Drata Reviews & Product Details

Drata supports the most common compliance frameworks. It effectively translates compliance requirements into readable control items. Each control item consists of a set of tests that are defined with clear specifications. For example, if an organization wants to adhere to the compliance NIST CSF, personnel responsible for achieving compliance simply focus on the control items of target compliance that Drata organized. Some tests can be shared across multiple compliance frameworks! It is easier for them to implement other compliances more efficiently in the future. Secondly, the most impressive design is the capability of automated evidence collection. With easy configuration on integrations to popular platforms, it can save effort when collecting the evidence of control items. To manage the overall readiness of compliance continuously, Drata provides efficient monitoring of controls, the status of tests, and the integrity of essential evidence. It provides users with real-time status and benchmarks in the dashboard. That helps internal or external auditors to track progress, identify gaps, and demonstrate compliance to key stakeholders. Finally, when I was new to Drata in the beginning, the Drata support team consistently delivered effective solutions to customer issues. The experience of customer support really touched my heart. Review collected by and hosted on G2.com.

The automated evidence-collection feature is a very productive design. However, it has both pros and cons. The limitations on integrations may become a burden if the target platform is not on the support list. Another thing that needs to be improved is the instructions for fixing the failed/error tests. Sometimes, I can not directly understand the root cause of the failed test. I hope the error information or solution instructions become more transparent or readable. Review collected by and hosted on G2.com.

I like that Drata is easy to use, and I feel confident that everything is safe and secure when I store my information. I appreciate that I can just click into it whenever I need to. The support I receive is fast and efficient. It's very fast and efficient overall. Installing Drata was extremely easy; the instructions were simple, and it was ready to go right after downloading. The customer service is exceptional. Review collected by and hosted on G2.com.

I can't think of anything that I dislike about Drata. I found it so simple to install based on the instructions that were sent to me from my IT team. Review collected by and hosted on G2.com.

I use Drata for my GRC program including ISO27001, SOC2, GDPR, and Cyberessentials. I appreciate having better visibility of my controls and risks all in a single console. I like the ability to integrate with my tech stack with automated evidence collection. I don't have to log into AWS and Google Workspace to check compliance as everything is visible from Drata connections. The automation of evidence collection for SOC2 is what made us switch from Rubiq. Review collected by and hosted on G2.com.

The asset management module could be improved to generate a consolidated report. It currently doesn’t display device serial numbers and make, which are useful identifiers for an asset list. The serial numbers can only be seen when downloading a report for an individual, not for the entire company. I’d prefer Drata to have out-of-the-box modules like incident management to avoid purchasing a separate solution. Having an incident management report and a business continuity flow would greatly enhance Drata. Also, the integrations with Zoho Desk have been buggy since last year, and the issue remains unresolved despite logging a ticket about it. Review collected by and hosted on G2.com.

The most valuable feature for us is the continuous monitoring and real-time alerts, which provide reassurance that our controls are consistently effective. Drata also simplifies evidence collection and audit preparation, helping us save time and reduce the risk of errors. As a result, we are able to maintain compliance proactively and dedicate more attention to strategic security improvements instead of getting bogged down by administrative work.

In terms of usability, the platform is highly intuitive and user-friendly, making it easy for even new team members to navigate and complete tasks. The implementation process was smooth and quick, thanks to clear instructions and minimal disruption to our existing workflows. Drata’s integration with our current tools and systems is seamless, which cuts down on manual work and keeps our data consistent across platforms. The customer support team is always responsive, knowledgeable, and eager to help, which greatly enhances our overall experience. We rely on Drata daily for monitoring and compliance activities, and it has become an essential part of our security operations. Review collected by and hosted on G2.com.

It would be great to have more available integrations, for example with popular observability tools such as Grafana. Review collected by and hosted on G2.com.

I appreciate how Drata keeps everything organized, from evidence and compliance to risk management, making it the key to everything. The interface is always improving, becoming smarter and easier to use, which is great since I am in it every day working on compliance. What I really like is how the interface actively guides me through compliance work by linking controls, policies, and integrations together. It lets me see what's wrong, what's missing, why it matters, and how to fix it. The setup process is very intuitive as well, allowing me to add and remove vendors, policies, and connections easily. Drata was essential in obtaining our first SOC2 certification and continues to be invaluable in maintaining it. I can't imagine how challenging it would be to organize everything without Drata. Review collected by and hosted on G2.com.

I always seem to struggle when it comes to the hardware. I feel that workstations could be reported on a little better. Same for people. When looking at people, and seeing their compliance tasks overdue, like policies, it feels a bit convoluted. Review collected by and hosted on G2.com.

Drata let's us control all of our compliance/audit related requirements in one system–simple as that. The UX is great–it's easy to understand, easy to navigate, easy to add evidence, etc. The automation workflows are great–being able to automatically import all of our employees, devices, 2FA rules, etc. directly from our SaaS/PaaS products (e.g., Azure) is fantastic. The TrustCenter is quite helpful as well as a way of sharing sensitive documents (e.g. audit reports) with third parties in a tracked manner. It's a great tool tbh. Review collected by and hosted on G2.com.

It's a big system so it can be quite confusing at first. It's hard to know what's actually required for your various audit types–Drata gives you a template for nearly everything, but do you actually need everything in the template? Probably not. That's not Drata's fault, it's just the nature of being a generalized compliance tool that works across every industry. Review collected by and hosted on G2.com.

I like how easily and friendly the interface of Drata is. It's very clean, and everything is easy to find, which is important since we ask our employees to use this software once a year; having an easy-to-use interface is crucial. It ensures that they can complete courses and understand everything without spending a lot of time figuring out how the software works. The initial setup was easy too; we just needed to set some things, and it was working pretty well. Everyone can do the courses and make sure they're aware of the best practices, so it's easy-going software. Review collected by and hosted on G2.com.

I had some issues logging in, but the team was very helpful. They helped me, and I received a reply a few minutes after requesting some help. They can add an option to log in with social media to avoid issues, such as not receiving matching links because they end up in the spam folder. Review collected by and hosted on G2.com.

I like the pricing point of Drata, which is important as we are mindful about our budget while trying to achieve SOC2 compliance. The onboarding process was smooth, and we were guided through a series of workshops and onboarding sessions that provided us the tools to start using the platform effectively. The initial setup of Drata was also easy. Review collected by and hosted on G2.com.

The UI is a little confusing sometimes. As someone who has already done a SOC2 audit with a competitor product, I sometimes find the Drata platform a little confusing. It's not straightforward to see what tasks are missing and what specific things we need to fix. I think UX could be improved. Review collected by and hosted on G2.com.

I like that Drata reminds us when to update and submit our evidence for the past 12 months. It's convenient to have one place to add all the evidence instead of having pieces stored in different locations. This organization makes it easier to refer back to the information submitted as evidence. The reminders are also helpful once the time to review the evidence is near. We have successfully integrated Drata with our other platforms like Office365, Jira, and Bitbucket. Review collected by and hosted on G2.com.

The audit option is a bit clunky as it's hard to differentiate who owns the control. In addition, we still need to double up on maintaining the policies. Once version in Drata and another soft copy we need to keep when it is required by our clients when we do proposals. Our Sales team will need access to the latest version. It took a while to fully understand what it did. Review collected by and hosted on G2.com.

I like Drata's simple login UX which makes onboarding users easy since they just need to go to the login screen and sign in with Google. The reporting feature is decent and allows me to track how many people are yet to install the agent. I also appreciate the ease of installing the agent software. The initial setup was fairly good, with simple integration of Google Workspace and Atlassian, and even though the integration with Hibob (HRIS) took a bit longer, Drata support was helpful in resolving this by providing the necessary third-party integration docs. Review collected by and hosted on G2.com.

More reporting options would be useful. More granularity with filters is needed; for example, I can filter by non-compliant devices, but I can't filter by a single non-compliant device-related item like a screen lock. Also, scheduled and saved reports are a must, which is missing currently. The initial setup with certain integrations like HiBob (HRIS) took a little longer because the guide we followed ended up missing a few steps. Eventually, Drata support helped by finding the third-party integration docs and forwarding them to me. Review collected by and hosted on G2.com.