External reviews
External reviews are not included in the AWS star rating for the product.
Thank you Drata & Elizabeth!
What do you like best about the product?
Drata has been an instrumental tool in keeping us organized and ensuring steady progress on our SOC2 journey. The platform's intuitive design and comprehensive features have simplified what could have been a complex process, allowing us to maintain focus and efficiency.
The highlight of our experience with Drata has been working with Elizabeth. Her expertise, guidance, and insightful navigation through the SOC2 landscape have been invaluable. We sincerely believe that without her contributions, moving forward would have been a much more challenging endeavor.
Moreover, the team's responsiveness deserves special mention. Whenever we needed assistance or had queries, they were always ready and eager to help, demonstrating a high level of customer service and commitment.
The highlight of our experience with Drata has been working with Elizabeth. Her expertise, guidance, and insightful navigation through the SOC2 landscape have been invaluable. We sincerely believe that without her contributions, moving forward would have been a much more challenging endeavor.
Moreover, the team's responsiveness deserves special mention. Whenever we needed assistance or had queries, they were always ready and eager to help, demonstrating a high level of customer service and commitment.
What do you dislike about the product?
some kind of batch feature i thought was missing
What problems is the product solving and how is that benefiting you?
Soc2 compliancy
- Leave a Comment |
- Mark review as helpful
Simplify compliance monitoring, review, audit and document management
What do you like best about the product?
It adds a more formal structure to otherwise very chaotic process. Here's a short description of some features which made our work many orders of magnitude easier. The on-boarding experience was straightforward and intuitive.
- Integration with other tools
Having to export a large stack of documents, format each one and finally find a place to store them pose a significant challenged and pain point. Drata makes it easy to setup, configure and use a wide range of tools.
- Infrastructure monitoring
We cannot emphasize the importance of this feature enough. Drata's ability to integrate with our infrastructure components such as cloud provides, user directory etc eliminates otherwise one of most labor intensive tasks in compliance audits as well as maintaining compliance.
- Document management
Instead of having documents everwhere, we are able to upload, track documents to a single shared space. It also provides a rich set of features with regards to special documents which require frequent update (e.g user access audits, security review reports etc)
We use Drata on almost daily basis. Whether it is onboarding a new employee, uploading quarterly security reviews or making sure our infrastructure components have not drifted away from a compliant state.
Excellence in customer support. Drata team provides efficient and effective supports in both compliance as well as technical domains. This helped our team to elimate any guess work and consult experts throughout our preparation work. Even individuals with less experience engage and perform compliance related duties with high confidence.
Finally, the audit experience was completely transformed thanks to Drata. We were able to on-board auditors with minimal effort. Provide them with all necessary permissions to resources and documents with nothing more than a few easy clicks.
- Integration with other tools
Having to export a large stack of documents, format each one and finally find a place to store them pose a significant challenged and pain point. Drata makes it easy to setup, configure and use a wide range of tools.
- Infrastructure monitoring
We cannot emphasize the importance of this feature enough. Drata's ability to integrate with our infrastructure components such as cloud provides, user directory etc eliminates otherwise one of most labor intensive tasks in compliance audits as well as maintaining compliance.
- Document management
Instead of having documents everwhere, we are able to upload, track documents to a single shared space. It also provides a rich set of features with regards to special documents which require frequent update (e.g user access audits, security review reports etc)
We use Drata on almost daily basis. Whether it is onboarding a new employee, uploading quarterly security reviews or making sure our infrastructure components have not drifted away from a compliant state.
Excellence in customer support. Drata team provides efficient and effective supports in both compliance as well as technical domains. This helped our team to elimate any guess work and consult experts throughout our preparation work. Even individuals with less experience engage and perform compliance related duties with high confidence.
Finally, the audit experience was completely transformed thanks to Drata. We were able to on-board auditors with minimal effort. Provide them with all necessary permissions to resources and documents with nothing more than a few easy clicks.
What do you dislike about the product?
- List of third-party integrations; though growing, it's still limited.
- Management of recurring tasks needs more improvement to enhance visibility
- Management of recurring tasks needs more improvement to enhance visibility
What problems is the product solving and how is that benefiting you?
Compliance monitoring and audit
Managing policies
Managing policies
Excellent experience
What do you like best about the product?
The platform helps to simplify the compliance process for various industry standards. Their cloud automation integrations help to reduce the amount of time and manual labor involved in the arduous process of continious compliance. It's all backed by an dedicated team of caring professionals.
What do you dislike about the product?
Customized risk register could use some work.
What problems is the product solving and how is that benefiting you?
Drata is helping us maintain our SOC 2 Type 2 certification via their cloud compliance platform and easy of controls management. Their automations help reduce the onus involved in the historic manual efforts.
An effective tool to assist with SOC2 compliance
What do you like best about the product?
Drata makes it easy to establish the necessary technology controls for a particular framework, like SOC2. Drata maintains a library of these controls, with the appropriate descriptions and common ways these controls are implemented technically (e.g. MFA implemented on admin accounts or CPU/memory usage is monitored).
It also provides a library of auditor-approved policies, maps these to the appropriate controls and connects with your key business systems to monitor the implementation of the controls. It would have taken a lot of manual effort to do this without a platform like Drata.
Drata has also begun implementing task management, to streamline activities when a control fails, new evidence is required or a policy needs to be reviewed. It provides a number of integrations with task management systems like Trello.
Drata also makes it easy to maintain a Vendor / Supplier register.
I recommend it to anyone looking to meet the requirements of a framework like SOC2 or ISO27001.
It also provides a library of auditor-approved policies, maps these to the appropriate controls and connects with your key business systems to monitor the implementation of the controls. It would have taken a lot of manual effort to do this without a platform like Drata.
Drata has also begun implementing task management, to streamline activities when a control fails, new evidence is required or a policy needs to be reviewed. It provides a number of integrations with task management systems like Trello.
Drata also makes it easy to maintain a Vendor / Supplier register.
I recommend it to anyone looking to meet the requirements of a framework like SOC2 or ISO27001.
What do you dislike about the product?
Drata doesn't connect with every system that you may have, albeit it is continually adding more integrations. In cases where it cannot monitor a particular control, you need to manually link evidence. This process can be a little time consuming. It would be nice to see a function that allows for configuration of a custom integration (e.g. a webhook that an application could call to post data to Drata, or pointing drata an application's APIs and then having a data/field mapping function in Drata to pick out data as evidence (and indicate compliant/non-compliant) for a particular control).
I would also like to see Drata implement an Incident Management tool, to centrally record incidents and map these against potential control failures or the need for new controls. Similarly, it would be nice to see a Risks Register module to record all risks associated with the organisation, and map these risks to mitigating technology controls.
I would also like to see Drata implement an Incident Management tool, to centrally record incidents and map these against potential control failures or the need for new controls. Similarly, it would be nice to see a Risks Register module to record all risks associated with the organisation, and map these risks to mitigating technology controls.
What problems is the product solving and how is that benefiting you?
Drata helps us maintain the appropriate technology and operational controls for us to be SOC2 compliant. We have successfully used Drata with our external auditor in two audits now, and we have received feedback from the auditor that it makes their job easier and there is less back-and-forth to get things in order.
Drata's control monitoring has been especially useful as it alerts us when a configuration change or something else has caused a technical control to fail. This ensures not only that we are fulfiling our SOC2 obligations throughout the entire period, but it also has a direct benefit of uplifting our security and mitigating potential security holes.
Drata has enabled a relatively small business (compared to major financial institutions) to achieve a high standard of compliance. This has enabled us to provide services to these large financial institutions, which demand a high degree of compliance.
Drata's control monitoring has been especially useful as it alerts us when a configuration change or something else has caused a technical control to fail. This ensures not only that we are fulfiling our SOC2 obligations throughout the entire period, but it also has a direct benefit of uplifting our security and mitigating potential security holes.
Drata has enabled a relatively small business (compared to major financial institutions) to achieve a high standard of compliance. This has enabled us to provide services to these large financial institutions, which demand a high degree of compliance.
Compliance automation done right
What do you like best about the product?
Comprehensive compliance automation platform. I particularly like the monitoring and automated testing.
What do you dislike about the product?
Support is sometimes slow, requiring me to follow up with them.
What problems is the product solving and how is that benefiting you?
Drata is solving the need to manage a diversity of controls across different areas, with monitoring and automation of things like AD accounts, version control, endpoints etc. Their Drata Agent is fantastic, saves us from either collecting screenshots or deploying more heavyweight monitoring tools
All in one compliance management
What do you like best about the product?
Drata simplifies your compliance journey. It has a predefined set of controls that you can map to automated compliance checks or manually upload evidence. It reminds you about upcoming tasks. For small companies just starting out, Drata provides and easy to use set of pre-written policies you can quickly customize for yourre organization. That was a huge time saver for us.
What do you dislike about the product?
I do not have any real complaints about Drata. Customer support is always quick to respond and has helped us find solutions to our issues.
What problems is the product solving and how is that benefiting you?
Drata checks our end user compliance daily as well as automating a host of other checks against our cloud setup. This reduces the amount of manual work in maintaining continous compliance. And if something does fall out of compliance, I get alerted.
Extremely useful
What do you like best about the product?
Very easy to set up and interconnect with other systems.
The automations do half the job an analyst would do.
Great structure to catalogue the documentes, controls.
Great overview for management.
The automations do half the job an analyst would do.
Great structure to catalogue the documentes, controls.
Great overview for management.
What do you dislike about the product?
Lacks a proper reporting feature to get in depth information about user compliance.
What problems is the product solving and how is that benefiting you?
Automate tasks for SOC2 compliance.
Seamless ISO 27001 Compliance with Stellar Support
What do you like best about the product?
Drata simplifies the complex process of achieving and maintaining ISO 27001 compliance. Its automated monitoring and intuitive platform ensure continuous adherence to compliance standards. The standout feature is the exceptional support from the Drata team, particularly the dedicated account managers who offer timely, knowledgeable assistance. Overall, Drata’s combination of powerful software and outstanding support makes it an invaluable asset for any compliance-driven organisation.
What do you dislike about the product?
While Drata is a robust tool for compliance, navigating through the wealth of features and options can be a bit overwhelming for new users at first. However, the learning curve is quickly overcome with the help of their support team.
What problems is the product solving and how is that benefiting you?
Drata addresses the challenge of managing complex compliance requirements by automating continuous security control monitoring and evidence collection.
Drata simplified our compliance monitoring.
What do you like best about the product?
It has a clean interface, is easy to use, and has reputable auditors.
What do you dislike about the product?
There are still some frameworks drata doesn't have that we have to purchase "custom" frameworks.
What problems is the product solving and how is that benefiting you?
Compliance monitoring and ease of auditing.
SOC it 2 me (sorry... had to)
What do you like best about the product?
Drata tools and processes save my teams 100's of hours and our Customer Service Manager is an excellent task master.
What do you dislike about the product?
It would be great if Drata had a separate yet organic team to perform the audit.
What problems is the product solving and how is that benefiting you?
Our customers are mandating SOC2 compliance by a specified time. We needed the right tools and processes that would allow us to prepare for SOC2 in a short time frame.
showing 101 - 110