External reviews
1,104 reviews
from
and
External reviews are not included in the AWS star rating for the product.
A complete product offering more tools and features tailored for a GRC program.
What do you like best about the product?
Customer support and seamless integration across all app components, offering plenty of useful features for us.
What do you dislike about the product?
The UI isn’t intuitive and needs updates to make it more engaging.
What problems is the product solving and how is that benefiting you?
GRC, SOC 2, Vendor Managaement, Risk Management and more
Beautifully simple and effective for reporting.
What do you like best about the product?
The ease of find the information I need that the agent gathers. Drata made very donting task of a SOC2 audit and made gathering and reporting on each of the measures extremely managebale.
What do you dislike about the product?
Some of the documentation could be clearer when explain or breakdown what is needed to meet the requirements.
What problems is the product solving and how is that benefiting you?
Reporting. Drata helps to gather device information, make sure usrs are accepting policies, helps to audit internal devices and make sure usrs are accurately assigned and addressed.
Great product, Even Better Team
What do you like best about the product?
The automation, so nice to be able to keep track of all evidence within one platform and be able to assign owners, set expiration dates and integrate with a multitude of our internal tools. The support staff is even better, always willing to answer questions and answering back within 4 hours.
What do you dislike about the product?
I wish it had more customization with the monitors it does have as not all organizations have the same configurations and it would be easier to create the connections yourself with the tools within our cloud based host.
What problems is the product solving and how is that benefiting you?
Drata streamlines our compliance process by automating the collection and organization of evidence required for SOC 2 Type II and HIPAA audits, saving us significant time and resources.
It enhances our ability to monitor and maintain continuous compliance, reducing the risk of errors or missed requirements.
With Drata, we have improved transparency and efficiency in demonstrating compliance to auditors and stakeholders, enabling us to focus on core business operations.
It enhances our ability to monitor and maintain continuous compliance, reducing the risk of errors or missed requirements.
With Drata, we have improved transparency and efficiency in demonstrating compliance to auditors and stakeholders, enabling us to focus on core business operations.
Aprio January 2025 Review
What do you like best about the product?
Client preparedness for audits. Ease of access through the auditor portal.
What do you dislike about the product?
Most clients believe that we gain efficiencies by obtaining documentation through a GRC platform, but for an auditor, it is really just an different documentation repository. This isn't specific to Drata, it applies broadly. However, integration with FieldGuide should change this.
What problems is the product solving and how is that benefiting you?
Drata helps clients better prepare audit artifacts and have more documenation available the first day of fieldwork.
Speeding up Compliance paired with great customer success
What do you like best about the product?
Automation, policy templates and monitoring
What do you dislike about the product?
The auditor experience could be improved. Sometimes the auditors arent really tech savyy and cant find evidences.
Giving them access read only to my complete instance was the way to go!
Giving them access read only to my complete instance was the way to go!
What problems is the product solving and how is that benefiting you?
Speeding up tremendously the security and compliance posture for SOC2
A great platform that is growing with our capabilities and maturity
What do you like best about the product?
Being able to manage 8 different security compliance frameworks on one platform with only one FTE! The customer sucess team is also great and very much focused on building a long-term relationship...this was the clincher for us. (A big shout out to Alex and Aoife)
What do you dislike about the product?
Some capabilites are maturing slower than others (such as risk and asset management) .
What problems is the product solving and how is that benefiting you?
Managing multiple compliance frameworks, as well as general GRC activities, with limited resources.
SOC2 compliance experience with Drata
What do you like best about the product?
Drata is pretty easy to use once you understand how the user interface is setup. The detailed guide in every step has been very helpful.
What do you dislike about the product?
Initially the UI was a little confusing. I can never talk to a live person under help option right away but they have a good customer team who are easy to reach through email.
What problems is the product solving and how is that benefiting you?
It streamlines the compliance process and reduces manual effort.
Good GRC platform, with several frameworks included.
What do you like best about the product?
It includes several frameworks, like PCI DSS, SOC2 and ISO.
What do you dislike about the product?
Connection for Orca Vulneranility scanner not available yet.
What problems is the product solving and how is that benefiting you?
It shows all of the controls required for each framework, evidence and policies can be uploaded there.
A beginner's guide to Drata
What do you like best about the product?
What makes Drata helpful is the overall consolidation and mapping of the security standards and technical requirements needed to achieve compliance. There are functionalities too that can automate tasks for compliance evaluation which makes it very helpful in analyzing the gaps as to what needs remediation.
What do you dislike about the product?
There are certain options that can be quite challenging to integrate and this needs to be head leveled in the documentation procedures.
What problems is the product solving and how is that benefiting you?
Evaluation and mapping of our current security posture which is needed for our ISMS certification. The ability to automate the evidence collection, control monitoring, and documentation for frameworks like SOC 2, ISO 27001, PCI DSS, HIPAA, and GDPR are hepful. Although there are no one-size fits all in security evaluation, the pre-built frameworks and controls are sufficient to come of with substantial evaluation for a security audit.
Drata: Simplifying Your Compliance Journey
What do you like best about the product?
Drata supports the most common compliance frameworks. It effectively translates compliance requirements into readable control items. Each control item consists of a set of tests that are defined with clear specifications. For example, if an organization wants to adhere to the compliance NIST CSF, personnel responsible for achieving compliance simply focus on the control items of target compliance that Drata organized. Some tests can be shared across multiple compliance frameworks! It is easier for them to implement other compliances more efficiently in the future. Secondly, the most impressive design is the capability of automated evidence collection. With easy configuration on integrations to popular platforms, it can save effort when collecting the evidence of control items. To manage the overall readiness of compliance continuously, Drata provides efficient monitoring of controls, the status of tests, and the integrity of essential evidence. It provides users with real-time status and benchmarks in the dashboard. That helps internal or external auditors to track progress, identify gaps, and demonstrate compliance to key stakeholders. Finally, when I was new to Drata in the beginning, the Drata support team consistently delivered effective solutions to customer issues. The experience of customer support really touched my heart.
What do you dislike about the product?
The automated evidence-collection feature is a very productive design. However, it has both pros and cons. The limitations on integrations may become a burden if the target platform is not on the support list. Another thing that needs to be improved is the instructions for fixing the failed/error tests. Sometimes, I can not directly understand the root cause of the failed test. I hope the error information or solution instructions become more transparent or readable.
What problems is the product solving and how is that benefiting you?
Readiness status: make the estimation on the progress of compliance adherence easier and more readable.
Continuous monitoring: easy to track progress and identify gaps, minimize the risk of non-compliance and reduces the likelihood of costly audit findings.
Automation on evidence: Drata automates many of the manual tasks associated with compliance, frees up valuable resource for the security team and product teams
Continuous monitoring: easy to track progress and identify gaps, minimize the risk of non-compliance and reduces the likelihood of costly audit findings.
Automation on evidence: Drata automates many of the manual tasks associated with compliance, frees up valuable resource for the security team and product teams
showing 61 - 70