External reviews
External reviews are not included in the AWS star rating for the product.
Not sure how we'd get through SOC2 prep without Drata
What do you like best about the product?
Quick view into our current readiness. Without the structure provided by Drata I'm not sure how we'd navigate the SOC2 journey. Tayler Gase, our customer success manager, has been essential to our progress. Her guidance and assistance has helped us better understand the SOC2 process and how to best leverage Drata
What do you dislike about the product?
Product is great but still maturing. Most aspects of the service work exactly as expected but some features need to mature further. For example, custom policies have to be created outside of Drata and uploaded into the platform. Once uploaded, they are in a static, uneditable format and any changes require offline editing and upload of a new version. There is also no linkage between controls that are in-scope and our selected trust service criteria. If we disable a TSC, the related controls remain in-scope.
What problems is the product solving and how is that benefiting you?
As a small company, SOC2 seems like a daunting process. Without a tool like Drata, building the policies, documenting all of the organizational requirements, and determining audit-readiness would be a near impossible task without hiring staff or consultants to handle the workload. Drata provides organization and structure to the SOC2 process and gives a real-time window into audit / compliance readiness.
- Leave a Comment |
- Mark review as helpful
We reviewed 7 different platforms across a range of criteria and Drata came out on top.
What do you like best about the product?
We've been using Drata for about 3 weeks and frankly, we can't imagine doing all this work outside of a platform. Extra special has been the work of Tayler Gase. She's done a great job getting us started and oriented with the entire platform,
What do you dislike about the product?
While Drata is extremely helpful, there are areas where I expect to see great improvement over time. We found some minor bugs and areas where better AI would be helpful. For example, reminder emails are not customizable, the linkage between controls and policies is weak, requiring manual management of both. We'd like better support for custom policies including editing.
What problems is the product solving and how is that benefiting you?
Drata is helping build a comprehensive global, risk and compliance program. It reduces the guesswork required to build a SOC 2 compliant program and their ecosystem of auditors and technology partners helps to move quickly.
Drata is an easy to use service with great support
What do you like best about the product?
I love the good support that we get from Ali McCormick, always an education and in quick time too.
One of the best things is that it is one of the better tools out there for compliance work.
One of the best things is that it is one of the better tools out there for compliance work.
What do you dislike about the product?
I can't think of any dislikes because there aren't any from my side of things.
What problems is the product solving and how is that benefiting you?
It is helping us solve our business and user security and keeping us safe and secure.
This increases productivity knowing that there is a service that is saving you from extra, unnecessary work.
This increases productivity knowing that there is a service that is saving you from extra, unnecessary work.
We have loved Drata
What do you like best about the product?
their account management is fantastic - so helpful. And the tool is very easy to use.
What do you dislike about the product?
we did have one small bug for a while associated with a release - but they worked hard to fix it.
What problems is the product solving and how is that benefiting you?
policy repository and an area where we can save all of our supporting documents for audit + source for security training.
First steps with Drata
What do you like best about the product?
The tool's simplicity and design and the account manager's support. The automation provided and the templates that come with it make all the efforts much lighter.
What do you dislike about the product?
None at the moment. We only began the deployment a few weeks ago and are still in a very early stage to be able to comment further on the experience with the product.
What problems is the product solving and how is that benefiting you?
Drata is helping us to achieve ISO 27001 with all the benefits of having a standardized best practices approach to information security. Using Drata we can achieve the certification much faster due to automation.
Drata offers a robust platform with gold standard service
What do you like best about the product?
Drata offers a robust platform that meets all of our security requirements alongside gold-standard service to support the implementation process. My company is currently working through a very rapid initiative to improve our security compliance program. Both the functionality and support from Drata have been invaluable in the process. Everyone involved has gone above and beyond to match our commitment level and timeline goals.
What do you dislike about the product?
Nothing to note, the experience so far has been fantastic.
What problems is the product solving and how is that benefiting you?
With a combined software and service offering, Drata makes it possible to meet security and privacy requirements, monitor for ongoing compliance, and accumulate and maintain evidence, all in one very efficient and effective package.
Simply the best automation and support system for InfoSec on the market
What do you like best about the product?
The platform itself is very well designed being naturally intuitive while offering an impressive array of automation tools.
But the real stand out is the human element. My account manager Morgan was very helpful when I was starting up and have provided oversight throughout the process. My compliance manager Rick meanwhile has been nothing but outstanding. He has not only always been quick to respond, but has taken various proactive steps that have both helped me evolve my Information Security Management System as well as my own personal knowledge. The support he has provided has gone above and beyond my expectations and really makes Drata second to none. As a result I now strongly recommend Drata to anyone looking to automate their system (as well as planning to use Drata for all future projects I may endeavour on).
But the real stand out is the human element. My account manager Morgan was very helpful when I was starting up and have provided oversight throughout the process. My compliance manager Rick meanwhile has been nothing but outstanding. He has not only always been quick to respond, but has taken various proactive steps that have both helped me evolve my Information Security Management System as well as my own personal knowledge. The support he has provided has gone above and beyond my expectations and really makes Drata second to none. As a result I now strongly recommend Drata to anyone looking to automate their system (as well as planning to use Drata for all future projects I may endeavour on).
What do you dislike about the product?
To be honest their isn't much I dislike about the platform or the support I have received. If I had to nitpick I would like to see the Drata security training for staff onboarding onto the platform to be improved and expanded as it currently feels a bit bare bones in terms of content.
What problems is the product solving and how is that benefiting you?
Drata has solved a variety of issues. Mainly it has allowed me to create and implement an ISMS that is coherent and doesn't collapse under its own weight.
Streamlines your path to compliance and security
What do you like best about the product?
I've gone through SOC2 compliance a couple of times in the past and Drata made everything insanely easy. With Drata, we were able to quickly identify changes needed to be compliant and offered the reporting we needed for our customers. It gave us a central location for all our technical compliance that the team can rally around. Our main contact, Ali, has been amazing and answered any questions we've had throughout the process at lightning speed. Such a great product and team!
What do you dislike about the product?
Couple of things I've run into with our time using Drata: Trust Center cost and monitoring exclusion limitations. For the Trust Center, it's an awesome tool that we use quite a bit to keep manual security requests down but the cost is a bit steep for the offering. There are also no public APIs for you to build something similar if you want to fully integrate it into your website.
For the monitoring exclusion limitations, the monitoring is great... almost too great. We have some repositories that are monitored which simply contain challenges for engineering candidates so they don't need to be monitored like they're production code. Drata will pick up on those every time! I wish we could fully exclude these repositories so we don't have to manually fix these events.
For the monitoring exclusion limitations, the monitoring is great... almost too great. We have some repositories that are monitored which simply contain challenges for engineering candidates so they don't need to be monitored like they're production code. Drata will pick up on those every time! I wish we could fully exclude these repositories so we don't have to manually fix these events.
What problems is the product solving and how is that benefiting you?
Drata is helping us acquire SOC2 compliance to give us a better security posture and add more trust between us and our customers. It gives us a central tool to monitor our compliance and fix things right away instead of once every couple months.
Great integrations take so much of the work out of SOC2
What do you like best about the product?
The built-in integrations with our existing tools are what make Drata amazing. Hooking up a few integrations and having compliance tests go from red to green is so gratifying! It took a lot of work out of SOC2, because Drata gathers the evidence for us. When there are problems, Drata lets us know, and provides great guidance on how to fix things and come back into compliance.
The other great feature of Drata is their agent. It is lightweight and not intrusive. In previous roles I've dealt with MDM systems, which are always terrible, clunky and engineers hate having their agents run. You just kind of forget about the Drata agent and it doesn't get in your way.
The other great feature of Drata is their agent. It is lightweight and not intrusive. In previous roles I've dealt with MDM systems, which are always terrible, clunky and engineers hate having their agents run. You just kind of forget about the Drata agent and it doesn't get in your way.
What do you dislike about the product?
My only complaints are things that aren't really Drata's fault. Some API's don't expose MFA support unless you are are on an enterprise plan (I'm looking at you Heroku), so Drata can't automatically gather that evidence. But once our CS contact (hey Ali, you're great!) let us know it was easy to gather that evidence manually and mark the tests for exclusion.
What problems is the product solving and how is that benefiting you?
Drata got us from barely knowing what SOC2 is, to being audited and compliant on a time scale I would not have believed. Honestly, when they told us possible timelines at kickoff I literally did not believe them, but it worked out and Drata made it possible.
Top-Tier Support!
What do you like best about the product?
The support at Drata is top tier, specifically from our CSM, Ali!
The Drata dashboard and monitoring pages are easy to navigate but if there was ever a question our team had, Ali was always an email reply away. While prepping to achieve SOC 2 Type 1 Compliance, the Drata team made sure we were set up for success by having monthly meetings with us and a final controls check before the big day!
Drata also continues to add to their product, the Security Report by Drata and the Trust Center are two things our customers love!!
Highly recommend using Drata for all things security and compliance!
The Drata dashboard and monitoring pages are easy to navigate but if there was ever a question our team had, Ali was always an email reply away. While prepping to achieve SOC 2 Type 1 Compliance, the Drata team made sure we were set up for success by having monthly meetings with us and a final controls check before the big day!
Drata also continues to add to their product, the Security Report by Drata and the Trust Center are two things our customers love!!
Highly recommend using Drata for all things security and compliance!
What do you dislike about the product?
Nothing at this time - Drata is a large part of our security and compliance processes and we couldn't imagine our life without it!
What problems is the product solving and how is that benefiting you?
Drata's real-time monitoring of controls gives our security team ease, that items will be addressed in a timely manner.
showing 721 - 730