Drata Reviews & Product Details

What I like about Drata is how it transforms compliance from a manual, point-in-time effort into a continuous, automated process. Its integrations with tools like cloud providers and identity systems make evidence collection largely hands-off. The dashboard is clear and accessible, giving both technical and non-technical stakeholders quick insight into compliance status. Overall, Drata makes it much easier to stay audit-ready without the usual operational burden, and it scales well as organizations grow. Review collected by and hosted on G2.com.

What I dislike about Drata is that the initial setup and configuration can be time-consuming and sometimes confusing, especially when mapping controls across multiple frameworks.The platform can also generate a high volume of alerts or tasks, which may create noise if not carefully tuned. Review collected by and hosted on G2.com.

I really like the ease of use and the support that Drata provides, especially for a small team like ours. It's helpful to have a tool that works for us in terms of compliance. Drata gives us an overview of all necessary renewals for evidence, and the use of templates is really handy. It's nice that Drata offers many easy setup configurations. Review collected by and hosted on G2.com.

The platform is sometimes a little bit slow and minor bugs. Sometimes I have to wait for tech support to answer for bugs which slows me down, or wait for page loads longer than usual. Review collected by and hosted on G2.com.

Comes with a Drata Trust Center that's relatively easy to manage. That's pretty much the only thing that hasn't broken on me this past year. Review collected by and hosted on G2.com.

Drata seems to have major breakage on what seems to be a monthly basis.

- MDM integration is currently broken

- Audit hub messages from auditors are currently broken

- Using a custom framework, only your auditors can create the controls (and control mappings in the audit hub vs what's in your view of the custom framework are not kept in sync)

I've reached the point where I'm running audits outside of Drata because Drata is so broken.

Customer Service seems to have taken a major step back in quality. I've been advised at least twice to make dangerous changes that each time broke my Drata instance (Google, HRIS). Review collected by and hosted on G2.com.

What I like best is the Integration with MS365, CERTN, Defender, Meraki ect. the automation makes it easier to manage several endpoints and users. Review collected by and hosted on G2.com.

Clearly defined policy renewal steps should be given prior to renewal, simply renewing a policy without updates changes the version of the document eg: 1.1, 1.2 and the tables inside don't reflect the changes. there's no point in doing the renew without updates as the table below has not reflected the version change. Review collected by and hosted on G2.com.

Drata supports the most common compliance frameworks. It effectively translates compliance requirements into readable control items. Each control item consists of a set of tests that are defined with clear specifications. For example, if an organization wants to adhere to the compliance NIST CSF, personnel responsible for achieving compliance simply focus on the control items of target compliance that Drata organized. Some tests can be shared across multiple compliance frameworks! It is easier for them to implement other compliances more efficiently in the future. Secondly, the most impressive design is the capability of automated evidence collection. With easy configuration on integrations to popular platforms, it can save effort when collecting the evidence of control items. To manage the overall readiness of compliance continuously, Drata provides efficient monitoring of controls, the status of tests, and the integrity of essential evidence. It provides users with real-time status and benchmarks in the dashboard. That helps internal or external auditors to track progress, identify gaps, and demonstrate compliance to key stakeholders. Finally, when I was new to Drata in the beginning, the Drata support team consistently delivered effective solutions to customer issues. The experience of customer support really touched my heart. Review collected by and hosted on G2.com.

The automated evidence-collection feature is a very productive design. However, it has both pros and cons. The limitations on integrations may become a burden if the target platform is not on the support list. Another thing that needs to be improved is the instructions for fixing the failed/error tests. Sometimes, I can not directly understand the root cause of the failed test. I hope the error information or solution instructions become more transparent or readable. Review collected by and hosted on G2.com.

I like the graphical interface of Drata. It's fairly easy to use, and after using it for a while, it becomes very easy. You can quickly look at various areas, from monitoring to pass and fail metrics, and risk assessment and assets. It's just easy to move around and understand where you're at and what you're doing. It breaks everything down simply in front of me, so I can see what's been done and what needs to be done without getting overwhelmed. The initial setup was fairly easy, with the majority of everything going smoothly, and I needed minimal assistance to get set up and running. I'm very happy and impressed with the product overall. Review collected by and hosted on G2.com.

Sometimes scrolling is a bit of an issue for me if I have a smaller monitor. There can be up to three slide bars on the right-hand side, and I have to move the page to go through a longer list. Review collected by and hosted on G2.com.

I like that Drata is easy to use, and I feel confident that everything is safe and secure when I store my information. I appreciate that I can just click into it whenever I need to. The support I receive is fast and efficient. It's very fast and efficient overall. Installing Drata was extremely easy; the instructions were simple, and it was ready to go right after downloading. The customer service is exceptional. Review collected by and hosted on G2.com.

I can't think of anything that I dislike about Drata. I found it so simple to install based on the instructions that were sent to me from my IT team. Review collected by and hosted on G2.com.

I find Drata's UI easy to use, and their support team is sharp and quick to reply. They have incredible integration capabilities, and as a small, lean startup team, Drata has been an excellent investment to achieve compliance. I also appreciate that we don't need prior knowledge to onboard thanks to their great guides that help us focus on what matters most. The initial setup of Drata was very easy, offering a great onboarding experience. Review collected by and hosted on G2.com.

The policy review process is lengthy in terms of steps. We manage our policies outside in Notion to allow for collaboration. It would be great if they could have a 'change request' that's comment-driven, reducing the back and forth across different tools to support collaboration. Review collected by and hosted on G2.com.

I really like the automation and integrations that Drata provides. They help me manage information security and privacy much more easily, especially since we have limited resources. Drata significantly reduces manual effort and provides easy, actionable insights into areas that need fixing. The initial setup was pretty straightforward, and I also appreciate its seamless integration with tools like GitHub, Heroku, and Google Workspace. Review collected by and hosted on G2.com.

There's a few bits of clunky user flow - e.g. when a control is marked as 'not ready' it's not always clear why it's not ready. It would be better if there was a clear button that showed a step-by-step guide on how to fix something. Review collected by and hosted on G2.com.

I use Drata for my GRC program including ISO27001, SOC2, GDPR, and Cyberessentials. I appreciate having better visibility of my controls and risks all in a single console. I like the ability to integrate with my tech stack with automated evidence collection. I don't have to log into AWS and Google Workspace to check compliance as everything is visible from Drata connections. The automation of evidence collection for SOC2 is what made us switch from Rubiq. Review collected by and hosted on G2.com.

The asset management module could be improved to generate a consolidated report. It currently doesn’t display device serial numbers and make, which are useful identifiers for an asset list. The serial numbers can only be seen when downloading a report for an individual, not for the entire company. I’d prefer Drata to have out-of-the-box modules like incident management to avoid purchasing a separate solution. Having an incident management report and a business continuity flow would greatly enhance Drata. Also, the integrations with Zoho Desk have been buggy since last year, and the issue remains unresolved despite logging a ticket about it. Review collected by and hosted on G2.com.