R
ReviewerVerified
1 month ago
We expected Drata to streamline our ISO 27001 audit but a couple of key integrations kept dropping their connection, which meant evidence gaps right before the deadline. Support eventually helped, but the back-and-forth cost us a stressful week. The concept is good; the reliability let us down at the worst time.
Good concept and framework coverage
Unreliable integrations during a critical period
Drata keeps our security compliance continuously monitored and the test library covers our frameworks well. The evidence collection runs in the background so we barely think about it between audits. It does occasionally flag a control as failing when it has actually been remediated, which means some manual double-checking.
Hands-off continuous monitoring
Occasional false control failures
Drata's automated continuous monitoring connected to our entire stack within a day and immediately surfaced the controls we were missing. The auditor we worked with already knew the platform, so the whole assessment was painless. Easily the smoothest compliance experience our team has had.
Fast setup and auditor-friendly
After trialling several platforms, Drata won on the depth of its automated tests and how cleanly it maps evidence to each control. Continuous monitoring gives our leadership real confidence between formal audits. The onboarding specialist was knowledgeable and we were audit-ready weeks ahead of schedule.
Deep automated testing and great onboarding
The platform itself is fine, but Drata's sales and contract handling soured the relationship completely. We were held to a multi-year commitment despite our needs changing, and downgrade requests went nowhere. For a compliance company, the inflexible contracting feels at odds with the trust they preach.
Inflexible multi-year contract, no downgrade path