External reviews
1,113 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Outstanding Support and Policy Management Platform
What do you like best about the product?
This platform is excellent for monitoring and creating your policies, but what truly stands out is the helpfulness of their professionals.
What do you dislike about the product?
During the startup phase, you are likely to experience an overwhelming amount of information. The sheer volume can make the process feel far from intuitive.
What problems is the product solving and how is that benefiting you?
The platform ensures that I have all the necessary controls and the correct policies in place for our SOC2 and ISO27001 compliance.
Good for Vendor Management, Needs Better Integration
What do you like best about the product?
I like using Drata for vendor management and security reviews. The security review feature helps us in selecting vendors, which is quite valuable. Overall, Drata is good.
What do you dislike about the product?
I'm experiencing issues with Drata, specifically the chat feature which keeps throwing unexpected errors, making the survey process not valuable. The integration with Zip and Azure needs improvement.
What problems is the product solving and how is that benefiting you?
I use Drata for vendor management and compliance, especially through its Security review, which helps us in selecting vendors.
Simplifies SOC 2 Compliance with Ease
What do you like best about the product?
I like that Drata is easy to use and has great customer service. The evidence library is the feature we use the most, as it plays a big part in our SOC 2 compliance efforts, and it integrates with other features well. Drata itself was very easy to set up and continues to be easy to use, even though there was a learning curve because we were new to SOC 2 compliance.
What do you dislike about the product?
It seems that the automated testing is what gives us the most problems. At least once a year, there's kind of a significant problem with the automated testing that requires interaction with their support team.
What problems is the product solving and how is that benefiting you?
I use Drata to navigate the complexities of SOC 2 compliance, like implementing controls, creating policies, doing automated testing, and managing risks.
Outstanding Experience with This Software
What do you like best about the product?
Tracking and monitoring the controls and requirements to accomplish the targeted frameworks
What do you dislike about the product?
It takes some time to see the changes reflected in the application
What problems is the product solving and how is that benefiting you?
Tracking and monitoring the controls and requirements to accomplish the targeted frameworks
Automation and pre-filling that save time
What do you like best about the product?
Automation and pre-filling of controls.
What do you dislike about the product?
The price of frameworks.
I would prefer an access price to the platform, with all frameworks allowed.
I would prefer an access price to the platform, with all frameworks allowed.
What problems is the product solving and how is that benefiting you?
Pass the certifications efficiently, allowing for simplified tracking.
Outstanding for Security Compliance and Evidence Collection
What do you like best about the product?
Evidence collection and ability to ensure 100% security awareness compliance with personnel.
What do you dislike about the product?
Ability to contact a real person for best practices and quick implementation.
What problems is the product solving and how is that benefiting you?
Having everything in one place for the auditor, that helps me a lot.
Digitizes Compliance, Easy Setup, But Pricey Globally
What do you like best about the product?
I love how Drata has transformed the way I handle compliance by digitizing everything, eliminating the hassle of maintaining spreadsheets. The detailed and descriptive nature of Drata is incredibly helpful; it's well-labeled and grouped, which simplifies the setup process and makes it easier to ensure compliance. The initial setup was very easy, and I appreciate how it integrates seamlessly with other tools I use, such as Jumpcloud, AWS, GitHub, and Jira. The comprehensive nature of Drata makes my compliance tasks more manageable and efficient, offering a user-friendly experience that truly stands out.
What do you dislike about the product?
The cost of using Drata is a concern for me. While the cost might be justified, the annual fee of $30,000 may not be affordable in countries other than the US.
What problems is the product solving and how is that benefiting you?
I use Drata to digitize compliance processes, eliminating the hassle of spreadsheets. Its detailed and organized nature simplifies setup and compliance opt-ins.
Convenient Training and Compliance Management
What do you like best about the product?
I primarily use Drata for training, which is extremely convenient for me. I really appreciate how it helps me stay on top of compliance, especially given how busy we are. The setup process was straightforward and easy when I initially installed it, which was a pleasant surprise. Additionally, Drata appears to effectively manage important functions like antivirus and hard drive encryption, which adds to its value. Overall, it operates better than I had initially expected, and I'm quite satisfied with its performance, as reflected in my high likelihood of recommending it to others.
What do you dislike about the product?
Nothing comes to mind right now. I've only been using it for about a year.
What problems is the product solving and how is that benefiting you?
I use Drata for managing compliance training, which helps me stay on top of requirements and is convenient for my busy schedule.
Audit-Ready Dashboard and Automation Save Us Time
What do you like best about the product?
It's always audit-ready: I can literally look at the dashboard and see our real-time compliance status for SOC 2 or ISO 27001. If a control fails, I get an alert immediately, not six months later during a review.
Massive time savings: It has seriously automated 90% of the manual evidence collection. I no longer spend days or weeks before an audit compiling screenshots and documentation.
The Audit Hub is a game-changer: When the auditor shows up, everything they need is centralized in one place. Communication and evidence requests are streamlined, which makes the entire audit process so much smoother and faster.
Massive time savings: It has seriously automated 90% of the manual evidence collection. I no longer spend days or weeks before an audit compiling screenshots and documentation.
The Audit Hub is a game-changer: When the auditor shows up, everything they need is centralized in one place. Communication and evidence requests are streamlined, which makes the entire audit process so much smoother and faster.
What do you dislike about the product?
Limited Niche Integrations: We use a few niche tools, and Drata either doesn't have an integration for them or the pre-built connection is very limited in the evidence it can pull. This forces us back to the manual process for those specific controls, which defeats the whole purpose of the automation.
Lack of Flexibility in Control Mapping: For standard frameworks (like SOC 2), it's great. But if your organization has unique workflows, internal policies, or needs a less common framework, customizing or mapping your controls to fit those needs can be rigid and challenging. It can feel like it's a "my way or the highway" platform.
Lack of Flexibility in Control Mapping: For standard frameworks (like SOC 2), it's great. But if your organization has unique workflows, internal policies, or needs a less common framework, customizing or mapping your controls to fit those needs can be rigid and challenging. It can feel like it's a "my way or the highway" platform.
What problems is the product solving and how is that benefiting you?
The problem Drata solves is a huge one: It replaces the manual, fragmented, and panic-driven traditional approach to compliance (GRC) with a continuous, automated, and proactive system.
Before Drata, preparing for an audit (like SOC 2 or ISO 27001) was a company-wide crisis. It involved:
Manual Evidence Collection: Running reports from our cloud provider, HR system, ticketing system, and endpoint management tool.
Point-in-Time Compliance: Knowing we were compliant only on the day we pulled the evidence. As soon as a setting was changed, we were blind again.
Human Error and High Effort: Endless spreadsheets, copy-pasting, and chasing people for screenshots—all time that my security and engineering teams could have spent on actual security work
Before Drata, preparing for an audit (like SOC 2 or ISO 27001) was a company-wide crisis. It involved:
Manual Evidence Collection: Running reports from our cloud provider, HR system, ticketing system, and endpoint management tool.
Point-in-Time Compliance: Knowing we were compliant only on the day we pulled the evidence. As soon as a setting was changed, we were blind again.
Human Error and High Effort: Endless spreadsheets, copy-pasting, and chasing people for screenshots—all time that my security and engineering teams could have spent on actual security work
Robust Compliance Tool with a Steep Learning Curve
What do you like best about the product?
I find Drata extremely useful for complete document organization, alerts, compliance, and security across the board. The alert system stands out for its ability to integrate with tools like Slack and Linear, which enhances my workflow seamlessly. I also appreciate the templates for policies and recommendations that Drata makes; they provide valuable guidance and save me time in setting up our compliance processes. What truly sets Drata apart is the extraordinarily helpful support from Alex Hamilton and Tina, who are patient and knowledgeable, assisting me in learning how to optimize and best use Drata. As I become more familiar with the system, I'm increasingly able to leverage its full potential, which is a significant factor in my decision to continue using and considering repurchasing Drata. The combination of these features and the excellent customer support makes Drata an invaluable tool for me and my organization.
What do you dislike about the product?
{"I find the initial setup of Drata very difficult, and I felt a lack of sufficient onboarding support.","I'm also frustrated by the extensive knowledge required to effectively use Drata. I wish there were more accessible and responsive chat support, similar to the experience I have with Gusto, to quickly answer questions.","I believe Drata would benefit from having chat support available 24/7 to address issues and learning curves more efficiently."}
What problems is the product solving and how is that benefiting you?
Drata organizes documents, provides alerts, aids compliance and security. It integrates well with our tools and offers policy templates and recommendations, enhancing our compliance efficiency.
showing 1 - 10