External reviews
External reviews are not included in the AWS star rating for the product.
Aprio January 2025 Review
What do you like best about the product?
Client preparedness for audits. Ease of access through the auditor portal.
What do you dislike about the product?
Most clients believe that we gain efficiencies by obtaining documentation through a GRC platform, but for an auditor, it is really just an different documentation repository. This isn't specific to Drata, it applies broadly. However, integration with FieldGuide should change this.
What problems is the product solving and how is that benefiting you?
Drata helps clients better prepare audit artifacts and have more documenation available the first day of fieldwork.
- Leave a Comment |
- Mark review as helpful
Speeding up Compliance paired with great customer success
What do you like best about the product?
Automation, policy templates and monitoring
What do you dislike about the product?
The auditor experience could be improved. Sometimes the auditors arent really tech savyy and cant find evidences.
Giving them access read only to my complete instance was the way to go!
Giving them access read only to my complete instance was the way to go!
What problems is the product solving and how is that benefiting you?
Speeding up tremendously the security and compliance posture for SOC2
Strong tool at a good value
What do you like best about the product?
It's extensive without being overwhelming.
What do you dislike about the product?
None to speak of really. We're happy so far.
What problems is the product solving and how is that benefiting you?
We are currently working on our SOC II type 2 report. Drata helps up keep track of our progress and needs without getting lost or overwhelmed.
It seems good to me
What do you like best about the product?
It is not intrusive at all - as a user UI just have the agent on my laptop and it does its thing in the backround. My antivirus got disabled and I got a call the next day from our IT department to help me reneable it - so the monitoing is working wekk.
What do you dislike about the product?
I was surprised that they don't have an AI chatbot to solve simple proiblems, I had an issue with the software and had to email the suppor team, seems quite quaint these days. havin said that, the support was quick and resolved my problem.
What problems is the product solving and how is that benefiting you?
Makinmg sure we are compliant
Amazing customer support by Pablo.
What do you like best about the product?
Best Connectivity capabiltiies they have on their tool.
What do you dislike about the product?
It would be great if you could provide mor information from an audit perspective.
What problems is the product solving and how is that benefiting you?
Security Compliance
A great platform that is growing with our capabilities and maturity
What do you like best about the product?
Being able to manage 8 different security compliance frameworks on one platform with only one FTE! The customer sucess team is also great and very much focused on building a long-term relationship...this was the clincher for us. (A big shout out to Alex and Aoife)
What do you dislike about the product?
Some capabilites are maturing slower than others (such as risk and asset management) .
What problems is the product solving and how is that benefiting you?
Managing multiple compliance frameworks, as well as general GRC activities, with limited resources.
Great compliance automation tool, great UX, easy to navigate.
What do you like best about the product?
Drata has been great to map from the ISO 27001 framework requirements to actual controls. Whilst it doesn't replace compliance activities, it has sped up our alignment of our existing process to the ISO 27001 framework controls. The in-built policies have been great to use a base for review and sometimes wholly draft new policies. The risk assessment area is also very good for keeping and scoring risks.
Finally the automation of controls is very good and suited to our environment (circa 150 employees + AWS infratructure). The tool makes it easy to disable tests (where not appropriate) or exclude particular items from the test (and justify this). The raw evidence is often very helpful for troubleshootin why our infrastructure may fail a particular test.
Their customer success folk are absolutely excellent and work with you the whole way, and the interface is very intuitive and so it's as 'self-service' as you can imagine. The onboarding of the various integrations/connections was seamless with little need for help.
During the "getting compliant", Drata has been used pretty mcuh every day by the security team in order to keep track of progress.
Finally the automation of controls is very good and suited to our environment (circa 150 employees + AWS infratructure). The tool makes it easy to disable tests (where not appropriate) or exclude particular items from the test (and justify this). The raw evidence is often very helpful for troubleshootin why our infrastructure may fail a particular test.
Their customer success folk are absolutely excellent and work with you the whole way, and the interface is very intuitive and so it's as 'self-service' as you can imagine. The onboarding of the various integrations/connections was seamless with little need for help.
During the "getting compliant", Drata has been used pretty mcuh every day by the security team in order to keep track of progress.
What do you dislike about the product?
Dislike is a strong word. Given the relative youngness of the company, there are a few rough edges spread around none of which stop getting the value from the tool. It sometimes feel like the tool is geared more towards "keeping compliant" than "getting compliant" - which of course will be the vast majority of the platform's use.
Occasionally, the platform is a little limited (integrating with Enterprise Intune policies needs to be done in a very particular way) - though this we managed to overcome with the help our Customer Success manager. In other areas, we disagreed with some of the automated monitoring tests and their implementation (for example around production access to Gitlab). but that was overcome by using their API to upload evidence automatically from a small CI/CD job and disabling that single test. On the whole, we use almost every test provided by Drata out of the box.
Occasionally, the platform is a little limited (integrating with Enterprise Intune policies needs to be done in a very particular way) - though this we managed to overcome with the help our Customer Success manager. In other areas, we disagreed with some of the automated monitoring tests and their implementation (for example around production access to Gitlab). but that was overcome by using their API to upload evidence automatically from a small CI/CD job and disabling that single test. On the whole, we use almost every test provided by Drata out of the box.
What problems is the product solving and how is that benefiting you?
It's helping ensuring that as we rework our policies, ways of working, etc, that we are algining to ISO 27001 and helping us formalise and identify activities we were already doing. Ultimately, it will help us with the ongoing compliance by prompting for regular activities to be performed, highlighting where we've departed from standards/policies immediately within 24 hours, etc.
Great tool with a great team behind
What do you like best about the product?
Very easy-to-use tool with a lot of functionality provided out of the box. On top of this, the team is super supportive and responsive.
What do you dislike about the product?
When following a particular framework, ISO 27001:2022 in our case, it makes it difficult to get a clear overview of controls required within the framework, statement of applicability. So we had to develop a different overview we used for audit purposes to show the controls, whether they are applicable to us or now and how they are implemented (where we linked all relevant Drata controls). So was a bit of a work around.
What problems is the product solving and how is that benefiting you?
Automated monitoring, risk management, controls management, evidence library.
Excellent platform, all my security and compliance data in one solution, perfect.
What do you like best about the product?
I like that I can conduct all my GRC activities on one platform, and get instant feedback and dashboards to show my current level of compliance. In addition, the automation has helped increase efficiency exponentially.
What do you dislike about the product?
It would be usefull to be able to manage all my risk in one area, however, I am informed that an enterprise risk module is being released shortly.
What problems is the product solving and how is that benefiting you?
It is automating and therfore making security, risk, and thrid party management more efficient.
SOC2 compliance experience with Drata
What do you like best about the product?
Drata is pretty easy to use once you understand how the user interface is setup. The detailed guide in every step has been very helpful.
What do you dislike about the product?
Initially the UI was a little confusing. I can never talk to a live person under help option right away but they have a good customer team who are easy to reach through email.
What problems is the product solving and how is that benefiting you?
It streamlines the compliance process and reduces manual effort.
showing 51 - 60