Drata Security & Compliance Automation Platform

What do you like best about the product?

didnt like anything about the company specially the onboarding process we spent so much time on it

What do you dislike about the product?

sale process was a big lie they sell a very short process of onboarding but in fact it was a very long we spent so much resources on it

What problems is the product solving and how is that benefiting you?

sapuse to solve speed up maintenance and control of regulation in practice its make more work

What do you like best about the product?

I like that Drata helps me with getting ISO 27001 by working as a checklist. The interface and integrations work really well, which I find valuable. It's easy to use and offers clear progress tracking, which allows us to scope tasks efficiently. The customer support is great, as demonstrated when Terrious helped me with the Orca integration issue.

What do you dislike about the product?

The Orca integration was not working but Terrious managed to help me. Support was great

What problems is the product solving and how is that benefiting you?

I use Drata to help me get ISO 27001. It works as a checklist, is easy to use, provides clear progress tracking, and allows us to scope tasks effectively. The interface and integrations work really well.

What do you like best about the product?

Simple & straight forward design. Easy to understand what I need to do. And what's my responsibility. Easy to sign and consume info. I like the gamification as well.

What do you dislike about the product?

Sometimes it's difficult to understand just how much signatures one need to go through, it's duteous and tiring to go over paper works- especailly important ones. So I'd have loved to have a AI summary or maybe highlighting of certain areas that I would need to focus on.

What problems is the product solving and how is that benefiting you?

Solving managing the security tasks - set by our CISO and making sure everyone signed all the relevant paperwork. Team accountablility

What do you like best about the product?

I use Drata for security and compliance, especially for policy creation and ensuring SOC, HIPPA, and GDPR compliance. Drata is crucial in policy creation and control monitoring, making the process of policy creation easy and allowing us to account for all the controls needed for audits. The platform is very easy to use, with a user-friendly web UI and layout that makes navigation simple. I appreciate how well-organized everything is in the Drata UI, allowing me to see, acknowledge, and collaborate on policies effortlessly. It's intuitive and doesn't feel cumbersome like other platforms. Setting up Drata was also easy, and our representatives made the process smooth. This was my first experience with a compliance tool like Drata, but it was easy to learn, and I would definitely recommend it.

What do you dislike about the product?

The collaboration when drafting policy could be better. I've run into issues where multiple people working on the same policy end up conflicting with each other's edits. We tried using Word for live collaboration, but that was clumsy. A live editor would be a game changer! Also, versioning could be improved and more detailed. I think a feature to 'check out' a policy so it isn't editable by others could help avoid conflicts.

What problems is the product solving and how is that benefiting you?

I use Drata for easy policy creation and compliance with SOC, HIPPA, and GDPR. It simplifies policy creation, making it intuitive and organized for monitoring controls during audits.

What do you like best about the product?

Pricing. I do not like nothing else in this SW

What do you dislike about the product?

The role-based model is horrible. You need this software for compliance, but you can’t properly manage your users within it. It feels like they only give you two options: either you do everything yourself, or you have to grant overly broad permissions to others, which then breaks compliance. You cannot manage different companies simuntenioustly because other they cannot spleat access between entities. And DRATA has no trust center, in their case Trust center it is other company and you will need to have addtitional discuttions with them about pricing and functionality.
Limit list of integrations.
Integration which exist is often are not working.

The company deleted support and replace it with AI agent.

What problems is the product solving and how is that benefiting you?

ISO27001 documentation storage

What do you like best about the product?

I love that Drata makes the compliance process so much easier for our ISO27001, SOC2, and HIPAA certifications by doing all the heavy lifting for us. I also appreciate the ease of use; it was so easy to get started, and the UI just makes sense. The way it breaks things down into sections like compliance and risk is really helpful. Setting up Drata was incredibly easy, I was set up in a day.

What do you dislike about the product?

Buying a new framework is incredibly expensive! One additional framework I've been quoted 1/3 of my subscription price!

What problems is the product solving and how is that benefiting you?

Drata simplifies compliance governance for ISO27001, SOC2, and HIPAA. It eases the process by automating heavy lifting and eliminating manual spreadsheet management.

What do you like best about the product?

The tickets include detailed and clear instructions, which makes most of them quick to fix, re-test, and resolve. It feels like steady progress rather than one large chunk of work and pressure.

I also really like the historical results bar chart, as it provides clarity on when an issue was reintroduced.

The web platform and the AWS account integration are consistently accessible, fast, and technical-user friendly.

What do you dislike about the product?

Well, I dislike 2 things:
1. There are no filters on AWS account id or Git project, which would be really nice to have and apply. We have multiple connections to 1 Drata account, so figuring out what account affected via findings is time consuming. Or maybe custom filters sit somewhere, but I haven't found them yet.
2. There was one case of Drata tightening rules on Infra ticket, that caused a lot of confusion. On Jan 28th 2026 NACL rules with ALLOW TCP 0–65535 from 0.0.0.0/0 and ALLOW UDP 0–65535 from 0.0.0.0/0 satisfied Drata test case 227, but on Jan 29th the test 227 started failing. I couldn't find any details on the test rules change, at least it was my understanding that something had been changed in the test settings. Maybe adding "last updated at" + short info would have given some clarity.

What problems is the product solving and how is that benefiting you?

The biggest benefit is from Infra/Compliance monitoring. I'm a software/cloud engineer who is looking at failed tickets and resolving them.

What do you like best about the product?

It's complete: when well configured, it covers efficiently all the controls necessary to reach SOC-2 compliance (and presumably other standards, that I haven't checked yet). It even goes further with list of vendors, risk assessments, and a partnership with SafeBase to host your Trust Center. Great!
The product was pretty responsive and easy to navigate, administrate and use (I haven't worked much with the new UI/UX, tho), and integration with our tech stack (IDP, code-base, etc.) is simple.
Their AI-chatbot is most of the time helpful for basic support, although the corresponding doc is not always up-to-date (so the chatbot may be out-of-date too; but there's always a human to take over).

What do you dislike about the product?

Integration with Linear was supported, but the main point is to submit Linear ticket as evidence… which is not possible (and frustrating).
The "Tasks" module of Drata could be a powerful tool to manage/plan/track/remind all the tasks to do, recurring or punctual, but it is not as complete and smooth as a good old Google or Outlook Calendar (to invite several people, to link to a document, etc.), so we have quickly stopped using it.
Also, like all other GRC tools, it's always hard to justify the price to our management when everything goes well and no threat was directly addressed via Drata.

What problems is the product solving and how is that benefiting you?

We wanted a tool that our auditors could access to answer most of their questions for a SOC-2 audit. Apart from the on-boarding and some permissions issues, Drata did all the work I would have had to do to satisfay the auditors.

What do you like best about the product?

The platform is relatively easy to use and has everything included within it

What do you dislike about the product?

Sometimes it is unclear how the process works fully, especially with the involvement of 3rd party companies

What problems is the product solving and how is that benefiting you?

SOC 2 Type 2 Certification, it would help us in our sales endeavors

What do you like best about the product?

I like Drata's interface and the ease of usage. It's great that it updates automatically when something needs fixing, so I don't have to worry about manual interventions. Compared to other tools, it gives me a sense of knowing exactly what to expect and how things will work. Also, the integrations are pretty good, even though there's room for more apps to be added. Great policy templats.

What do you dislike about the product?

Lack of integrations and maybe a little bit of lack of comprehensive rules regarding for example systems that should not be included / scanned. It doesnt use most secure way of connecting applications via OIDC / workload identity systems. There was a lack of ability to import evidence from other vendors, so we had to do a lot of stuff manually.

What problems is the product solving and how is that benefiting you?

I use Drata to set up ISO 27001 and SOC 2. The interface is easy to use and updates automatically when something needs fixing, so I always know what to expect.