Drata Reviews

“Really simplifies ISO27001 & SOC2 audits and compliance

Pros

The Drata platform makes it a lot easier to check your systems and ensure you're following best practices for ISO and SOC2 compliance/audit. The workstation monitoring agent is simple to deploy and non intrusive. Policy management is greatly simplified, allowing you to map to controls and manage the lifecycle. It doesn't do everything for you but it brings all the relevant information together for a more holistic view of your current security posture. It's an essential tool for any GRC or security professional. Also their onboarding process is fantastic. Our account manager was there every step of the way with helpful advice, chasing down answers to tricky questions and checking in to make sure we were set up for success.

Cons

The UI can be a little tricky to navigate at times but considering it's bringing together so many disparate services, its understandable. It's not a major issue and once you get the hang of it, these "issues" fade into the background compared to how helpful the platform is overall.

“Making compliance easy and straightforward

Pros

Tracking compliance has never been easier with Drata. The automated workflows,along with integrations with tools like Google Workspace, AWS and Slack, eliminate much of the manual effort. The dashboard is clean, adaptable and easy to navigate, allowing me to stay on top of tasks and audits effortlessly. It keeps everything organized in one place making it simple to manage compliance and ensure nothing is overlooked.

Cons

Some of the integrations need a bit of fine tuning during the initial setup and there can occasionally be sync delays. It would also be great if a mobile app were available for easier access on the go.

“Amazing product backed by fantastic support

Pros

This has been an excellent platform for starting our ISO-27001 journey. With so many aspects to this certification, Drata has simplified the process in many ways. We had numerous questions regarding policies and it has helped us enormously.

Cons

One of the most annoying limitations of the tool is the inability to store my list/filter settings in the controls, personnel etc. With so many people, it's a waste of time for it to only show 20 items at a time. Also when I go to the controls, I prefer sorting by policy number instead of alphabetically but I have to reset that every time I use the app.

“Drata helps bring order to compliance in a chaotic business

Pros

As someone who used to handle compliance manually, I love how Drata uses our vendors and systems to automate much of the data collection and organization of evidence. The support is always available for questions and the dashboard and onboarding steps make implementation simple. They walk you through the steps with questions and once you select your auditor, they know Drata well and can help tie up any loose ends before starting an audit.

Cons

There's no downside in my experience. They have integrations with all of our cloud, development and IDP systems.

“A game-changer in third-party risk management and compliance

Pros

As the Information Security and IT Director, I'm responsible for our SOC 2 and CCPA compliance and managing third-party risk. Drata has been a fantastic partner in automating and streamlining these efforts. The real-time monitoring, seamless integrations and interactive dashboard have made our SOC 2 compliance effortless. Drata continuously tracks our security posture, evidence and policies. While the technology is excellent, the real differentiator has been our Customer Success Manager. Her expertise in SOC 2 compliance has been invaluable, whether we need guidance on compliance updates or details on current controls.

Cons

One area I think Drata could improve is by expanding and improving its integrations with other security and IT tools.

“The perfect tool to ensure ongoing compliance

Pros

Drata's features for evidence collection, control monitoring and policy and procedure automation are incredibly helpful.

Cons

A lack of customization options for report exports, particularly for features like employee compliance and monitoring could be an area for improvement.