **What problems is Drata solving and how is that benefiting you?** solves the problem of manual, time-consuming compliance work by automating evidence collection, monitoring controls, and audit preparation. This benefits me by saving a lot of time, reducing human errors, and helping achieve certifications like SOC 2 much faster with less stress. **Official Response from Lizzie Higgins:** > Thanks so much for the feedback! We're glad to hear that you're enjoying the automation of evidence collection and other compliance tasks, as well as the real-time monitoring and clear dashboards. Our team is delighted anytime we're able to reduce manual effort and reduce stress as you build your GRC program. ### 36. Automated Compliance Made Easy, But Needs User Management Improvements **Rating:** 5.0/5.0 stars **Reviewed by:** Uzair A. | Chief Technology Officer, Small-Business (50 or fewer emp.) **Reviewed Date:** March 24, 2026 **What do you like best about Drata?** I find Drata easy to track my compliance status, and it helps me identify compliance gaps. I also appreciate the automated monitoring that integrates with my existing tools, making real-time tracking possible. Setting up Drata was easy, which was a definite plus for me. **What do you dislike about Drata?** The user review process is a bit tedious as it does not allow you to remove offboarded users directly from products. Right now, we do not have a way to exclude users directly in integrations, so you have to manually exclude them on each review which is a tedious process. **What problems is Drata solving and how is that benefiting you?** I use Drata for SOC 2 compliance, making compliance effortless with automated monitoring. It's easy to track my compliance status and identify gaps in real-time. **Official Response from Lizzie Higgins:** > Thank you so much for the great feedback! We're so glad to hear the set up process was simple, and that the automated monitoring and integrations allow you to quickly and easily understand your compliance status and gaps in real time. ### 37. Effortless Standardization with Drata **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User | Mid-Market (51-1000 emp.) **Reviewed Date:** May 28, 2026 **What do you like best about Drata?** I appreciate Drata because it helps me standardize policies in areas like data use and direct control, which is really crucial for my work with my tech lawyer. I find it fun to work with, and it's very helpful in ensuring that our policies are up to date. My team and the cybersecurity architecture team use it to understand how the technology framework is evolving. The initial setup was great and very smooth, without any issues. **What do you dislike about Drata?** I think one thing that could be improved is having scheduled data control measures fortnightly or a timeline that we could set. That would generally help. **What problems is Drata solving and how is that benefiting you?** Drata standardizes tech policies, helps manage technology architecture, and keeps policies up to date, benefiting my team and the cybersecurity architecture team. ### 38. Streamlined SOC2 Compliance, Intuitive and Effective **Rating:** 5.0/5.0 stars **Reviewed by:** Dave R. **Reviewed Date:** January 15, 2026 **What do you like best about Drata?** I appreciate how Drata keeps everything organized, from evidence and compliance to risk management, making it the key to everything. The interface is always improving, becoming smarter and easier to use, which is great since I am in it every day working on compliance. What I really like is how the interface actively guides me through compliance work by linking controls, policies, and integrations together. It lets me see what's wrong, what's missing, why it matters, and how to fix it. The setup process is very intuitive as well, allowing me to add and remove vendors, policies, and connections easily. Drata was essential in obtaining our first SOC2 certification and continues to be invaluable in maintaining it. I can't imagine how challenging it would be to organize everything without Drata. **What do you dislike about Drata?** I always seem to struggle when it comes to the hardware. I feel that workstations could be reported on a little better. Same for people. When looking at people, and seeing their compliance tasks overdue, like policies, it feels a bit convoluted. **What problems is Drata solving and how is that benefiting you?** I use Drata for maintaining our SOC2 compliance. It organizes our evidence, policies, and more in one place. The interface guides compliance work actively, linking controls and policies. I can't imagine organizing SOC2 without it. ### 39. Comprehensive Compliance Templates for Nearly Every Audit Type **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Financial Services | Small-Business (50 or fewer emp.) **Reviewed Date:** January 14, 2026 **What do you like best about Drata?** Drata let's us control all of our compliance/audit related requirements in one system–simple as that. The UX is great–it's easy to understand, easy to navigate, easy to add evidence, etc. The automation workflows are great–being able to automatically import all of our employees, devices, 2FA rules, etc. directly from our SaaS/PaaS products (e.g., Azure) is fantastic. The TrustCenter is quite helpful as well as a way of sharing sensitive documents (e.g. audit reports) with third parties in a tracked manner. It's a great tool tbh. **What do you dislike about Drata?** It's a big system so it can be quite confusing at first. It's hard to know what's actually required for your various audit types–Drata gives you a template for nearly everything, but do you actually need everything in the template? Probably not. That's not Drata's fault, it's just the nature of being a generalized compliance tool that works across every industry. **What problems is Drata solving and how is that benefiting you?** What are our SOC 2 requirements? We can't go through a SOC 2 audit without knowing all of our requirements. Drata tells you your requirements and lets you manage them all in one place. ### 40. Gets the job done, but always worth taking a look at competitors **Rating:** 4.0/5.0 stars **Reviewed by:** J N. | Director of Operations & Partnerships, Small-Business (50 or fewer emp.) **Reviewed Date:** June 02, 2026 **What do you like best about Drata?** The platform is relatively easy to use and has everything included within it **What do you dislike about Drata?** Sometimes it is unclear how the process works fully, especially with the involvement of 3rd party companies **What problems is Drata solving and how is that benefiting you?** SOC 2 Type 2 Certification, it would help us in our sales endeavors ### 41. Easy-to-Use Interface, Reliable Security Solution **Rating:** 4.5/5.0 stars **Reviewed by:** Ítalo D. | Technical Project Manager **Reviewed Date:** January 12, 2026 **What do you like best about Drata?** I like how easily and friendly the interface of Drata is. It's very clean, and everything is easy to find, which is important since we ask our employees to use this software once a year; having an easy-to-use interface is crucial. It ensures that they can complete courses and understand everything without spending a lot of time figuring out how the software works. The initial setup was easy too; we just needed to set some things, and it was working pretty well. Everyone can do the courses and make sure they're aware of the best practices, so it's easy-going software. **What do you dislike about Drata?** I had some issues logging in, but the team was very helpful. They helped me, and I received a reply a few minutes after requesting some help. They can add an option to log in with social media to avoid issues, such as not receiving matching links because they end up in the spam folder. **What problems is Drata solving and how is that benefiting you?** I use Drata to ensure my team understands secure best practices and that our computers run smoothly, free of viruses or breaches. It also helps prevent sensitive company data from being compromised. ### 42. Strong AWS Integrations and Automation, but a Confusing UI and Terminology **Rating:** 3.5/5.0 stars **Reviewed by:** Verified User in Computer Software | Mid-Market (51-1000 emp.) **Reviewed Date:** May 29, 2026 **What do you like best about Drata?** As a devops engineer the most useful part is the AWS integrations (and other similar integrations), and the automated controls. **What do you dislike about Drata?** The web interface is sometimes hard to navigate, links don't always open what I expect, or are just lacking. The wording is sometimes confusing: some terms seem specific to Drata and need to be learnt, but there's no contextual help. **What problems is Drata solving and how is that benefiting you?** Mostly gathering data, proofs, for security audits. In particular for complex scenarios or broad areas where manual collection would be very painful. **Official Response from Ashley Hyman:** > Thank you so much for your review! I'd love to connect and learn more about your challenges with navigation and terminology. Your feedback is very important to us. Please reach out to me at ashley@drata.com to review in more detail. Looking forward to chatting with you! Ashley Hyman VP of Customer Experience ### 43. Outstanding for Security Compliance and Evidence Collection **Rating:** 3.5/5.0 stars **Reviewed by:** Verified User in Computer Software | Mid-Market (51-1000 emp.) **Reviewed Date:** November 26, 2025 **What do you like best about Drata?** I like the most the ease of communication with auditors through the platform. I also like the ease of tracking Personnel compliance through Drata. **What do you dislike about Drata?** I really had more use from customer support than from our account manager to be honest. Also, some fixes took weeks for us, which was not convenient since it was during the audit. **What problems is Drata solving and how is that benefiting you?** Having everything in one place for the auditor really helps me a lot, and it makes the whole process much easier. ### 44. Effortless Compliance with Stellar Support **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User | Mid-Market (51-1000 emp.) **Reviewed Date:** June 09, 2026 **What do you like best about Drata?** I like that Drata helps me with getting ISO 27001 by working as a checklist. The interface and integrations work really well, which I find valuable. It's easy to use and offers clear progress tracking, which allows us to scope tasks efficiently. The customer support is great, as demonstrated when Terrious helped me with the Orca integration issue. **What do you dislike about Drata?** The Orca integration was not working but Terrious managed to help me. Support was great **What problems is Drata solving and how is that benefiting you?** I use Drata to help me get ISO 27001. It works as a checklist, is easy to use, provides clear progress tracking, and allows us to scope tasks effectively. The interface and integrations work really well. **Official Response from Lizzie Higgins:** > HI there! Thank you for the feedback :) We're thrilled to hear that you find Drata valuable for your ISO 27001 compliance efforts, and that the integrations are key to your program, and that you enjoy the interface. Our team works hard to provide stellar support and we're glad Terrious was able to assist you with the Orca issue. Keep up the great work! ### 45. Smooth Onboarding, Budget-Friendly Compliance **Rating:** 4.0/5.0 stars **Reviewed by:** Matt K. | XTO, Small-Business (50 or fewer emp.) **Reviewed Date:** December 31, 2025 **What do you like best about Drata?** I like the pricing point of Drata, which is important as we are mindful about our budget while trying to achieve SOC2 compliance. The onboarding process was smooth, and we were guided through a series of workshops and onboarding sessions that provided us the tools to start using the platform effectively. The initial setup of Drata was also easy. **What do you dislike about Drata?** The UI is a little confusing sometimes. As someone who has already done a SOC2 audit with a competitor product, I sometimes find the Drata platform a little confusing. It's not straightforward to see what tasks are missing and what specific things we need to fix. I think UX could be improved. **What problems is Drata solving and how is that benefiting you?** Drata simplifies compliance by having auditors use the same platform for audits, reducing the compliance burden. The reasonable pricing point helps us stay within budget while working toward SOC2 compliance. The onboarding process with workshops and sessions made it easy to start using the platform. ### 46. Drata: Centralized and Efficient for Compliance **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User | Small-Business (50 or fewer emp.) **Reviewed Date:** May 29, 2026 **What do you like best about Drata?** I love the ease of use of Drata. The centralization is what helps us the most, it saves a lot of time with our small team. It prevents us from having confusion about what is up-to-date or not. I also appreciate the sharing with our auditors for certifications. **What do you dislike about Drata?** For now, nothing. Except maybe the price, which is high for a startup. **What problems is Drata solving and how is that benefiting you?** Drata helps us manage our compliance with a small team, especially for SOC 2 and soon GDPR. The centralization, notifications, and task tracking help us stay compliant. Saves a lot of time by avoiding confusion over up-to-date documents. ### 47. Easy to Use Trust Center That Clients Love **Rating:** 5.0/5.0 stars **Reviewed by:** Dan F. | Senior Manager, IT Compliance, Audit & Risk, Small-Business (50 or fewer emp.) **Reviewed Date:** May 28, 2026 **What do you like best about Drata?** Very easy to use and have had great feedback on providing Trust Center to clients. **What do you dislike about Drata?** Rare but occasional outages. Haven't received much info yet on the SafeBase transition. **What problems is Drata solving and how is that benefiting you?** Automating attestation report, questionnaire and policy distribution. ### 48. Centralizes Compliance Evidence, Needs Policy Sync **Rating:** 3.5/5.0 stars **Reviewed by:** Allen A. | Director of Operations **Reviewed Date:** December 18, 2025 **What do you like best about Drata?** I like that Drata reminds us when to update and submit our evidence for the past 12 months. It's convenient to have one place to add all the evidence instead of having pieces stored in different locations. This organization makes it easier to refer back to the information submitted as evidence. The reminders are also helpful once the time to review the evidence is near. We have successfully integrated Drata with our other platforms like Office365, Jira, and Bitbucket. **What do you dislike about Drata?** The audit option is a bit clunky as it's hard to differentiate who owns the control. In addition, we still need to double up on maintaining the policies. Once version in Drata and another soft copy we need to keep when it is required by our clients when we do proposals. Our Sales team will need access to the latest version. It took a while to fully understand what it did. **What problems is Drata solving and how is that benefiting you?** I use Drata to assist with obtaining SOC2 Type 2 and HIPAA reports. Drata centralizes evidence submission, making it easier to refer back and providing reminders when updates are needed. ### 49. Efficient Compliance Management, Needs More Reporting options **Rating:** 4.0/5.0 stars **Reviewed by:** Nick C. **Reviewed Date:** December 15, 2025 **What do you like best about Drata?** I like Drata's simple login UX which makes onboarding users easy since they just need to go to the login screen and sign in with Google. The reporting feature is decent and allows me to track how many people are yet to install the agent. I also appreciate the ease of installing the agent software. The initial setup was fairly good, with simple integration of Google Workspace and Atlassian, and even though the integration with Hibob (HRIS) took a bit longer, Drata support was helpful in resolving this by providing the necessary third-party integration docs. **What do you dislike about Drata?** More reporting options would be useful. More granularity with filters is needed; for example, I can filter by non-compliant devices, but I can't filter by a single non-compliant device-related item like a screen lock. Also, scheduled and saved reports are a must, which is missing currently. The initial setup with certain integrations like HiBob (HRIS) took a little longer because the guide we followed ended up missing a few steps. Eventually, Drata support helped by finding the third-party integration docs and forwarding them to me. **What problems is Drata solving and how is that benefiting you?** Drata identifies security gaps, helps us start policies, and simplifies user onboarding with Google sign-in. Reporting shows agent installation status, and the agent is easy to install. ### 50. Great Features but Mediocre UX **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Hospital & Health Care | Small-Business (50 or fewer emp.) **Reviewed Date:** March 18, 2025 **What do you like best about Drata?** Drata has a big range of features and covers a lot of usecases for us. Also, the integrations that exist are relatively easy to integrate. **What do you dislike about Drata?** There are two downsides to Drata, in my opinion: 1) User Experience The UX of the product is okay, but it's not great. There are multiple smaller paper-cuts: The UI is overall a bit slow, frequently presenting loading spinners. Controls/Monitors have individual URLs, but unfortunately when shared they get removed. I.e. even if I send a colleague a link to a specific /control/123 they will get redirected to all controls instead of the specific one. 2) Integration Limitations The default integrations that come with Drata are a bit limited, e.g. we still haven't been able to connect a vulnerability scanner into Drata, as it comes with 14 different options by default and we use none of them. That's always an issue with these integration platforms, but it's not clear to us yet how we could build a manual API integration for this feature. **What problems is Drata solving and how is that benefiting you?** Drata helps us track our compliance against a wide range of controls. We are using Drata's automation features to reduce the burden on our employees. ## Drata Discussions - [Hard Disk Encryption](https://www.g2.com/discussions/hard-disk-encryption) - 1 comment, 2 upvotes - [How are others coping with slower support, chatbot inconsistencies, and login / chat issues?](https://www.g2.com/discussions/how-are-others-coping-with-slower-support-chatbot-inconsistencies-and-login-chat-issues) - 1 comment, 1 upvote - [Has anyone else felt friction between Drata’s control depth and their own compliance approach or frameworks?](https://www.g2.com/discussions/has-anyone-else-felt-friction-between-drata-s-control-depth-and-their-own-compliance-approach-or-frameworks) - 1 comment, 1 upvote - [What’s your workaround when Drata’s integrations and automation do not go deep enough?](https://www.g2.com/discussions/what-s-your-workaround-when-drata-s-integrations-and-automation-do-not-go-deep-enough) - 1 comment, 1 upvote - [How are you all dealing with confusing navigation and policy / control relationships in Drata?](https://www.g2.com/discussions/how-are-you-all-dealing-with-confusing-navigation-and-policy-control-relationships-in-drata) - 1 comment, 1 upvote - [View Drata pricing details and edition comparison](https://www.g2.com/products/drata/reviews?section=pricing&secure%5Bexpires_at%5D=2026-06-18+02%3A15%3A31+-0500&secure%5Bsession_id%5D=12bdbb7f-c037-4592-8262-07f975ba5dec&secure%5Btoken%5D=1ab033c585475c990c2d63efb0ecceaca302dc99c016afdd4653d714c953f9fb&format=llm_user) ## Drata Integrations - [ADP Workforce Now](https://www.g2.com/products/adp-workforce-now/reviews) - [Agentforce Sales (formerly Salesforce Sales Cloud)](https://www.g2.com/products/agentforce-sales-formerly-salesforce-sales-cloud/reviews) - [Amazon EC2](https://www.g2.com/products/amazon-ec2/reviews) - [Atlassian Enterprise Support](https://www.g2.com/products/atlassian-enterprise-support/reviews) - [AWS Cloud9](https://www.g2.com/products/aws-cloud9/reviews) - [AWS Cloud Development Kit (AWS CDK)](https://www.g2.com/products/aws-cloud-development-kit-aws-cdk/reviews) - [AWS Lambda](https://www.g2.com/products/aws-lambda/reviews) - [AWS Organizations](https://www.g2.com/products/aws-organizations/reviews) - [Azure App Service](https://www.g2.com/products/azure-app-service/reviews) - [Azure Blob Storage](https://www.g2.com/products/azure-blob-storage/reviews) - [Azure Databricks](https://www.g2.com/products/azure-databricks/reviews) - [Azure Portal](https://www.g2.com/products/azure-portal/reviews) - [Azure SQL Database](https://www.g2.com/products/azure-sql-database/reviews) - [Azure Virtual Machines](https://www.g2.com/products/azure-virtual-machines/reviews) - [BambooHR](https://www.g2.com/products/bamboohr/reviews) - [Bitbucket](https://www.g2.com/products/bitbucket/reviews) - [Bitwarden](https://www.g2.com/products/bitwarden/reviews) - [Certn](https://www.g2.com/products/certn/reviews) - [Checkr](https://www.g2.com/products/checkr-inc-checkr/reviews) - [Checkr](https://www.g2.com/products/checkr/reviews) - [ClearFeed](https://www.g2.com/products/clearfeed/reviews) - [Confluence](https://www.g2.com/products/confluence/reviews) - [CrowdStrike Falcon Cloud Security](https://www.g2.com/products/crowdstrike-falcon-cloud-security/reviews) - [CrowdStrike Falcon Endpoint Protection Platform](https://www.g2.com/products/crowdstrike-falcon-endpoint-protection-platform/reviews) - [Docusign](https://www.g2.com/products/docusign/reviews) - [Employment Hero](https://www.g2.com/products/employment-hero/reviews) - [Git](https://www.g2.com/products/git/reviews) - [GitHub](https://www.g2.com/products/github/reviews) - [Google Cloud Run](https://www.g2.com/products/google-cloud-run/reviews) - [Google Workspace](https://www.g2.com/products/google-workspace/reviews) - [Hexnode UEM](https://www.g2.com/products/hexnode-uem/reviews) - [HubSpot Sales Hub](https://www.g2.com/products/hubspot-sales-hub/reviews) - [Ironclad](https://www.g2.com/products/ironclad/reviews) - [Iru](https://www.g2.com/products/iru/reviews) - [Jamf](https://www.g2.com/products/jamf/reviews) - [Jira](https://www.g2.com/products/jira/reviews) - [Jira Service Management](https://www.g2.com/products/jira-service-management/reviews) - [JumpCloud](https://www.g2.com/products/jumpcloud/reviews) - [KnowBe4 Security Awareness Training](https://www.g2.com/products/knowbe4-security-awareness-training/reviews) - [Linear](https://www.g2.com/products/linear/reviews) - [Microsoft 365](https://www.g2.com/products/microsoft365/reviews) - [Microsoft Entra ID](https://www.g2.com/products/microsoft-entra-id/reviews) - [Microsoft Intune Enterprise Application Management](https://www.g2.com/products/microsoft-intune-enterprise-application-management/reviews) - [Microsoft Teams](https://www.g2.com/products/microsoft-teams/reviews) - [New Relic](https://www.g2.com/products/new-relic/reviews) - [Objectivity/DB](https://www.g2.com/products/objectivity-db/reviews) - [Okta](https://www.g2.com/products/okta/reviews) - [Qualys VM](https://www.g2.com/products/qualys-vm/reviews) - [Rippling](https://www.g2.com/products/rippling/reviews) - [Salesforce Heroku](https://www.g2.com/products/salesforce-heroku/reviews) - [SentinelOne Singularity Endpoint](https://www.g2.com/products/sentinelone-singularity-endpoint/reviews) - [Slack](https://www.g2.com/products/slack/reviews) - [Slack Connector for Jira](https://www.g2.com/products/slack-connector-for-jira/reviews) - [Swif.ai](https://www.g2.com/products/swif-ai/reviews) - [Zoho CRM](https://www.g2.com/products/zoho-crm/reviews) - [Zoho Desk](https://www.g2.com/products/zoho-desk/reviews) ## Drata Features **Security** - Compliance Monitoring - Anomoly Detection - Cloud Gap Analytics **Functionality** - Questionnaire Templates - User Access Control **Compliance** - Governance - Data Governance - Sensitive Data Compliance **Risk assessment** - Risk Scoring - Monitoring And Alerts - AI Monitoring **Generative AI - Security Compliance** - Predictive Risk - Automated Documentation **Security** - Data Security - Data loss Prevention - Security Auditing **Administration** - Policy Enforcement - Auditing - Workflow Management **Generative AI - Vendor Security and Privacy Assessment** - Text Summarization - Text Generation **Identity** - SSO ## Top Drata Alternatives - [Vanta](https://www.g2.com/products/vanta/reviews) - 4.6/5.0 (2,429 reviews) - [Sprinto](https://www.g2.com/products/sprinto-inc/reviews) - 4.8/5.0 (1,638 reviews) - [Scrut Automation](https://www.g2.com/products/scrut-automation/reviews) - 4.9/5.0 (1,310 reviews)