External reviews
External reviews are not included in the AWS star rating for the product.
Start to finish SOC2 with minimal external interaction
What do you like best about the product?
- Drata's large list of integrated platforms
- Policy & Procedure generation and management
- Vendor management
- Risk Management
- Notifications
- Support, especially from Amanda Farris-Reid
- Policy & Procedure generation and management
- Vendor management
- Risk Management
- Notifications
- Support, especially from Amanda Farris-Reid
What do you dislike about the product?
My biggest pain point was the status of "currently compliant" personnel showing not compliant without the ability to resolve them or provide exceptions.
They have since added the exception feature which alleviates my concern.
They have since added the exception feature which alleviates my concern.
What problems is the product solving and how is that benefiting you?
Start to finish security control creation and maintenance.
- Leave a Comment |
- Mark review as helpful
Still A Challenging Process, But Great Partnership and ROI
What do you like best about the product?
Anyone who tells you that obtaining certifications, reviewing policies, and mapping controls to data privacy and security frameworks is easy, fast, or fun is a liar. You need a partner to embrace the suck and guide you along the way. Easy to use, easy to implement, and regular check-ins with our customer support team. The Drata team mixes the right amount of compassion and empathy for those challenged in the technical area but enough accountability that consistent progress is possible. Data privacy and security shouldn't be a race, so take your time, make the most of the support, and the service provided will pay a healthy return in the short and long term. Good Luck!
What do you dislike about the product?
This is the intersection of compliance and technology. What's not to love? The Drata team has done their best to make these challenging topics easier—no complaints about Drata, just the complexity of this space.
What problems is the product solving and how is that benefiting you?
I'm too small to spend time on data compliance and privacy, but it's too big an issue to ignore. Drata has given me confidence that I'm doing what's right for my business and my customers.
Good to work many to learn
What do you like best about the product?
Its user friendlyness an easy to access
What do you dislike about the product?
Alert messages not received to email or any other mode.
What problems is the product solving and how is that benefiting you?
Employees monitoring is secured and easy to access
Great tool for our SOC 2 journey
What do you like best about the product?
Ease of use in gathering and reporting evidence. Followed closely by response from CS.
What do you dislike about the product?
Not much to dislike. Early on there wasn't the interface to several tools we use but that's slowly improving.
What problems is the product solving and how is that benefiting you?
Gathering evidence for our SOC 2 audits.
Extremely useful compliance tool
What do you like best about the product?
Automation of audit tasks.
Easy high overview of status of tasks and event tracking, status of functions.
Easy high overview of status of tasks and event tracking, status of functions.
What do you dislike about the product?
Would like more customisation on security quiz.
What problems is the product solving and how is that benefiting you?
Compliance
Integration with IT systems for automated checks
What do you like best about the product?
Drata made it pretty easy to integrate with our major systems for IdP (Google) and MDM (Hexnode), even without installing any extra agent. We would then be notified if anything went out of compliance automatically. We could also exclude service accounts for any negative notification. Pretty neat!
What do you dislike about the product?
The Policy Center is a bit confusing to use, especially the options to "see current version" or edit the policy. Other than that, pretty clean platform!
What problems is the product solving and how is that benefiting you?
We used Drata heavily for our SOC 2 Type 2 auditing, it was a vital piece of the whole process and we successfully passed it!
Has helped our team stay compliant
What do you like best about the product?
Drata helps us maintain all our security compliance activities in one place. The application for the most part is easy to use. And has a short learning curve.
We also like their support team. They have been helpful when we needed help.
Additionally, Drata continues to add new features to the platform. We are able to manage more of our compliance activities in Drata rather than outside Drata.
We also like their support team. They have been helpful when we needed help.
Additionally, Drata continues to add new features to the platform. We are able to manage more of our compliance activities in Drata rather than outside Drata.
What do you dislike about the product?
There is nothing to dislike. There were some obvious feature gaps when we started using it but they have filling those gaps at a rapid pace.
What problems is the product solving and how is that benefiting you?
Helps us achieve SOC 2 compliance and stay compliant.
Fantastic Compliance and Security Platform
What do you like best about the product?
Drata centralizes and helps to automate your compliance needs under one solution; audits, vendor mgt, risk mgt, policy mgt, assets, reporting, and a trust portal.
What do you dislike about the product?
I honestly cannot think of one thing. Drata continues to bring feature after feature to improve the product.
What problems is the product solving and how is that benefiting you?
Allows a small team to work more effciently by automating various tasks that typically would take weeks to complete.
Seamless Communication and Solid Work Ethics but Room for Improvement in User Education
What do you like best about the product?
Efficient Communication: Despite the time zone difference, the communication with Drata's compliance team has been exceptionally smooth. I can easily reach out during my working hours and receive a prompt reply by the next morning.
Flexible Tools: Not only do they offer a built-in chat tool, but they're also flexible enough to let me use third-party tools like Google Docs for commenting.
Outstanding Work Ethics: Being the sole point of contact for compliance in my small company, I've worked with the Drata team more closely than with some of my colleagues. Their professionalism, punctuality, and respectful manner exceeded my expectations.
Flexible Tools: Not only do they offer a built-in chat tool, but they're also flexible enough to let me use third-party tools like Google Docs for commenting.
Outstanding Work Ethics: Being the sole point of contact for compliance in my small company, I've worked with the Drata team more closely than with some of my colleagues. Their professionalism, punctuality, and respectful manner exceeded my expectations.
What do you dislike about the product?
Lack of Deep Understanding: While Drata's tool excels at guiding users through compliance tasks and significantly aiding in increasing the readiness percentage, there's room for improvement when it comes to instilling a deep understanding of the 'why' behind the compliance requirements. Although the compliance team is very helpful in answering many of these 'why' questions, it would be advantageous if such knowledge were incorporated directly into the tool. This would eliminate the need for users to remember all the intricate details and could serve as an ongoing resource for understanding compliance deeply.
Gap in Audit Preparedness: The tool is designed to make you compliant but not necessarily audit-ready. Users are left to themselves to make the connections between policy requirements, company statements, and actual practices.
Gap in Audit Preparedness: The tool is designed to make you compliant but not necessarily audit-ready. Users are left to themselves to make the connections between policy requirements, company statements, and actual practices.
What problems is the product solving and how is that benefiting you?
Gaining trust in our security practice internationally, beyond local market.
Best SOC 2 compliance management tool we found
What do you like best about the product?
Fast moving team that develops features quickly; by far the best UI compared to Tugboat and Vanta; agentless evidence checking (unlike Vanta) which is a much more secure architecture.
What do you dislike about the product?
Still a young and maturing product. Overly prescriptive in how to implement and evidence certain controls. For example, we handle network access management through security groups, but their automated evidence collection checked for NACL rules instead. There's not always enough flexibility to handle different controls, let along custom controls. So, you'll still end up uploading a fair share of manually collected evidence.
What problems is the product solving and how is that benefiting you?
All of our compliance readiness is handled well in one place. They are also very good at automating all the tasks needed to maintain readiness: it would be like herding cats to do that by hand.
showing 161 - 170