I am an end user of Drata. Most of the time I work with Drata for control mapping, uploading evidence, and sometimes risk management and the Policy Center, such as uploading policies. Those are mainly the features that I work with most of the time.I primarily do internal audit support with Drata. Drata has been really helpful in terms of centralizing audit evidence. During the traditional audit method, you would have to send evidence via emails. With Drata, everything is centralized, and once external auditors have access to the system, they are able to review everything within a centralized tool. They are also able to download the evidence in a package form and review it. Having to upload policies in one centralized system has been feasible and most effective. Drata has the feature of Policy Center where you are able to upload all the policies within the company and they can be published from there. They can also be acknowledged by employees and approved by policy owners.
We mainly use Drata as our GRC tool. Previously, we didn't have a GRC tool in-house. As a payment company, we must complete two annual audits: PCI for the payment card industry and SOC 2 Type 2, which most software companies also need. Without a GRC tool, we had separate contracts with each auditing firm, and they provided their tools for us to upload audit evidence. We had to produce the same evidence every year and manually upload it to these tools. If we changed auditors, we'd have to use new software each time, and our previous year's evidence stayed with the auditors. Now, with Data, we can store all our information in-house. Instead of auditors using their platforms, they come to Drata to access the evidence. Throughout the year, we upload and complete audit evidence in Drata, so during the audit period, auditors access what they need from the Drata platform. This means that when we change auditors, it doesn't matter who they are as long as they can access Drata.
I was working on a project that required using ROC tools and SOC 2 compliance. To address this, we integrated with the Drata tool to reduce vulnerabilities in the infrastructure and address other loopholes. Additionally, Drata seamlessly integrated with our cloud services, including SysTrack S3 and other key creation and GuardDuty services. Drata can identify loopholes and provide solutions for improved security. Drata secures the organisation's infrastructure, achieve SOC 2 compliance, and address HIPAA requirements. It can identify and close security loopholes proactively.
Drata is a powerful tool for automating compliance processes, effectively reducing audit preparation time and continuously monitoring security controls. It is highly valued for its ability to integrate seamlessly with existing tech stacks and manage security for remote teams, ensuring adherence to standards like SOC 2 and HIPAA. Drata enhances organizational efficiency, improves workflows, and supports real-time compliance monitoring, making compliance management less stressful and more...
I am an end user of Drata. Most of the time I work with Drata for control mapping, uploading evidence, and sometimes risk management and the Policy Center, such as uploading policies. Those are mainly the features that I work with most of the time.I primarily do internal audit support with Drata. Drata has been really helpful in terms of centralizing audit evidence. During the traditional audit method, you would have to send evidence via emails. With Drata, everything is centralized, and once external auditors have access to the system, they are able to review everything within a centralized tool. They are also able to download the evidence in a package form and review it. Having to upload policies in one centralized system has been feasible and most effective. Drata has the feature of Policy Center where you are able to upload all the policies within the company and they can be published from there. They can also be acknowledged by employees and approved by policy owners.
Our main use case for Drata is to provide a platform for us to manage our SOC 2 compliance.
I have been deploying all the services to Australia and USA. These are for customer compliance on HIPAA, ISO 27001, SOC 2, and similar standards.
We mainly use Drata as our GRC tool. Previously, we didn't have a GRC tool in-house. As a payment company, we must complete two annual audits: PCI for the payment card industry and SOC 2 Type 2, which most software companies also need. Without a GRC tool, we had separate contracts with each auditing firm, and they provided their tools for us to upload audit evidence. We had to produce the same evidence every year and manually upload it to these tools. If we changed auditors, we'd have to use new software each time, and our previous year's evidence stayed with the auditors. Now, with Data, we can store all our information in-house. Instead of auditors using their platforms, they come to Drata to access the evidence. Throughout the year, we upload and complete audit evidence in Drata, so during the audit period, auditors access what they need from the Drata platform. This means that when we change auditors, it doesn't matter who they are as long as they can access Drata.
I work with Drata on compliance and audit processes.
We use the solution to achieve both SOC 2 and ISO 27001 compliance.
I was working on a project that required using ROC tools and SOC 2 compliance. To address this, we integrated with the Drata tool to reduce vulnerabilities in the infrastructure and address other loopholes. Additionally, Drata seamlessly integrated with our cloud services, including SysTrack S3 and other key creation and GuardDuty services. Drata can identify loopholes and provide solutions for improved security. Drata secures the organisation's infrastructure, achieve SOC 2 compliance, and address HIPAA requirements. It can identify and close security loopholes proactively.