I work with Drata on compliance and audit processes.
External reviews
1,118 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Drata for ISO 27001:2022
What do you like best about the product?
With Drata I was able to update our ISO 27001:2013 to 2022 in just a few months. The policy templates and the ability to import existing policies made this very efficient.
What do you dislike about the product?
Drata is still a new service. They have developed compliance automation and automated data ingestion for a large number of SaaS providers, but still have a long liist of providers to integrate.
What problems is the product solving and how is that benefiting you?
For SaaS native companies certified under ISO 27001 ad SOC2, Drata saves hundreds of hours preparing the Information Management systems. Creation and Editing of Policies are facilitated by the template documents provided. The service provides expert help from systems and compliance experts. Our success manager was exceptional. Elizabeth kept the goals for configuration organized for us like a project manager, she showed us tips and tricks withh the expertise of a systems admin, her recomendations and advice helped us to achive an ISO audit with No Major and No Minor findings meeting the new 2022 standard. The integration with our Auditors (A-Line) allowed Drata to host the audit and for the Auditors to use the Drata tools. This was a great time and cost savings.
Risk management, Vendor management, Asset management and Tust center services that allow us to share our public facing compliance documents with current and potential customers, are all integrated into Drata.
Our Mac fleet is monitored for compliance continuously. Configuration and patching tests run daily. Policy attestations are requested directly to the users when channges are made. Users know about the changes when they are completed and can read and attest directly from the service.
Risk management, Vendor management, Asset management and Tust center services that allow us to share our public facing compliance documents with current and potential customers, are all integrated into Drata.
Our Mac fleet is monitored for compliance continuously. Configuration and patching tests run daily. Policy attestations are requested directly to the users when channges are made. Users know about the changes when they are completed and can read and attest directly from the service.
We love Drata!
What do you like best about the product?
It seems dumb to say out loud, but it works as expected, every time, and I have the support I need to do what I need to do, when I need to do it. I don't think I've ever waited on help or an answer, and our entire team finds value in the tool each time we use it. You can't say that about much in the software world. We had an easy implementation, easy integration experience, and I love that the chatbot actually works in the after hours when I need to ask my obscure questions. Turns out they're really not all that out of the ordinary, because there's a ready made and easy to find answer no matter what time I want to ask the question.
What do you dislike about the product?
I'm a little sad my person moved onto another job (Claire), but we have a lovely new person and I know we're in good hands.
What problems is the product solving and how is that benefiting you?
Drata has made our lives much easier, and while we still haven't started having all of our users use it themselves, it does greatly simplify our lives in that the integrations have saved us a ton of time in evidence gathering, but also system monitoring and having to reconnect the integrations, which was happening a lot with Vanta. I can't count how many times the integrations broke and caused us to have to restart in the middle of an audit. Such a waste of time and effort (and patience).
Helps eliminate evidence gathering and makes assigning different activities easier, simplifying compliance and audit processes
What is our primary use case?
What is most valuable?
Drata helps eliminate evidence gathering and makes assigning different activities to different team members easier, simplifying compliance and audit processes. In Pennsylvania, we're putting in thousands of hours. Drata improves our security posture by reducing extra work, allowing us to focus on other security directives. I like the control editing and task management features the most. It's easy to use, but it's also easy for people to think they don't need security experts if they have it.
What needs improvement?
In terms of improvements, I'd suggest better marketing since the industry tends to market these tools as security experts, which isn't true.
For how long have I used the solution?
I have been using Drata for the past eight months.
What do I think about the stability of the solution?
I've had no issues with stability.
What do I think about the scalability of the solution?
Drata is very scalable and suitable for larger organizations due to the ability to assign tasks to different business lines. We have around twenty users across various companies, and I still use other tools.
How are customer service and support?
The technical support team is good, though I haven't used them much.
How was the initial setup?
The initial setup is pretty straightforward.
What's my experience with pricing, setup cost, and licensing?
It's one of the more expensive options, but I think it's worth the money if you can afford it.
What other advice do I have?
I'd rate Drata an eight out of ten because there's always room for improvement. We've seen value and impact from this tool, and I would recommend it to others. My advice would be to have a set project plan for implementation and to get help from a security expert if you don't have one in-house.
Achieves both SOC 2 and ISO 27001 compliance with improved security posture
What is our primary use case?
We use the solution to achieve both SOC 2 and ISO 27001 compliance.
How has it helped my organization?
Drata improved our security posture by ensuring that all our laptops were encrypted and all our production environments were validated with MFA access. We tracked all our Jira tickets to ensure timely remediation. Going through SOC 2 compliance, we still had to perform other tasks like external pen testing, which we achieved, and document it. We also developed tabletop exercises, which were conducted annually, and performed disaster recovery testing on the database. All this was tracked in Drata in real-time, allowing us to quickly identify and address issues, such as TLS encryption problems.
Drata helped us publish our ISO and SOC reports, which was essential for the acquisition. The challenge now is whether Drata can scale up to meet the needs of a larger company. Drata is excellent for startups and small—to medium-sized companies but may face challenges in larger organizations with multiple environments.
What needs improvement?
One of the challenges with Drata is that if you're paying for a subscription to ISO 27001, you must undergo a risk assessment. You should have access to all necessary modules on the platform to achieve your compliance posture and certification.
It provides real-time reporting regarding SOC 2 or ISO compliance. The auditors issue the reports. Therefore, if the auditors make a recommendation, such as configuring our alert system internally based on their advice, we implement it. Drata must also address its bugs to improve things for the auditors.
For how long have I used the solution?
I have been using Drata for one and a half years.
What do I think about the stability of the solution?
After the acquisition, we're still integrating Drata into our environment. The challenges of this integration with the new regime are more significant than anticipated. One issue is stability; when Drata releases updates, we notice some bugs, especially those affecting Mac users. While Drata seems well-suited for smaller startups and mid-sized companies, larger enterprises may encounter more hurdles. Such platforms must remain robust despite occasional integration issues, as updates are necessary for continuous improvement.
I rate the solution's stability a nine out of ten.
What do I think about the scalability of the solution?
These platforms provide real-time reporting. For example, if a control fails, such as requiring all users to log in with unique passwords, I receive an alert. If a user hasn't logged in, the system flags it. Drata helps streamline this process. When a new employee starts, I meet with them to configure their laptop with Drata and show them where the training is. Drata's real-time monitoring is beneficial.
Drata is particularly effective for smaller companies, where communication is easier, and departments are not siloed like in larger organizations. This makes Drata a good platform for startups to complete their audit reporting and demonstrate their legitimacy. Companies can use this to attract private equity, go IPO, or secure more funding from investors.
Ultimately, companies reach a certain level of corporate maturity where they recognize the value of these investments. Real-time reporting and monitoring with Drata pay off by highlighting smaller issues early on, which benefits the company's overall operation and growth.
How are customer service and support?
Drata also made certain promises regarding specific features but did not deliver.
How would you rate customer service and support?
Neutral
Which other solutions did I evaluate?
I've had other demos and due diligence meetings with various vendors, some at the same level as Drata. The challenge becomes whether the bigger company wants to spend the higher cost. It becomes a negotiation between price and service.
What other advice do I have?
Drata has excellent integrations and allows for real-time monitoring. Some tasks require manual uploads for screenshot evidence. It can have company policies within the module. This prevents data islands in Dropbox, Google Drive, or other locations. You can tell critical stakeholders, "Alright, we're having a meeting. Here's the draft; let's edit it." Once edited, the owner can press the green button to publish it, automatically sending alerts to the entire company or specific groups.
For example, if the access control policy is updated, everyone must acknowledge the change. You can create groups, like the dev team, to agree to policies like SDLC, change management, or vulnerability management. Any changes are automatically pushed to designated personnel, who must review and approve them. You can track when they've done this in real-time, which is essential for auditors. Everything within the module shows whether personnel have agreed to specific policies.
There are other competitors out there. If you don't prefer Drata, find a similar platform. Many different companies exist because Drata enables you to monitor things in real time, which is crucial for both short-term and long-term goals. Short-term goals include daily or weekly reviews for compliance, while long-term goals aim to achieve SOC 2 and ISO goals.
Overall, I rate the solution an eight out of ten.
Amazing Support and Relationship Management
What do you like best about the product?
Comprehensive: Risk register, vendor management, compliance frameworks, stellar support bot and human support, excellent customer success manager (Mike Mechling).
As we onboarded the team from drata were not just saying that they were committed to us, they were actually committed and made sure we onboarded with significant ease.
As we work with our audit team for SOC and ISO, we did encounter a few elements on the controls to help indicate if something or was not complete.vThese were UX elements and our customer success manager spent the time to document and ingrst that feedback.
We also integrated to our various systems for HR, IT and other systems without much difficulty.
As we onboarded the team from drata were not just saying that they were committed to us, they were actually committed and made sure we onboarded with significant ease.
As we work with our audit team for SOC and ISO, we did encounter a few elements on the controls to help indicate if something or was not complete.vThese were UX elements and our customer success manager spent the time to document and ingrst that feedback.
We also integrated to our various systems for HR, IT and other systems without much difficulty.
What do you dislike about the product?
Its a really good GRC platform. There is nothing to highlight as truly deficient.
What problems is the product solving and how is that benefiting you?
compliance management and reporting
Cashrewards feedback on DRATA and the support we receive
What do you like best about the product?
As a compliance automation platform it is a feature-rich business tool that provides a way to automate a variety of manual checkpoints. We are an ISO 27001 organisation and the ability to set up an environment that closely mirrors what we need is fantastic.
From a support persepctive Greta Wagner has exhibited an unshakable ability to suppoort and help us drive our use of DRATA by ensuring our requirements are being met for various areas of specific functionality. We have been able to get uplifted functionality for the rsik register and risk measurement process introducing both Inherent and Residual risk scoring and tracking, risk obver time and being able to allocate Risks by deparnent/function versus framework specific risk arrays.
Vendor management: while DATA is not a CLM platform it does have many aspects of a CLM solution. Vendor security questionnaires functionality was uplifted to suit our needs.
Open for suggestion and work with you to deliver. Listening, followup, and delivery. Vital to our success.
From a support persepctive Greta Wagner has exhibited an unshakable ability to suppoort and help us drive our use of DRATA by ensuring our requirements are being met for various areas of specific functionality. We have been able to get uplifted functionality for the rsik register and risk measurement process introducing both Inherent and Residual risk scoring and tracking, risk obver time and being able to allocate Risks by deparnent/function versus framework specific risk arrays.
Vendor management: while DATA is not a CLM platform it does have many aspects of a CLM solution. Vendor security questionnaires functionality was uplifted to suit our needs.
Open for suggestion and work with you to deliver. Listening, followup, and delivery. Vital to our success.
What do you dislike about the product?
Dislike is too strong: I would love to see DRATA expand and establish a footprint in Australia. From here you could then focus on our surrounding countries such as New Zealand and Asia, (Malaysia, Indonesia, Thailand, Singapore, Philippines, etc).
Australia is a mature market and would be an ideal place to set up an AP presence.
Australia is a mature market and would be an ideal place to set up an AP presence.
What problems is the product solving and how is that benefiting you?
Currently we are working to get the platform fully implemented. Once complete we can start better understanding the inherent benefits.
Great product, and even greater customer support
What do you like best about the product?
Drata has helped streamline audits, keep us compliant through out the year by monitoring key controls, which saves me time from performing a number of internal audits so I can focus on other projects.
What do you dislike about the product?
I wish Drata had the ability to integrate with JIRA or other ticketing systems.
What problems is the product solving and how is that benefiting you?
Continous control monitoring helps ensure that we are meeting our compliance obligations on an ongoing basis.
Great product with great support
What do you like best about the product?
We are new to compliance documentation and this product makes the project seemless, keeping everything in one place. The ease of use and customer support allowed us to implement quickly and efficiently. Our implementation specialist is always available and very knowledgable.
What do you dislike about the product?
i am currently still learning everything about the product, but one thing i dislike is that some features are additional costs
What problems is the product solving and how is that benefiting you?
We have to provide our customers with documentation of compliance requirements. This product keeps all our documentation and evidence in one place as well as giving us a quick glance at any non-conformaties we need to fix. Drata allows us to keep up with our daily tasks as it provides our customers access so we dont have to take time to answer surveys and provide information to satisfy each client individually.
Streamlining compliance & dynamic support
What do you like best about the product?
Quick customer support, both practical and content-wise.
Policy templates as guidance.
I like the new risk assesment features as well.
Linked controll mapping.
Automated evidence gathering, eg. though Drata agent.
All these feastures help us streamline our compliance, log our progress, involve our teammembers, keep everything organised.
Policy templates as guidance.
I like the new risk assesment features as well.
Linked controll mapping.
Automated evidence gathering, eg. though Drata agent.
All these feastures help us streamline our compliance, log our progress, involve our teammembers, keep everything organised.
What do you dislike about the product?
It obviously takes a learning curve to get intpo the depths of compliance, but Drata relieves that as much as possible.
What problems is the product solving and how is that benefiting you?
Generating trust in our cloud and security complaince towards customers
Superb AI and OnLine Customer Support & Service
What do you like best about the product?
Drata makes the process of preparing for the Compliance Certifications straight-forward. The template process is excellent and allows us to easily customize the tempates to our specific business environment. The best part about Drata is the Customer Service which is on-line and always accessible no matter what time of day I'm working. They have 3 components: 1) A.I. Support, which I'd say meets my needs 60% of the time; 2) Product Support (how to use the software); and Compliance Support (how to understand the details / nuances of compliance). Both are highly accessible and I never wait more than 5 minutes for a response from a Human. Product Support is excellent, while I've come to rely on the Compliance Support greatly. Again, always contact via text with a Human and their service is excellent always guiding your compliance questions in the right direction and don't give up until they know you've understood completely, by offering examples and recommendations often.
What do you dislike about the product?
So far, I cannot give any negatives that I've run into. In my opinion, if the support and service is there when I need it, and my answers are getting adequate replies, I am quite happy with the Drata Product & Services.
What problems is the product solving and how is that benefiting you?
Providing us a templated approach to how we organize to gain SOC-2 Type-2 Compliance. Utilizing the tool and support structure Drata Supplies is greatly helpful.
showing 361 - 370