Vendor Insights
An AWS Security Competency Partner, Drata is a GRC automation solution that allows companies to continuously monitor security and compliance controls, automatically collect evidence needed for an audit, and manage and remediate risk. Drata streamlines common compliance frameworks like SOC 2, ISO 27001, GDPR, and more and allows you to share your real-time compliance posture with prospects and customers to build trust and accelerate growth.
Overview
Drata's compliance automation platform integrates with over 200 applications and systems to continuously monitor security controls and streamline over 20 compliance frameworks, standards, and regulations, such as SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, and more. Drata integrates with 45+ AWS services and is a proud AWS Security Competency partner with an AI engine built on AWS Bedrock.
Whether you're looking to get compliant quickly for the first time or want to streamline your complex GRC program, Drata scales with you. Get and stay compliant efficiently, build risk management into your GRC practice, and share your real-time compliance posture with prospects and customers to build trust and sell into new markets.
Continuous automated monitoring alerts Drata customers when security controls aren't operating effectively to remediate, stay secure, and keep from falling out of compliance. Plus, automatic evidence collection makes the audit process as seamless as possible.
Highlights
- Drata for Startups: Drata helps startups create a scalable foundation and systematic approach to compliance to unlock market opportunities and scale safely. Startups can speed up audit prep time with Drata's best-in-class automation and support from our compliance experts to achieve SOC 2 and ISO 27001 compliance quickly.
- Drata for Commercial and Mid Market: Drata helps companies with audit experience establish a scalable GRC program and structured process for risk management. Streamline compliance tasks and substantially reduce manual workloads while leveraging compliance to increase revenue and build trust.
- Drata for Enterprise: Customers can optimize and customize their mature GRC programs and depend on reliable compliance outcomes. Organizations can manage and remediate risk and leverage Drata workspaces and workflows to keep pace with the complexity of advanced compliance programs.
Details
Features and programs
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(2)
ISO27001
SOC2
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on contract duration. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Dimension | Description | Cost/12 months |
|---|---|---|
Drata Platform Fee | Access to the Drata SaaS platform with capacity for a 100 FTE org | $25,000.00 |
SOC 2 Framework | SOC 2 2017 control set | $7,500.00 |
GDPR Framework | GDPR control set | $7,500.00 |
ISO 27001 Framework | ISO 27001 v2022 control set | $7,500.00 |
HIPAA Framework | HIPAA control set | $7,500.00 |
PCI DSS Framework | PCI DSS control set | $7,500.00 |
CCPA Framework | CCPA control set | $7,500.00 |
CMMC Framework | CMMC control set | $7,500.00 |
Microsoft SSPA Framework | Microsoft SSPA control set | $7,500.00 |
NIST CSF Framework | NIST CSF control set | $7,500.00 |
Vendor refund policy
All Orders are non-cancellable and all fees and other amounts you pay under this Agreement are non-refundable.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Included in your contract, Drata provides onboarding, live chat (in product), and continuous enablement. Onboarding includes integration setup, assistance configuring compliance policy and controls in the platform, and guidance on utilizing our network of auditors and technology/service partners to serve you in your compliance journey. support@drata.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
An AWS Security Competency Partner, Drata is a GRC solution that enables companies to continuously monitor security and compliance controls, automatically collect evidence needed for an audit, and manage and remediate risk. Drata also allows you to share your real-time compliance posture with prospects and customers to build trust and accelerate growth.
Drata Starter - SOC 2 compliance pathway
By AssuranceLab
Do less… of the things that don’t add value to your business with Drata Starter. It’s compliance without the complexity.
AssuranceLab’s Startup Compliance Accelerator
By AssuranceLab
Our startup accelerator program combines free tools and guides with experienced auditor support to help fast-track your compliance goals. No fees. No strings attached.
SOC 2 Jetpack for AU/NZ Startups
By gwi.digital
Amongst the growing list of cyber security standards, frameworks and certifications, SOC2 has essentially become the baseline standard for SaaS. SaaS customers want to know that the companies handling their data are doing that security and taking it seriously and SOC 2 helps them prove that. We get it, you need to get SOC 2 as fast and cheaply as you can. Minimize the amount of internal work to get to the end. And try to get some lasting value. That’s exactly where our SOC 2 Jetpack for AU/NZ Startups comes in. In it, we’ve put together everything you need to get across the SOC 2 line. It's the simplest and fastest way to get your SOC 2 if you are an AU/NZ startup.
Customer reviews
Information Technology and Services
Drata at its best.
Reviewed on Nov 12, 2024
Review provided by G2
What do you like best about the product?
I had never used a tool like Drata before in my 40 years of experience. It is so easy to use and navigate. It contains all the features required for Compliance. The Risk Management, Controls, personnel & the main feature Monitoring is its best.
What do you dislike about the product?
I have still not come across any downside as I have been using it for the last two months.
What problems is the product solving and how is that benefiting you?
The tests being done by Drata is helping me in a way that I don't have to do all the tests simultaneously. Monitoring is so easy. All policies are in one place. All security controls are in one place. The risks once assessed and the risk register & risk treatment plan are all in one place. I can monitor all the employees about what they have complied with and where they are not compliant.
Leave a comment0 comments
Vergil S.
Drata has made my life SO much easier when it comes time for Audits, and continuous compliance.
Reviewed on Nov 08, 2024
Review provided by G2
What do you like best about the product?
Drata consolidates evidence in one handy place, which means extracting needed info for auditors simple.
What do you dislike about the product?
I don't love that auditors can see historical test data - this can make it look like we aren't managing some systems well, when in reality we just don't have integrations that are compatible (ie, vulnerability scanning).
What problems is the product solving and how is that benefiting you?
Solve the time problem very effectively, and makes it easy to manage multiple areas of compliance in one dashboard.
Manufacturing
Drata - Review after a few months using the tool
Reviewed on Nov 08, 2024
Review provided by G2
What do you like best about the product?
Automatic evidence collection, friendly user interface, ease of onboarding and implementation
What do you dislike about the product?
My organization is still fairly new to using Drata, so not a ton of downsides have been discovered yet. That said, we were excited to use the Trust Center to surface various documentation to customers. It seems tha tthe Trust Center still needs to mature a bit, as you are limited types of documentation can be surfaced there and simple features, such as the order that documents appear, are not in place yet.
What problems is the product solving and how is that benefiting you?
In my role, Drata is primarly benefiting (as of now) my team in audit readiness and preparation. We are just kicking off our annual SOC 2 audit and the ease of use compared to our last tool really stands out.
Chad K.
Game-changer for compliance automation
Reviewed on Nov 07, 2024
Review provided by G2
What do you like best about the product?
Drata breaks down the compliance process, even making it easier to work towards multiple frameworks at once by helping to consolidate controls and deliverables into a neat and comprehensible format. Additionally, the automation tools available to help achieve compliance, such as various device and account monitoring, is invualuable to actually achieving the work required to meet controls. They offer clean integrations with a wide swath of common SaaS tools. One key benefit here for us has been their integration with Jira, which we use to both create tickets related to compliance, as well as read tickets in order to automate compliance into processes such as employee offboarding. Their team is very helpful as well, ensuring we're setup for success.
What do you dislike about the product?
Downsides are minimal. Custom fields could be useful though for assets such as personnel and hardware.
What problems is the product solving and how is that benefiting you?
Drata is solving compliance for us. Reaching our compliance goals as an SMB would be monumentally more difficult without the Drata platform and team to help us work towards our goals in a way in which they are clearly presented to us, and in a platform where we can document progress and evidence neatly.
Computer Software
Support Experience
Reviewed on Nov 06, 2024
Review provided by G2
What do you like best about the product?
The tracking of evidence and policy renewals
What do you dislike about the product?
The pricing is too expensive and each piece costs extra
What problems is the product solving and how is that benefiting you?
compliance timing