Drata is a security and compliance automation platform that continuously monitors and collects evidence of a company’s security controls while streamlining compliance workflows end-to-end to ensure audit readiness. It helps thousands of companies streamline their compliance efforts through continuous, automated control monitoring and evidence collection.
This results in lower costs and time spent preparing for annual audits, and a better overall security posture.
Drata’s supported frameworks include SOC 2, ISO 27001, HIPAA, GDPR, PCI DSS, CCPA, CCMC, ISO 27701, Microsoft SSPA, NIST 800-53, NIST CSF, FFIEC, and NIST 800-171.
Founded in 2020 by Adam Markowitz, Daniel Marashlian, and Troy Markowitz, the San Diego-based company helps companies streamline their SOC 2. This is a voluntary compliance standard developed by the American Institute of CPAs, which specifies how organizations should manage customer data. It also has over ten other compliance frameworks, regulations and standards through continuous, automated control monitoring and evidence collection, resulting in lower costs and time spent preparing for annual audits.
The company is backed by ICONIQ Growth, GGV Capital, SVCI (Silicon Valley CISO Investments), Okta Ventures, Salesforce Ventures, Cowboy Ventures, Leaders Fund, SV Angel, and many key industry leaders.
What are the features of Drata?
Customer data is a precious and now highly regulated corporate asset. As a result, companies need regular security audits to make sure they are properly protecting their clients’ private information, complying with federal regulations, and avoiding liability and costly fines.
Drata’s features are divided into different components, which are:
Administration
Policy Enforcement | Allows administrators to set policies for security and data governance. | ||
Auditing | Analyzes data associated with web traffic and site performance to provide vulnerability insights and best practices. | ||
Workflow Management | Creates new or streamlines existing workflows to better handle IT support tickets and services. |
Asset Inventory
Hardware Asset Inventory | Create an inventory of a company’s hardware assets. | ||
Software Asset Inventory | Create an inventory of a company’s software assets. | ||
Cloud Asset Inventory | Create an inventory of a company’s cloud assets. | ||
Mobile Asset Inventory | Create an inventory of a company’s mobile assets. |
Compliance
Governance | Allows users to create, edit, and relinquish user access privileges. | ||
Data Governance | Ensures user access management, data lineage, and data encryption. This feature was mentioned in 101 Drata reviews. | ||
Sensitive Data Compliance | Supports compliance with PII, GDPR, HIPPA, PCI, and other regulatory standards. |
Functionality
Questionnaire Templates | Offers standardized security and privacy framework questionnaire templates | ||
User Access Control | Offers role-based access controls to allow only users with permission to utilize various parts of the software. |
Generative AI
Allows users to generate text based on a text prompt.
Management
Central Dashboard | Provide immediate insights, information, and updates on IT assets from a central dashboard. | ||
Asset Policy Management | Design and implement custom or pre-built policies for asset management, onboarding, and maintenance. | ||
Risk Management | Implement risk management policies, and push policy updates to various assets across a business network. | ||
Integrations | Integrate with other software solutions, such as spend management and software asset management. |
Risk assessment
Risk Scoring | Offers built-in or automated vendor risk scoring | ||
Monitoring And Alerts | Monitors change in risk and sends notifications, alerts, and reminders for specific actions including upcoming assessments, profile access requests, etc |
Security
Compliance Monitoring | Monitors data quality and sends alerts based on violations or misuse. | ||
Anomaly Detection | Constantly monitors activity related to user behavior and compares activity to benchmarked patterns. | ||
Cloud Gap Analytics | Analyzes data associated with denied entries and policy enforcement, giving information of better authentication and security protocols. |
What does the Drata agent collect?
The agent will pick up your password manager, automatic updates, antivirus software, hard disk encryption and screen saver lock.
Does Drata take screenshots?
Drata helps users automate evidence collection. Rather than manually taking screenshots, Drata can help pull data from various sources and set up checklists for pending tasks.
Drata Pricing Overview
Drata’s pricings are custom to each user, which means you have to contact their website to get the best pricing for you based on your needs. The average starting price, however, is $10,000 per year.
This is everything your company needs to get and stay audit-ready, which includes:
- Unlimited Admins
- Unlimited Integrations (75+ to choose from)
- Dynamic Policy Builder
- Vendor Management
- Risk Assessment
- Drata Control Library
- Personnel Onboarding
- Asset Management
- Automated Control Monitoring
- Automated Evidence Collection
- Embedded Security Training
- Dedicated Customer Success Manager
- Special Auditor View
- Support and Counsel From Seasoned Compliance Experts
- 20+ InfoSec Policy Templates
- Embedded HIPAA Security Training (If using HIPAA)
Drata’s Competitors
Rencore Governance
Rencore Governance provides maximum flexibility and efficiency in a company’s governance approach to Microsoft 365, Microsoft Teams, SharePoint, OneDrive, Azure AD, Exchange, Viva Engage, Loop and Power Platform. It also monitors end-user activity, discovers deviations from governance plans, and automates fixing.
Rencore Governance automates Microsoft 365 Governance for mid-market and large enterprises in all industries around the globe.
Features:
- Email/Help Desk
- FAQs/Forum
- Knowledge Base
- Chat
- 24/7 (Live rep)
- Phone Support
- Cloud, SaaS, Web-based
- Live Online
- Documentation
- Videos
- In Person
- Webinars
TalentCards
TalentCards is an eLearning authoring tool that puts training in people’s hands, no matter where they are in the world. Unlike traditional LMSs and training software, TalentCards is built for mobile, frontline, and deskless employees — people whose jobs keep them on the move.
With TalentCards, you can build powerful eLearning courses online and deliver them to your team’s smartphones. You can also deliver training on safety, compliance, sales, product knowledge, soft skills, and more, without interrupting the workday.
TalentCards is a perfect fit for companies with deskless and mobile employees who need training that’s easy to access, quick to complete, and makes a lasting impact.
Features:
- Cloud, SaaS, Web-based
- Email/Help Desk
- Documentation
- Videos
- Knowledge Base
- Chat
BIC GRC
BIC GRC offers a professional, sustainable, cost-effective solution to digitalize your GRC processes. Depending on your business model, you can choose from a pre-built solution that you can quickly implement out of the box or a BIC Custom GRC solution tailored to your unique needs.
The use cases in BIC cover the entire GRC spectrum including the fields of risk management, internal control system, information security, business continuity management, audit management, data protection, etc.
BIC GRC is the ideal solution for all organizations – from midsize companies to international corporations of all industries – looking for a software solution in English or German.
Bettermode
Bettermode helps businesses build a dynamic and centralized knowledge base by leveraging crowd wisdom and the collaborative power of the employees. With it, you can create content with rich text, images, and videos, and enable customers to react, share feedback, and engage in conversations.
Bettermode lets your customers filter through your knowledge base and find the right content with granular filters. You can also organize your content in public or private spaces, and collect insights from customers’ candid conversations.
It is perfect for software companies, consumer product and services companies, e-commerce stores, online training and education companies.
Features:
- FAQs/Forum
- Phone Support
- Email/Help Desk
- Cloud, SaaS, Web-based
- Chat
- Live Online
- Documentation
- Videos
- In Person
- Webinars
- Knowledge Base
GoAudits
This is a smart mobile app and a complete solution for auditing & inspections. With it, you can plan and schedule inspections, and conduct fast mobile audits on your favorite device, even when offline. You can also immediately assign corrective tasks.
Also, after an inspection, you can instantly generate insightful reports and automatically email them to the right people for real-time information. With its advanced analytics dashboard, GoAudits helps you gain unprecedented insights into your operations and maximize your ROI. It is a simple and affordable solution for professionals.
GoAudits is essential for businesses that need to ensure consistent standards across different processes, locations, or teams. This includes quality, safety, hygiene, brand standards, standard operating procedures, management reviews, etc.
Award Force
Award Force is an award-winning software for leading non-profit programs to manage not-for-profit submissions, and online evaluations or assessments. Designed for performance and function, it is fast, secure, and a great experience for submitters, evaluators, and managers.
Award Force lets users easily manage the submission process and assessment of submissions with world-class assessment and selection tools.
Companies that use Award Force are blue-chip brands, government departments, industry associations, events managers, and corporate organizations that manage contest/awards programmes.
Features:
- Live Online
- Documentation
- Videos
- Webinars
- Knowledge Base
- Cloud, SaaS, Web-based
- Chat
- Email/Help Desk
- Phone Support
- FAQs/Forum
vRx
vRx is a consolidated cloud-based vulnerability management platform that efficiently reduce your organizational cyber risk. It also lets you remotely & automatically mitigate threats in your digital environment.
Companies that use vRx include Cross-Vertical Cloud-native Enterprises and SMEs Target Industries. This also includes tech companies, finance & banking, healthcare, education, governmental, energy and manufacturing.
Wellable
Wellable operates next-generation wellness challenges and health content technology platforms and complements these solutions with on-site services, such as fitness classes, seminars, health coaching, and more. The technology’s flexibility allows organizations to customize and configure a program to meet their needs and objectives while providing a rich experience for end-users.
Wellable works with employers and health plans of all sizes across the world.
Features:
- FAQs/Forum
- Cloud, SaaS, Web-based
- Email/Help Desk
- Phone Support
- 24/7 (Live rep)
- Live Online
- Documentation
- Videos
- In Person
- Webinars
- Knowledge Base
- Chat
Informer
Informer is a robust, embeddable data discovery and analytics platform that simplifies the process of accessing, cleansing, blending, and analyzing data. With it, you can explore, visualize and analyze relevant data on the fly.
You can also securely publish reports and collaborate with colleagues, as well as generate dashboards that consolidate critical performance metrics.
With Informer’s extensible BI architecture, intuitive interface, collaborative environment, and enterprise-level performance, businesses are minutes away from actionable insights and data-driven decisions.
Submittable
Submittable powers you with tools to launch, manage, measure, and grow your social impact programs, locally and globally. From employee giving, volunteering, and corporate social responsibility programs to grants, awards and scholarships, the start-to-finish platform makes your workflow smarter and more efficient, leading to better decisions and bigger impact.
The platform is suitable for corporations, government, foundations, non-profits, and organizations of any size, anywhere in the world.
Recommended Articles
- WHAT IS ANALOG COMPUTING: All You Need to Know
- BOTTLENECKING PC: What It Is, How to Prevent or Fix It
- 10 Best Youtube Alternatives For You In 2023
- Best Real Estate Apps In 2023
- HOW TO RECORD AUDIO ON GOOGLE SLIDES: Step-By-Step Guide
- Why Won’t My Computer Connect to WI-FI? Problems & 10 Quick Fixes