drata

JSON twin: https://www.healthaidb.com/software/drata.json

Company Name

Drata

Product URL

https://drata.com/product

Company URL

https://drata.com

Categories

Summary

Drata is a cloud-based security, risk and compliance automation platform that streamlines continuous control monitoring and evidence collection to help organizations achieve and maintain frameworks such as SOC 2, HIPAA, ISO 27001 and GDPR.

Description

Drata automates compliance workflows (policy management, risk assessments, vendor risk, training, evidence collection and audit-ready reporting) by integrating with an extensive tech stack for continuous control monitoring and auditor collaboration to accelerate certification and maintain ongoing compliance posture.

Api Available

yes

Certifications

Company Founding

2020

Company Offices

Compliance

Customers

Data Residency

US-based hosting (SaaS); region options and BYO integrations via API (contact vendor for region-specific hosting)

Data Standards

Deployment Model

Features

Id

P0491

Integration Partners

Integrations

Languages Supported

Last Updated

2025-09-07

License

proprietary (commercial)

Links

Market Segment

Optional Modules

Os Platforms

Pricing Details

Tiered platform bundles (Trust Management Platform and SafeBase offerings); public pricing not posted — contact vendor for quotes and trial/demo available via request.

Pricing Model

enterprise_quote

Privacy Features

Ratings

Regions Available

Release Year

2020

Security Features

Specialties

Support Channels

System Requirements

Target Users

Training Options

Type

product

User Reviews

Version

1.0

Canonical JSON

{
  "company_name": "Drata",
  "company_url": "https://drata.com",
  "company_offices": [
    "United States"
  ],
  "company_founding": "2020",
  "product_url": "https://drata.com/product",
  "categories": [
    "administrative",
    "governance",
    "risk management",
    "compliance",
    "security",
    "assurance"
  ],
  "market_segment": [
    "enterprise",
    "smb"
  ],
  "links": [
    "https://drata.com",
    "https://drata.com/product",
    "https://drata.com/compliance",
    "https://drata.com/platform/integrations",
    "https://drata.com/security",
    "https://trust.drata.com",
    "https://developers.drata.com/docs/",
    "https://www.g2.com/products/drata/reviews",
    "https://www.capterra.com/p/207322/Drata/",
    "https://www.linkedin.com/company/drata"
  ],
  "summary": "Drata is a cloud-based security, risk and compliance automation platform that streamlines continuous control monitoring and evidence collection to help organizations achieve and maintain frameworks such as SOC 2, HIPAA, ISO 27001 and GDPR.",
  "description": "Drata automates compliance workflows (policy management, risk assessments, vendor risk, training, evidence collection and audit-ready reporting) by integrating with an extensive tech stack for continuous control monitoring and auditor collaboration to accelerate certification and maintain ongoing compliance posture.",
  "target_users": [
    "security teams",
    "compliance/risk teams",
    "IT administrators",
    "DevOps/engineers",
    "executives/C-suite",
    "internal/external auditors",
    "legal/privacy teams",
    "vendor risk managers"
  ],
  "specialties": [
    "GRC (governance, risk, compliance)",
    "HIPAA compliance",
    "SOC 2",
    "ISO 27001",
    "GDPR",
    "PCI DSS",
    "vendor risk management",
    "audit readiness"
  ],
  "regions_available": [
    "United States",
    "Canada",
    "United Kingdom",
    "European Union",
    "Australia"
  ],
  "languages_supported": [
    "English"
  ],
  "pricing_model": "enterprise_quote",
  "pricing_details": "Tiered platform bundles (Trust Management Platform and SafeBase offerings); public pricing not posted — contact vendor for quotes and trial/demo available via request.",
  "license": "proprietary (commercial)",
  "deployment_model": [
    "SaaS"
  ],
  "os_platforms": [
    "Web"
  ],
  "features": [
    "Continuous control monitoring",
    "Automated evidence collection",
    "Control mapping across frameworks",
    "Audit Hub (audit automation and evidence sharing)",
    "Risk management and issue tracking",
    "User access reviews",
    "Pre-built compliance playbooks/policies",
    "Automations and templates for common tasks",
    "Compliance reporting and dashboards",
    "Trust Center for selective evidence sharing",
    "Compliance as Code (enforceable control automation)",
    "AI Questionnaire Assistance (AIQA) for questionnaire responses"
  ],
  "optional_modules": [
    "Audit Hub",
    "Trust Center",
    "Compliance as Code",
    "AI Questionnaire Assistance (AIQA)",
    "Enterprise risk management add-ons",
    "Advanced reporting / custom frameworks"
  ],
  "integrations": [
    "Okta",
    "Azure AD",
    "Google Cloud (GCP)",
    "Amazon Web Services (AWS)",
    "GitHub",
    "Jira",
    "Slack",
    "MDM systems (e.g., Jamf, Intune)",
    "Security training platforms (e.g., KnowBe4)",
    "Background check providers",
    "Tines",
    "Torq",
    "Tray.io"
  ],
  "data_standards": [],
  "api_available": "yes",
  "system_requirements": "",
  "compliance": [
    "SOC 2",
    "HIPAA",
    "ISO 27001",
    "GDPR",
    "HITRUST",
    "PCI DSS",
    "FedRAMP",
    "NIST CSF / NIST SP 800-53",
    "CCPA",
    "CMMC",
    "DORA",
    "NIS 2"
  ],
  "certifications": [
    "SOC 2 Type II",
    "ISO 27001"
  ],
  "security_features": [
    "Encryption in transit and at rest",
    "Role-based access control (RBAC)",
    "SSO / SAML",
    "Audit logs / event tracking",
    "API key scoping and revocation",
    "Multi-factor authentication (2FA)"
  ],
  "privacy_features": [
    "Business Associate Agreement (BAA) available",
    "Privacy policy and data handling practices",
    "Consent / data access controls",
    "Data minimization and retention controls"
  ],
  "data_residency": "US-based hosting (SaaS); region options and BYO integrations via API (contact vendor for region-specific hosting)",
  "customers": [
    "Lemonade",
    "Clair",
    "HeadsUp",
    "Rebrandly",
    "Gather Voices",
    "Class",
    "Voxel",
    "QA Wolf",
    "Crunchy Data"
  ],
  "user_reviews": [
    "We ultimately chose Drata because we felt like they offer greater depth in their integrations, and we felt that in our POC they presented data more accurately.",
    "Drata was terrible. The tool is fine but the customer success rep was trash.",
    "Drata is much nicer, more comprehensive with their monitoring of controls, and are also releasing an auditor portal soon so additional evidence sharing is easier.",
    "Very easy and intuitive to use, it saves a lot of intensive manual work, and the support is very responsive and fast."
  ],
  "ratings": [
    "G2: 4.8/5 (1000+ reviews)",
    "Capterra: 4.8/5 (multiple reviews listed on vendor pages)"
  ],
  "support_channels": [
    "email",
    "chat",
    "ticketing",
    "community"
  ],
  "training_options": [
    "documentation",
    "webinars",
    "live_online"
  ],
  "release_year": "2020",
  "integration_partners": [
    "Okta",
    "OneLogin",
    "Ping Identity",
    "Google Workspace",
    "Microsoft Azure / Azure AD",
    "AWS",
    "GCP",
    "GitHub",
    "Jira",
    "Slack",
    "Stripe",
    "LastPass",
    "1Password",
    "CrowdStrike",
    "Cloudflare",
    "Zendesk"
  ],
  "id": "P0491",
  "slug": "drata",
  "type": "product",
  "version": "1.0",
  "last_updated": "2025-09-07",
  "links_json": {
    "self": "https://www.healthaidb.com/software/drata.json"
  }
}