Sold by: Drata
Vendor Insights
An AWS Security Competency Partner, Drata is a GRC automation solution that allows companies to continuously monitor security and compliance controls, automatically collect evidence needed for an audit, and manage and remediate risk. Drata streamlines common compliance frameworks like SOC 2, ISO 27001, GDPR, and more and allows you to share your real-time compliance posture with prospects and customers to build trust and accelerate growth.
Overview
Drata's compliance automation platform integrates with over 200 applications and systems to continuously monitor security controls and streamline over 20 compliance frameworks, standards, and regulations, such as SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, and more. Drata integrates with 45+ AWS services and is a proud AWS Security Competency partner with an AI engine built on AWS Bedrock.
Whether you're looking to get compliant quickly for the first time or want to streamline your complex GRC program, Drata scales with you. Get and stay compliant efficiently, build risk management into your GRC practice, and share your real-time compliance posture with prospects and customers to build trust and sell into new markets.
Continuous automated monitoring alerts Drata customers when security controls aren't operating effectively to remediate, stay secure, and keep from falling out of compliance. Plus, automatic evidence collection makes the audit process as seamless as possible.
Highlights
- Drata for Startups: Drata helps startups create a scalable foundation and systematic approach to compliance to unlock market opportunities and scale safely. Startups can speed up audit prep time with Drata's best-in-class automation and support from our compliance experts to achieve SOC 2 and ISO 27001 compliance quickly.
- Drata for Commercial and Mid Market: Drata helps companies with audit experience establish a scalable GRC program and structured process for risk management. Streamline compliance tasks and substantially reduce manual workloads while leveraging compliance to increase revenue and build trust.
- Drata for Enterprise: Customers can optimize and customize their mature GRC programs and depend on reliable compliance outcomes. Organizations can manage and remediate risk and leverage Drata workspaces and workflows to keep pace with the complexity of advanced compliance programs.
Details
Features and programs
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(2)
ISO27001
SOC2
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Dimension | Description | Cost/12 months |
|---|---|---|
Drata Platform Fee | Access to the Drata SaaS platform with capacity for a 100 FTE org | $25,000.00 |
SOC 2 Framework | SOC 2 2017 control set | $7,500.00 |
GDPR Framework | GDPR control set | $7,500.00 |
ISO 27001 Framework | ISO 27001 v2022 control set | $7,500.00 |
HIPAA Framework | HIPAA control set | $7,500.00 |
PCI DSS Framework | PCI DSS control set | $7,500.00 |
CCPA Framework | CCPA control set | $7,500.00 |
CMMC Framework | CMMC control set | $7,500.00 |
Microsoft SSPA Framework | Microsoft SSPA control set | $7,500.00 |
NIST CSF Framework | NIST CSF control set | $7,500.00 |
Vendor refund policy
All Orders are non-cancellable and all fees and other amounts you pay under this Agreement are non-refundable.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Included in your contract, Drata provides onboarding, live chat (in product), and continuous enablement. Onboarding includes integration setup, assistance configuring compliance policy and controls in the platform, and guidance on utilizing our network of auditors and technology/service partners to serve you in your compliance journey. support@drata.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
Top
10
In Centralized Risk Management
Top
25
In IT Business Management
Top
10
In Compliance and Auditing, Monitoring
AI generated sentiment from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Compliance Framework Support
Supports continuous monitoring and automation for over 20 compliance standards including SOC 2, ISO 27001, HIPAA, PCI DSS, and GDPR
Application Integration
Integrates with over 200 applications and systems for comprehensive security control monitoring
Cloud Service Compatibility
Native integration with 45+ AWS services and built on AWS Bedrock AI engine
Automated Evidence Collection
Automatically collects compliance evidence and provides continuous security control monitoring
Risk Management Automation
Provides continuous automated monitoring with real-time alerts for security control effectiveness and potential compliance deviations
Compliance Framework Support
Supports multiple global security and privacy compliance standards including SOC 2, ISO 27001, HIPAA, GDPR, CCPA, NIST frameworks, CMMC, and PCI DSS
Cloud Service Integrations
Provides over 100 automated integrations with cloud services like AWS, Azure, Google Cloud, G Suite, GitHub, Okta, and Slack for continuous evidence collection and infrastructure monitoring
Machine Learning Questionnaire Processing
Utilizes machine learning to automate RFP and security questionnaire completion by generating responses based on approved past answers
Continuous Security Monitoring
Performs automated tests, continuous infrastructure monitoring, and nonconformity detection across cloud environments
Risk and Compliance Management
Offers comprehensive risk management capabilities including personnel and asset inventory, vendor risk management, risk register, and enterprise policy management
Compliance Framework Support
Supports over 30 compliance frameworks including SOC 2, ISO 27001, HIPAA, GDPR, PCI DSS with automated evidence collection
Cloud Platform Integration
Seamless integration with over 100 cloud platforms and 30+ AWS services including Security Hub, Config, and CloudTrail
Continuous Monitoring
24/7 continuous monitoring of security controls with automated evidence collection and real-time compliance posture tracking
Security Assessment Tools
Includes comprehensive security assessment capabilities such as Penetration Testing and AI Security Questionnaires
Policy Management
Provides auditor-approved policy templates and automated workflow consolidation for comprehensive governance and compliance management
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
-
-
-
-
No security profile
-
-
-
-
Standard contract
No
No
No
Customer reviews
Environmental Services
My Drata User Experience
Reviewed on Mar 24, 2025
Review provided by G2
What do you like best about the product?
The user interface is very easy to use. The functionality of Drata addressed many of our business needs and processes.
What do you dislike about the product?
So far, I have not encountered any downsides. I just started using the platform.
What problems is the product solving and how is that benefiting you?
The Drata tool is assisting my organization with Cybersecurity Risk Management and audit activities.
Leave a comment0 comments
E-Learning
Issue Resolved Quickly
Reviewed on Mar 21, 2025
Review provided by G2
What do you like best about the product?
What I love most about Drata is its ease of use, effortless automation of compliance tasks, and user-friendly platform.
What do you dislike about the product?
While the platform is user-friendly, it could provide more guidance to help new users get started more easily
What problems is the product solving and how is that benefiting you?
Drata tackles key compliance and security challenges by automating security control tracking, offering real-time compliance updates, and reducing manual audit prep work.
Logistics and Supply Chain
Still feels newish, but works
Reviewed on Mar 19, 2025
Review provided by G2
What do you like best about the product?
I like being able to review which users have access to which apps. I like the concept behind being able to match controls for different frameworks based on the tests and connections they provide. Being able to match policy acknowledgements to users is also a plus.
What do you dislike about the product?
Their text editor for Policies is awful. Makes me feel like I have to write my own webpage. I was instructed to copy/paste policies in for easy version control, but the editor doesn't recognize table of contents blocks. It also doesn't have a tab system, so if you have to create things in columns, none of the data lines up.
They don't have Active Directory support beyond an agent that you would have to install to all systems. So if your company uses GPOs, it's difficult to get compliance data out of AD without using a third party tool.
It is difficult to see where some data is coming from once a connection is made. Most tests just say "Autopilot", which does not refer to Intune Autopilot. So if there's an issue with a connection or specific test, it's hard to fix.
Lastly, in order to get help with Drata you have to use their Chatbot system. The chatbot isn't bad per se, but the window/drawer that pops out for it, obscures half of the controls/buttons you need to use to allow access to your tenant for help and other actions for fixing issues. You have to actually close out of the window to get what an agent or the bot asks for, and then find a way to navigate back to that specific chat. A minimize button would be all it takes to fix this!
They don't have Active Directory support beyond an agent that you would have to install to all systems. So if your company uses GPOs, it's difficult to get compliance data out of AD without using a third party tool.
It is difficult to see where some data is coming from once a connection is made. Most tests just say "Autopilot", which does not refer to Intune Autopilot. So if there's an issue with a connection or specific test, it's hard to fix.
Lastly, in order to get help with Drata you have to use their Chatbot system. The chatbot isn't bad per se, but the window/drawer that pops out for it, obscures half of the controls/buttons you need to use to allow access to your tenant for help and other actions for fixing issues. You have to actually close out of the window to get what an agent or the bot asks for, and then find a way to navigate back to that specific chat. A minimize button would be all it takes to fix this!
What problems is the product solving and how is that benefiting you?
Having a single pane of glass to identify compliance issues and evidence requests makes auditing much easier.
Scott J.
Easy to use, powerful functionality
Reviewed on Mar 19, 2025
Review provided by G2
What do you like best about the product?
Rollout was relatively easy compared to other platforms I've used over time. Support is always responsive when issues have come up. Integrations continue to expand to include more IdPs, vulnerability management tools, etc.
What do you dislike about the product?
Policy center can be clunky to navigate especially during policy renewal time. The baked-in awareness training is a little rudimentary by modern standards but it checks the box at least which is good.
What problems is the product solving and how is that benefiting you?
Managing multiple framework controls across similar systems on a small team.
Hospital & Health Care
Great Features but Mediocre UX
Reviewed on Mar 18, 2025
Review provided by G2
What do you like best about the product?
Drata has a big range of features and covers a lot of usecases for us. Also, the integrations that exist are relatively easy to integrate.
What do you dislike about the product?
There are two downsides to Drata, in my opinion:
1) User Experience
The UX of the product is okay, but it's not great. There are multiple smaller paper-cuts: The UI is overall a bit slow, frequently presenting loading spinners. Controls/Monitors have individual URLs, but unfortunately when shared they get removed. I.e. even if I send a colleague a link to a specific /control/123 they will get redirected to all controls instead of the specific one.
2) Integration Limitations
The default integrations that come with Drata are a bit limited, e.g. we still haven't been able to connect a vulnerability scanner into Drata, as it comes with 14 different options by default and we use none of them. That's always an issue with these integration platforms, but it's not clear to us yet how we could build a manual API integration for this feature.
1) User Experience
The UX of the product is okay, but it's not great. There are multiple smaller paper-cuts: The UI is overall a bit slow, frequently presenting loading spinners. Controls/Monitors have individual URLs, but unfortunately when shared they get removed. I.e. even if I send a colleague a link to a specific /control/123 they will get redirected to all controls instead of the specific one.
2) Integration Limitations
The default integrations that come with Drata are a bit limited, e.g. we still haven't been able to connect a vulnerability scanner into Drata, as it comes with 14 different options by default and we use none of them. That's always an issue with these integration platforms, but it's not clear to us yet how we could build a manual API integration for this feature.
What problems is the product solving and how is that benefiting you?
Drata helps us track our compliance against a wide range of controls. We are using Drata's automation features to reduce the burden on our employees.