Drata Reviews & Product Details

The best feature Drata has is the mapping of recurring requirements of different frameworks/standards to generic Drata Controls. What this means is that if multiple of your frameworks require pretty much the same thing, you only have one Drata control you need to comply with to satisfy all the requirements of your frameworks. This also means only one place to store evidence, add policies, do tasks, etc. This is tremendous time-saver compared to other GRC tools.

Another great feature is the onboarding service they offer. Every subscription has a number of hours attached that you can use to call in GRC-specialists to help you set up something, or just ask questions. You don't have to struggle to get Drata up and running, but can lean on their expertise.

The AI policy builder they have works quite well. It starts you off with a template for whatever policy you selected, but it can also analyse something you made yourself to see if it adheres with the requirements of the Drata controls. It also makes suggestions for what is missing. It isn't always foolproof, so you do need to review the suggestions yourself, but it is a good tool to pinpoint where you are lacking.

Connections are important to get your compliance evidence in Drata in an automated way, and it is adequate. There are many out-of-the-box intergrations, but frankly some of them are missing automated evidence collection. As an example, we integrated our password manager using the built-in Drata connection, and it was easy to set up and gather our list of users. However, it didn't get data to show that our security-related settings were configured properly. We ended up having to use a custom integration.

Lastly some praise for the UI. It is clean, easy to navigate and most importantly, is intuitive. If I want to see my Risk Register, you just navigate to "Risks". Review collected by and hosted on G2.com.

As a premium offering, the only real barrier to entry is the price. It isn't the most expensive GRC tool I have seen, but it is up there. This can be compounded if you need alot of extras (more frameworks, etc.).

Our experiences with customer support have also been mixed. Some responded very quickly and accurately, while other times the response was too vague to actually answer our question. Review collected by and hosted on G2.com.

Their monitoring dashboard is fantastic for identifying monitoring and compliance gaps, and their policy creation module is a game-changer for getting company policies created or updated. Review collected by and hosted on G2.com.

The way test failures are presented in the pure JSON test output can sometimes make it take an unnecessarily long time to figure out which resource is causing a compliance error. The AI-generated output for these failures has improved, but they could still benefit from better JSON parsing so that, even when the raw output is shown, the user only sees the failures. Review collected by and hosted on G2.com.

It’s a decent tool for tracking SOC 2 compliance rules and controls. It also integrates with our HRIS, which helps keep things connected and easier to manage. Review collected by and hosted on G2.com.

The “tests” for various controls aren’t very intuitive, and at times they feel more arbitrary than helpful. Pricing also seems high relative to the platform’s actual capabilities. During onboarding, the reliability of the tool was oversold, which made it harder to gauge how deep we needed to go with our controls and any supplemental tracking tools. I would have preferred clearer, more practical guidance throughout. Review collected by and hosted on G2.com.

What I like about Drata is how it transforms compliance from a manual, point-in-time effort into a continuous, automated process. Its integrations with tools like cloud providers and identity systems make evidence collection largely hands-off. The dashboard is clear and accessible, giving both technical and non-technical stakeholders quick insight into compliance status. Overall, Drata makes it much easier to stay audit-ready without the usual operational burden, and it scales well as organizations grow. Review collected by and hosted on G2.com.

What I dislike about Drata is that the initial setup and configuration can be time-consuming and sometimes confusing, especially when mapping controls across multiple frameworks.The platform can also generate a high volume of alerts or tasks, which may create noise if not carefully tuned. Review collected by and hosted on G2.com.

I really like the ease of use and the support that Drata provides, especially for a small team like ours. It's helpful to have a tool that works for us in terms of compliance. Drata gives us an overview of all necessary renewals for evidence, and the use of templates is really handy. It's nice that Drata offers many easy setup configurations. Review collected by and hosted on G2.com.

The platform is sometimes a little bit slow and minor bugs. Sometimes I have to wait for tech support to answer for bugs which slows me down, or wait for page loads longer than usual. Review collected by and hosted on G2.com.

Comes with a Drata Trust Center that's relatively easy to manage. That's pretty much the only thing that hasn't broken on me this past year. Review collected by and hosted on G2.com.

Drata seems to have major breakage on what seems to be a monthly basis.

- MDM integration is currently broken

- Audit hub messages from auditors are currently broken

- Using a custom framework, only your auditors can create the controls (and control mappings in the audit hub vs what's in your view of the custom framework are not kept in sync)

I've reached the point where I'm running audits outside of Drata because Drata is so broken.

Customer Service seems to have taken a major step back in quality. I've been advised at least twice to make dangerous changes that each time broke my Drata instance (Google, HRIS). Review collected by and hosted on G2.com.

Comprehensive alerts on tasks and status pf controls. Could not have passed SOC2 audit without Drata. Initial onboarding was difficult as the platform is not intuitive, especially for folks new to the CRG arena. Good documention but not easy to formulate searches as a newbie. Review collected by and hosted on G2.com.

Usage is not intuitive, UI is OK

Support is excellent Review collected by and hosted on G2.com.

What I like best is the Integration with MS365, CERTN, Defender, Meraki ect. the automation makes it easier to manage several endpoints and users. Review collected by and hosted on G2.com.

Clearly defined policy renewal steps should be given prior to renewal, simply renewing a policy without updates changes the version of the document eg: 1.1, 1.2 and the tables inside don't reflect the changes. there's no point in doing the renew without updates as the table below has not reflected the version change. Review collected by and hosted on G2.com.

Drata supports the most common compliance frameworks. It effectively translates compliance requirements into readable control items. Each control item consists of a set of tests that are defined with clear specifications. For example, if an organization wants to adhere to the compliance NIST CSF, personnel responsible for achieving compliance simply focus on the control items of target compliance that Drata organized. Some tests can be shared across multiple compliance frameworks! It is easier for them to implement other compliances more efficiently in the future. Secondly, the most impressive design is the capability of automated evidence collection. With easy configuration on integrations to popular platforms, it can save effort when collecting the evidence of control items. To manage the overall readiness of compliance continuously, Drata provides efficient monitoring of controls, the status of tests, and the integrity of essential evidence. It provides users with real-time status and benchmarks in the dashboard. That helps internal or external auditors to track progress, identify gaps, and demonstrate compliance to key stakeholders. Finally, when I was new to Drata in the beginning, the Drata support team consistently delivered effective solutions to customer issues. The experience of customer support really touched my heart. Review collected by and hosted on G2.com.

The automated evidence-collection feature is a very productive design. However, it has both pros and cons. The limitations on integrations may become a burden if the target platform is not on the support list. Another thing that needs to be improved is the instructions for fixing the failed/error tests. Sometimes, I can not directly understand the root cause of the failed test. I hope the error information or solution instructions become more transparent or readable. Review collected by and hosted on G2.com.

I like the graphical interface of Drata. It's fairly easy to use, and after using it for a while, it becomes very easy. You can quickly look at various areas, from monitoring to pass and fail metrics, and risk assessment and assets. It's just easy to move around and understand where you're at and what you're doing. It breaks everything down simply in front of me, so I can see what's been done and what needs to be done without getting overwhelmed. The initial setup was fairly easy, with the majority of everything going smoothly, and I needed minimal assistance to get set up and running. I'm very happy and impressed with the product overall. Review collected by and hosted on G2.com.

Sometimes scrolling is a bit of an issue for me if I have a smaller monitor. There can be up to three slide bars on the right-hand side, and I have to move the page to go through a longer list. Review collected by and hosted on G2.com.