External reviews
1,074 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Great product, Even Better Team
What do you like best about the product?
The automation, so nice to be able to keep track of all evidence within one platform and be able to assign owners, set expiration dates and integrate with a multitude of our internal tools. The support staff is even better, always willing to answer questions and answering back within 4 hours.
What do you dislike about the product?
I wish it had more customization with the monitors it does have as not all organizations have the same configurations and it would be easier to create the connections yourself with the tools within our cloud based host.
What problems is the product solving and how is that benefiting you?
Drata streamlines our compliance process by automating the collection and organization of evidence required for SOC 2 Type II and HIPAA audits, saving us significant time and resources.
It enhances our ability to monitor and maintain continuous compliance, reducing the risk of errors or missed requirements.
With Drata, we have improved transparency and efficiency in demonstrating compliance to auditors and stakeholders, enabling us to focus on core business operations.
It enhances our ability to monitor and maintain continuous compliance, reducing the risk of errors or missed requirements.
With Drata, we have improved transparency and efficiency in demonstrating compliance to auditors and stakeholders, enabling us to focus on core business operations.
Aprio January 2025 Review
What do you like best about the product?
Client preparedness for audits. Ease of access through the auditor portal.
What do you dislike about the product?
Most clients believe that we gain efficiencies by obtaining documentation through a GRC platform, but for an auditor, it is really just an different documentation repository. This isn't specific to Drata, it applies broadly. However, integration with FieldGuide should change this.
What problems is the product solving and how is that benefiting you?
Drata helps clients better prepare audit artifacts and have more documenation available the first day of fieldwork.
Best Compliance tool out there
What do you like best about the product?
It is very easy to use, Implementation was a breeze, and also has top-notch customer support. We use the product on a daily basis and since it was easy to integrate with our other platforms, compliance is easier to perform.
What do you dislike about the product?
Some granularity in controls still needs an uplift, one such place is ticketing management, It currently only supports Jira which creates some difficulties when performing tasks.
What problems is the product solving and how is that benefiting you?
Keeping up with compliance frameworks, monitoring controls and systems, maintaining policies and procedures, managing vendors
Speeding up Compliance paired with great customer success
What do you like best about the product?
Automation, policy templates and monitoring
What do you dislike about the product?
The auditor experience could be improved. Sometimes the auditors arent really tech savyy and cant find evidences.
Giving them access read only to my complete instance was the way to go!
Giving them access read only to my complete instance was the way to go!
What problems is the product solving and how is that benefiting you?
Speeding up tremendously the security and compliance posture for SOC2
Strong tool at a good value
What do you like best about the product?
It's extensive without being overwhelming.
What do you dislike about the product?
None to speak of really. We're happy so far.
What problems is the product solving and how is that benefiting you?
We are currently working on our SOC II type 2 report. Drata helps up keep track of our progress and needs without getting lost or overwhelmed.
It seems good to me
What do you like best about the product?
It is not intrusive at all - as a user UI just have the agent on my laptop and it does its thing in the backround. My antivirus got disabled and I got a call the next day from our IT department to help me reneable it - so the monitoing is working wekk.
What do you dislike about the product?
I was surprised that they don't have an AI chatbot to solve simple proiblems, I had an issue with the software and had to email the suppor team, seems quite quaint these days. havin said that, the support was quick and resolved my problem.
What problems is the product solving and how is that benefiting you?
Makinmg sure we are compliant
Amazing customer support by Pablo.
What do you like best about the product?
Best Connectivity capabiltiies they have on their tool.
What do you dislike about the product?
It would be great if you could provide mor information from an audit perspective.
What problems is the product solving and how is that benefiting you?
Security Compliance
A great platform that is growing with our capabilities and maturity
What do you like best about the product?
Being able to manage 8 different security compliance frameworks on one platform with only one FTE! The customer sucess team is also great and very much focused on building a long-term relationship...this was the clincher for us. (A big shout out to Alex and Aoife)
What do you dislike about the product?
Some capabilites are maturing slower than others (such as risk and asset management) .
What problems is the product solving and how is that benefiting you?
Managing multiple compliance frameworks, as well as general GRC activities, with limited resources.
Great compliance automation tool, great UX, easy to navigate.
What do you like best about the product?
Drata has been great to map from the ISO 27001 framework requirements to actual controls. Whilst it doesn't replace compliance activities, it has sped up our alignment of our existing process to the ISO 27001 framework controls. The in-built policies have been great to use a base for review and sometimes wholly draft new policies. The risk assessment area is also very good for keeping and scoring risks.
Finally the automation of controls is very good and suited to our environment (circa 150 employees + AWS infratructure). The tool makes it easy to disable tests (where not appropriate) or exclude particular items from the test (and justify this). The raw evidence is often very helpful for troubleshootin why our infrastructure may fail a particular test.
Their customer success folk are absolutely excellent and work with you the whole way, and the interface is very intuitive and so it's as 'self-service' as you can imagine. The onboarding of the various integrations/connections was seamless with little need for help.
During the "getting compliant", Drata has been used pretty mcuh every day by the security team in order to keep track of progress.
Finally the automation of controls is very good and suited to our environment (circa 150 employees + AWS infratructure). The tool makes it easy to disable tests (where not appropriate) or exclude particular items from the test (and justify this). The raw evidence is often very helpful for troubleshootin why our infrastructure may fail a particular test.
Their customer success folk are absolutely excellent and work with you the whole way, and the interface is very intuitive and so it's as 'self-service' as you can imagine. The onboarding of the various integrations/connections was seamless with little need for help.
During the "getting compliant", Drata has been used pretty mcuh every day by the security team in order to keep track of progress.
What do you dislike about the product?
Dislike is a strong word. Given the relative youngness of the company, there are a few rough edges spread around none of which stop getting the value from the tool. It sometimes feel like the tool is geared more towards "keeping compliant" than "getting compliant" - which of course will be the vast majority of the platform's use.
Occasionally, the platform is a little limited (integrating with Enterprise Intune policies needs to be done in a very particular way) - though this we managed to overcome with the help our Customer Success manager. In other areas, we disagreed with some of the automated monitoring tests and their implementation (for example around production access to Gitlab). but that was overcome by using their API to upload evidence automatically from a small CI/CD job and disabling that single test. On the whole, we use almost every test provided by Drata out of the box.
Occasionally, the platform is a little limited (integrating with Enterprise Intune policies needs to be done in a very particular way) - though this we managed to overcome with the help our Customer Success manager. In other areas, we disagreed with some of the automated monitoring tests and their implementation (for example around production access to Gitlab). but that was overcome by using their API to upload evidence automatically from a small CI/CD job and disabling that single test. On the whole, we use almost every test provided by Drata out of the box.
What problems is the product solving and how is that benefiting you?
It's helping ensuring that as we rework our policies, ways of working, etc, that we are algining to ISO 27001 and helping us formalise and identify activities we were already doing. Ultimately, it will help us with the ongoing compliance by prompting for regular activities to be performed, highlighting where we've departed from standards/policies immediately within 24 hours, etc.
Great tool with a great team behind
What do you like best about the product?
Very easy-to-use tool with a lot of functionality provided out of the box. On top of this, the team is super supportive and responsive.
What do you dislike about the product?
When following a particular framework, ISO 27001:2022 in our case, it makes it difficult to get a clear overview of controls required within the framework, statement of applicability. So we had to develop a different overview we used for audit purposes to show the controls, whether they are applicable to us or now and how they are implemented (where we linked all relevant Drata controls). So was a bit of a work around.
What problems is the product solving and how is that benefiting you?
Automated monitoring, risk management, controls management, evidence library.
showing 151 - 160