External reviews
External reviews are not included in the AWS star rating for the product.
Great customer onboarding and overall continues support
What do you like best about the product?
The continous support from technical aspect as well as product level improvements. I am certainly sending a huge shoutout and appreciation to Greta Wagner, THANK YOU!
What do you dislike about the product?
I honesntly don't have any dislikes at the moment. Keeping in mind the duration of existance of the company vs the maturity is highly respectable
What problems is the product solving and how is that benefiting you?
Meeting standard frameworks compliance
- Leave a Comment |
- Mark review as helpful
Drata makes SOC2 compliance easy to understand and execute
What do you like best about the product?
Drata is great because everything is on their platform. The controls are well organized and easy to understand. Their customer service also responds extremely fast if there are any other questions. Their direct integration with auditors is also a big plus.
What do you dislike about the product?
So far, I have not run into any downsides of using drata
What problems is the product solving and how is that benefiting you?
Drata is helping us achieve SOC2 compliance in a way that is manageable and easy to understand.
Easy compliance management across multiple frameworks
What do you like best about the product?
We are targetting the SOC2, GDPR and CCPA frameworks so it is really nice to have things cross-linked across frameworks and not have to the equivilant work multiple times.
The integrations with the other platforms we use (Google, AWS, Jumpcloud) also just worked out-of-the-box.
The handholding we got from our CSM (Tori) was also exceptional and allowed is to get through our SOC2 with a clean bill of health.
The integrations with the other platforms we use (Google, AWS, Jumpcloud) also just worked out-of-the-box.
The handholding we got from our CSM (Tori) was also exceptional and allowed is to get through our SOC2 with a clean bill of health.
What do you dislike about the product?
We follow the AWS Well Architected Framework which requires you to use AWS Organizations as a way of structuring your infrastructure, but the integration with AWS is at the account level not the Organization level which means you have make sure to periodically check to make sure all accounts are added. There is also no way to say 'this is a non-production account to all high availability items are out of scope' so you have to exclude each RDS instance as it comes online from a lower level accounts.
Maintaining manual evidence when nothing has changed can also be a little clunky. Every time you need to submit against a control it is a new report / doc as compared to a new entry in an existing one. I understand the 'why' of it, but when doing monthly or quarterly reviews of things it becomes a bit of a paper cut.
Maintaining manual evidence when nothing has changed can also be a little clunky. Every time you need to submit against a control it is a new report / doc as compared to a new entry in an existing one. I understand the 'why' of it, but when doing monthly or quarterly reviews of things it becomes a bit of a paper cut.
What problems is the product solving and how is that benefiting you?
We are in the business of helping compainies migrate their contractor compliance management platforms away from Excel and into the cloud. Drata lets us do the same thing around our own internal compliance programs.
Drata is exceptional
What do you like best about the product?
In a world of substitutes, the only real product anyone offers is customer service. We partnered with Drata to help us prepare for a SOC2 compliance audit. The platform is excellent. If you've ever done an initial SOC2 audit prep, you know there are many questions to be answered. Drata's live support team is incredibly responsive and regularly answers my questions with one response. Not only are they really focused on making sure I have the answers I need to proceed, they often provide links to articles that empower DIYers like me. I appreciate a direct answer as much as anyone else, but these articles help me understand why the answer is what it is.
What do you dislike about the product?
If I have to come up with something, I'd have to say that I'd really like a way to search all policies from one location. For example, when we began the process of preparing for our SOC2 audit, there were many questions that arose from our need to better understand what was required in a given policy. We used the notation functionality within the policy editor to document our questions. There isn't however a centralized location to see all of my comments on all policies. Consequently, I have to open and close each of the 20 policies to find the comments and get answers. It's inconvenient but not a deal breaker.
What problems is the product solving and how is that benefiting you?
We need to achieve a passing SOC2 compliance audit. Without Drata, we could not do this on our own. We do not understand the needs well enough to spool up an internal team to make this happen. With Drata, we have the structure and support to launch into this process with a high degree of confidence.
SOC 2 and ISO 27001 compliance platform
What do you like best about the product?
Access to auditors via (mostly) immediate text chat. The frameworks are quite tricky to understand, and while the Drata platform makes many elements more straightforward, it's great to get clarification of my interpretation, just to get some reassurance that I've understood the wording correctly.
What do you dislike about the product?
It's not cheap! Many American SaaS platforms forget that companies outside the USA aren't able to pay USA prices - so I do think Drata needs to tailor to other markets, where it operates in them.
What problems is the product solving and how is that benefiting you?
I was tasked with "getting SOC 2" - which I wasn't too familiar with, beyond the fact it exists. This has been a massive can of worms, involving rewriting every policy, examining every single information system and process, and I have absolutely no idea how I'd have coped without Drata.
Some organisations have the benefit of inhouse auditors, legal, and so on - we're just 70 people, and SOC 2 / ISO 27001 projects are not my main job. If it wasn't for Drata, this process would be taking much longer, and I suspect would involve huge amounts of expense with external consultants.
Some organisations have the benefit of inhouse auditors, legal, and so on - we're just 70 people, and SOC 2 / ISO 27001 projects are not my main job. If it wasn't for Drata, this process would be taking much longer, and I suspect would involve huge amounts of expense with external consultants.
Using Drata as a SOC-2 compliance platform
What do you like best about the product?
We love Drata because it helps us gain visibility over our internal controls and audits in preparation for SOC-2 renewals. The support is top notch and always responds within minutes with accurate and precise information.
What do you dislike about the product?
Our experience has been great so far, although the self-service can use a few improvements. I am thinking in terms of a FAQ section that covers each major item (and sub-sections) in the user dashboard to make it easier for new users to browse the application.
What problems is the product solving and how is that benefiting you?
Please refer to what I said earlier about what we like about Drata.
Great experience
What do you like best about the product?
Very user friendly, fast and effective customer service (both account management and compliance guidance). Made compliance certification and tracking much less daunting.
What do you dislike about the product?
No real downsides. The reports and docs tab could be more user friendly - hard to search and doesn't have as many classification options as would be useful. Also, some reports are stored under HR/company settings rather than in reports and docs.
What problems is the product solving and how is that benefiting you?
Drata has allowed us to track our compliance and to prepare our certifications. Its frameworks mean that we do not forget any requirements and we can centrally store evidence.
Easy to use SOC2 compliance platform
What do you like best about the product?
User-friendly, easy to understand what you and your team need to manage to be successfully compliant. Onboarding new users is easy and managing requirements is quick.
What do you dislike about the product?
Nothing so far, it's going well. I've used the consultant chat service and it was quick and easy.
What problems is the product solving and how is that benefiting you?
We're obtaining our SOC2 certification and need guidance on how best to prepare for the audit.
Simplified the process of getting our first SOC 2 attestation
What do you like best about the product?
Drata has a modern software platform that I found to be highly usable and free of errors compared to many web apps. They automate everything possible about the compliance process. But the thing I like best about working with Drata are the professionals they make available to guide you through the steps to getting an attestation. They kept it all from being overwhelming.
What do you dislike about the product?
There is definitely a learning curve when first starting with the Drata platform, but that is to be expected. For me, I found it harder to scale the curve of understanding SOC 2 requirements than the web app itself.
What problems is the product solving and how is that benefiting you?
Drata tracks relevant data towards our SOC 2 compliance via both automated means and the addition of manual evidence. Our auditors use Drata to request information from us and track our responses.
Drata makes compliance easy
What do you like best about the product?
Drata includes plenty of tools to facilitate the compliance journey, ranging from boiler-plate policies to activity monitoring.
What do you dislike about the product?
The on-boarding flow could use some improvement, as it isn't immediately apparent what one should work on.
What problems is the product solving and how is that benefiting you?
As a small start-up, we did not have any prior compliance experience. Drata eliminated the need to build out a compliance team or hire a consulting firm and allowed us to build our capabilities in house with our current headcount.
showing 281 - 290