drata.com
Open in
urlscan Pro
2606:4700:4400::ac40:9208
Public Scan
Submitted URL: http://drata.com/
Effective URL: https://drata.com/
Submission: On January 17 via manual from IN — Scanned from DE
Effective URL: https://drata.com/
Submission: On January 17 via manual from IN — Scanned from DE
Form analysis 1 forms found in the DOM
POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/7817592/784ace22-701b-4bbb-860e-009bcbd658e3
<form id="hsForm_784ace22-701b-4bbb-860e-009bcbd658e3" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/7817592/784ace22-701b-4bbb-860e-009bcbd658e3"
class="hs-form-private hsForm_784ace22-701b-4bbb-860e-009bcbd658e3 hs-form-784ace22-701b-4bbb-860e-009bcbd658e3 hs-form-784ace22-701b-4bbb-860e-009bcbd658e3_75a0d4c7-4366-4cd5-9b0a-0fbd6cb535e4 hs-form stacked"
target="target_iframe_784ace22-701b-4bbb-860e-009bcbd658e3" data-instance-id="75a0d4c7-4366-4cd5-9b0a-0fbd6cb535e4" data-form-id="784ace22-701b-4bbb-860e-009bcbd658e3" data-portal-id="7817592"
data-test-id="hsForm_784ace22-701b-4bbb-860e-009bcbd658e3">
<fieldset class="form-columns-2">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-784ace22-701b-4bbb-860e-009bcbd658e3" class="" placeholder="Enter your " for="email-784ace22-701b-4bbb-860e-009bcbd658e3"><span></span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-784ace22-701b-4bbb-860e-009bcbd658e3" name="email" required="" placeholder="Work Email*" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
<div class="hs_firstname hs-firstname hs-fieldtype-text field hs-form-field"><label id="label-firstname-784ace22-701b-4bbb-860e-009bcbd658e3" class="" placeholder="Enter your "
for="firstname-784ace22-701b-4bbb-860e-009bcbd658e3"><span></span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="firstname-784ace22-701b-4bbb-860e-009bcbd658e3" name="firstname" required="" placeholder="First Name*" type="text" class="hs-input" inputmode="text" autocomplete="given-name" value=""></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_utm_campaign hs-utm_campaign hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_campaign-784ace22-701b-4bbb-860e-009bcbd658e3" class="" placeholder="Enter your utm_campaign"
for="utm_campaign-784ace22-701b-4bbb-860e-009bcbd658e3"><span>utm_campaign</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_campaign" class="hs-input" type="hidden" value="not-provided"></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_utm_content hs-utm_content hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_content-784ace22-701b-4bbb-860e-009bcbd658e3" class="" placeholder="Enter your utm_content"
for="utm_content-784ace22-701b-4bbb-860e-009bcbd658e3"><span>utm_content</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_content" class="hs-input" type="hidden" value="not-provided"></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_utm_medium hs-utm_medium hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_medium-784ace22-701b-4bbb-860e-009bcbd658e3" class="" placeholder="Enter your utm_medium"
for="utm_medium-784ace22-701b-4bbb-860e-009bcbd658e3"><span>utm_medium</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_medium" class="hs-input" type="hidden" value="direct"></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_utm_source hs-utm_source hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_source-784ace22-701b-4bbb-860e-009bcbd658e3" class="" placeholder="Enter your utm_source"
for="utm_source-784ace22-701b-4bbb-860e-009bcbd658e3"><span>utm_source</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_source" class="hs-input" type="hidden" value="drata.com"></div>
</div>
</fieldset>
<fieldset class="form-columns-1">
<div class="hs_utm_term hs-utm_term hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-utm_term-784ace22-701b-4bbb-860e-009bcbd658e3" class="" placeholder="Enter your utm_term"
for="utm_term-784ace22-701b-4bbb-860e-009bcbd658e3"><span>utm_term</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="utm_term" class="hs-input" type="hidden" value="not-provided"></div>
</div>
</fieldset>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="Submit" style="display: none;"><button
class="MuiButtonBase-root MuiButton-root MuiButton-ctaModule MuiButton-ctaModulePrimary MuiButton-sizeMedium MuiButton-ctaModuleSizeMedium MuiButton-disableElevation MuiButton-root MuiButton-ctaModule MuiButton-ctaModulePrimary MuiButton-sizeMedium MuiButton-ctaModuleSizeMedium MuiButton-disableElevation css-sk1vty-MuiButtonBase-root-MuiButton-root-Form-darkSubmitButton"
tabindex="0" type="submit">Submit<span class="MuiButton-endIcon MuiButton-iconSizeMedium css-1gnd1fd-MuiButton-endIcon"><svg class="MuiSvgIcon-root MuiSvgIcon-fontSizeMedium css-1lk2mbg-MuiSvgIcon-root-Form-styledChevronIcon"
focusable="false" aria-hidden="true" viewBox="0 0 38 58" width="38" height="58" fill="none">
<g clip-path="url(#clip0_58_2509)">
<path d="M2.80249 51.185L24.5575 29L2.80249 6.815L9.49999 -2.92757e-07L38 29L9.49999 58L2.80249 51.185Z" fill="inherit"></path>
</g>
<defs>
<clipPath id="clip0_58_2509">
<rect width="58" height="38" fill="white" transform="translate(0 58) rotate(-90)"></rect>
</clipPath>
</defs>
</svg></span></button></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1705452050920","formDefinitionUpdatedAt":"1699000944640","lang":"en","embedType":"REGULAR","disableCookieSubmission":"true","notifyHubSpotOwner":"true","renderRawHtml":"true","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36","pageTitle":"Automated SOC 2, HIPAA, GDPR, Risk Management, & More | Drata","pageUrl":"https://drata.com/","isHubSpotCmsGeneratedPage":false,"formTarget":"#reactHubspotForm0","rumScriptExecuteTime":1654.3000001907349,"rumTotalRequestTime":1890.8000001907349,"rumTotalRenderTime":1943.3000001907349,"rumServiceResponseTime":236.5,"rumFormRenderTime":52.5,"connectionType":"4g","firstContentfulPaint":0,"largestContentfulPaint":0,"locale":"en","timestamp":1705452051073,"originalEmbedContext":{"portalId":"7817592","formId":"784ace22-701b-4bbb-860e-009bcbd658e3","region":"na1","target":"#reactHubspotForm0","isBuilder":false,"isTestPage":false,"isPreview":false,"inlineMessage":"","isMobileResponsive":true},"correlationId":"75a0d4c7-4366-4cd5-9b0a-0fbd6cb535e4","renderedFieldsIds":["email","firstname","utm_campaign","utm_content","utm_medium","utm_source","utm_term"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.4517","sourceName":"forms-embed","sourceVersion":"1.4517","sourceVersionMajor":"1","sourceVersionMinor":"4517","allPageIds":{},"_debug_embedLogLines":[{"clientTimestamp":1705452051017,"level":"INFO","message":"Retrieved customer callbacks used on embed context: [\"onFormSubmit\",\"onFormSubmitted\"]"},{"clientTimestamp":1705452051017,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"Automated SOC 2, HIPAA, GDPR, Risk Management, & More | Drata\",\"pageUrl\":\"https://drata.com/\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36\",\"isHubSpotCmsGeneratedPage\":false}"},{"clientTimestamp":1705452051018,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"DE\""}]}"><iframe
name="target_iframe_784ace22-701b-4bbb-860e-009bcbd658e3" style="display: none;"></iframe>
</form>Text Content
Gain critical insights into third-party risk management. Learn More
Contact Sales
* Solutions
* Platform
* Startup
* Scale
* Audit Hub
* Trust Center
* Risk Management
* Third-Party Risk
* User Access Reviews
* Open API
* Integrations
* Frameworks
* SOC 2
* ISO 27001
* HIPAA
* GDPR
* NIST AI Risk Management
* Custom Frameworks
* All Frameworks
SOC 2 Compliance: A Beginner's Guide
Access the Guide
* Resources
* Resources
* Blog
* Events
* Webinars
* Reports
* Compliance Glossary
* Community
* API Documentation
* Featured
* Cloud Service Provider's Guide to FedRAMP
* Navigating Fintech Risk and Compliance
* A Start-to-Finish Guide on SOC 2 Compliance
* A Complete Guide to Cybersecurity Risk Management
Know who you’re working with. Join the launch of Drata’s third party risk
management.
Watch On-Demand
* Auditors
* Customers
* Company
* Company
* Careers
* Auditors
* Partners
* Press
* Security
* Contact Us
Drata Named One of the Best Workplaces in Technology
Read More
* Sign In
* Get Started
* Sign In
* Get Started
SOC 2
ISO 27001
HIPAA
PCI DSS
GDPR
Drata named compliance automation leader on G2
Leader 2023
TRUST, AUTOMATED.
Drata automates your compliance journey from start to audit-ready and beyond and
provides support from the security and compliance experts who built it.
Get Started
Drata also worked to understand our audit needs and matched us with an auditor
who has been terrific. Drata is a luxury limousine for your compliance journey.
Joshua Peskay
vCIO
View All Customer Stories
Drata helped us to seamlessly transition into a fully integrated compliance
program and was essential to our SOC 2.
Diana Cohen
Head of Legal & Compliance
View All Customer Stories
The promise of automation has long been discussed in the compliance world, but
never truly realized. Drata has turned that into reality.
Jonathan Jaffe
CISO
Read Customer Story
Drata was an instantaneous value add for us as a scaling company. Their product
combined with their personal touch allow us to expand our compliance
capabilities faster than we could have without it!
Patti Degnan
Head of Security Governance, Risk, and Compliance
View All Customer Stories
When we saw Drata, we knew this was a platform we were going with. Their support
is incredible, and the speed at which they're releasing new products and
features is unmatched.
Michel Hjazeen
Senior IT Audit & Frameworks Engineer
View All Customer Stories
The quality and philosophy of support at Drata are unparalleled. Drata is superb
in usability, design and integrations.
David Caughill
DevOps Engineer
View All Customer Stories
Having centralized and detailed visibility of all our personnel, assets, and
being able to see what compliance requirements need our attention has
streamlined the entire process.
Lola Kureno
Cyber Security Engineer
View All Customer Stories
The promise of automation has long been discussed in the compliance world, but
never truly realized. Drata has turned that into reality.
Jonathan Jaffe
CISO
Read Customer Story
Drata was an instantaneous value add for us as a scaling company. Their product
combined with their personal touch allow us to expand our compliance
capabilities faster than we could have without it!
Patti Degnan
Head of Security Governance, Risk, and Compliance
View All Customer Stories
When we saw Drata, we knew this was a platform we were going with. Their support
is incredible, and the speed at which they're releasing new products and
features is unmatched.
Michel Hjazeen
Senior IT Audit & Frameworks Engineer
View All Customer Stories
The quality and philosophy of support at Drata are unparalleled. Drata is superb
in usability, design and integrations.
David Caughill
DevOps Engineer
View All Customer Stories
Having centralized and detailed visibility of all our personnel, assets, and
being able to see what compliance requirements need our attention has
streamlined the entire process.
Lola Kureno
Cyber Security Engineer
View All Customer Stories
Drata also worked to understand our audit needs and matched us with an auditor
who has been terrific. Drata is a luxury limousine for your compliance journey.
Joshua Peskay
vCIO
View All Customer Stories
Drata helped us to seamlessly transition into a fully integrated compliance
program and was essential to our SOC 2.
Diana Cohen
Head of Legal & Compliance
View All Customer Stories
Read More Customer Stories
COMPLIANCE AT EVERY STAGE
Getting started, looking to scale GRC, or want to enhance your security
compliance program? Drata meets you where you are in your journey.
STARTUP
New to compliance: Need to be SOC 2 or ISO 27001 compliant yesterday and don't
know where to start?
Learn More
SCALE
Scaling up a risk and compliance program and need a solution that grows with
you?
Learn More
ENHANCE
Have an existing GRC program and want to power it with automation and
streamlined workflows?
Learn More
JOIN THE THOUSANDS OF COMPANIES THAT TRUST DRATA
See All Case Studies
SECURITY WITHOUT COMPROMISE
Don’t choose between automation and configurability. See how Drata enables both
for complete control over your GRC journey.
1. Integrate with Any System
With 120+ native integrations, you can connect your HRIS, SSO, cloud provider,
and countless other systems to Drata—opening endless possibilities for evidence
collection and control monitoring.
Want to validate a specific control or connect to a different tool? Use our Open
API to build deep, custom integrations with any system.
2. Automate Evidence Collection
All the evidence. None of the manual work. With deeper integrations than any
other compliance platform, you can gather more evidence without taking
screenshots or managing spreadsheets.
3. Build Compliance Your Way
Compliance looks different for every company. That’s why Drata offers complete
configurability.
Start with one of our 17+ pre-built frameworks or create your own from a library
of 500+ controls. You can even create custom controls to fit your exact business
needs.
Then, use pre-built tests or create your own with new logic, including custom
pass/fail thresholds and frequency, to automate and customize your control
monitoring.
And finally, you can set up separate compliance workspaces for each business
unit.
4. Control the Process
With all your evidence, controls, and documents in one place, you can manage
every step of the process.
Continuous monitoring provides full visibility into your compliance status so
you can stay on top of risks and action items. Quickly create tasks and manage
tickets to ensure key compliance work doesn’t fall through the cracks.
And with role-based access, you can protect sensitive data and streamline work.
PUT SECURITY & COMPLIANCE ON AUTOPILOT®
Close more sales and build trust faster while eliminating hundreds of hours of
manual work to maintain compliance.
Get Started
ENJOY AUTOMATION WITHOUT SACRIFICING CUSTOMIZATION
18+ frameworks, designed to help you achieve and maintain compliance faster.
NIST AI RMF *NEW
Safely navigate the implementation and usage of artificial intelligence with
this risk management framework.
SOC 2
SOC 2 defines criteria for managing data based on: security, availability,
processing integrity, confidentiality, and privacy.
ISO 27001
ISO 27001 is an information security management system (ISMS) that helps keep
consumer data safe.
HIPAA
HIPAA is a law requiring organizations that handle protected health information
(PHI) to keep it protected and secure.
GDPR
GDPR is a regulation in EU law on data protection and privacy in the European
Union and the European Economic Area.
PCI DSS
PCI DSS is a set of controls to make sure companies that handle credit card
information maintain a secure environment.
CYBER ESSENTIALS
Cyber Essentials helps companies guard against the most common cyber threats and
demonstrate commitment to cyber security.
CCPA
CCPA gives consumers control over the personal information that businesses
collect and guidance on how to implement the law.
CMMC
CMMC is a unified standard for implementing cybersecurity across the defense
industrial base (DIB).
MICROSOFT SSPA
SSPA sets privacy and security requirements for Microsoft suppliers and drives
compliance to these requirements.
NIST CSF
National Institute of Standards and Technology’s framework for Improving
Critical Infrastructure Cybersecurity (CSF).
NIST SP 800-53
NIST SP 800-53 is a catalog of controls for all U.S. federal information systems
except those related to national security.
NIST SP 800-171
NIST SP 800-171 recommends requirements for protecting the confidentiality of
controlled unclassified information (CUI).
ISO 27701
ISO 27701 specifies requirements for establishing and continually improving a
privacy information management system.
FFIEC
The FFIEC provides a set of technology standards for online banking that
financial institutions must follow.
CCM
The Cloud Controls Matrix by Cloud Security Alliance (CSA) is a cybersecurity
control framework for cloud computing.
ISO 27017
ISO 27017 contains controls specifically in the area of cloud security.
ISO 27018
ISO 27018 contains controls directed at cloud providers that process personal
data.
CUSTOM FRAMEWORKS
Tailor Drata to your unique business needs with easy to build custom frameworks
and custom controls.
120+ INTEGRATIONS TO POWER DEEP AUTOMATION
150K+
ASSETS TRACKED
7.3M
CONTROLS TESTED
500K+
DRATA USERS
View All
THE HIGHEST-RATED CLOUD COMPLIANCE PLATFORM
G2 OVERALL LEADER
Drata maintained its Leader status in multiple Grid Reports such as Cloud
Compliance and Security Compliance, and was ranked the overall Momentum Leader
for Vendor Security and Privacy Assessment. We're also a Leader in the same
categories for the Americas, Asia, and EMEA.
Leader Winter 2024
Golden Kitty 2021
Fortune
Insider
LinkedIn Top Startups 2023
Enterprise Tech 30
THE OPEN COMPLIANCE REVOLUTION
The compliance journey started with screenshots. Now, Drata is ushering in a new
era of trust, automation, and openness. We’ve put the power in our customers'
and partners' hands, and we'll be alongside you every step of the way.
Learn More
THE LATEST RESOURCES
Blog
HOW TO PERFORM USER ACCESS REVIEWS
A user access review is a process that involves regularly reviewing access
rights for a company’s employees and third-party vendors.
Cybersecurity
Learn More
Blog
BEGINNER’S GUIDE TO THIRD-PARTY RISK MANAGEMENT
Third-party risk management helps bring your external risks under control and
lets you address security, financial, legal, and compliance risks.
Risk Management
Learn More
Blog
WHAT IS A SOC 2 BRIDGE LETTER? [+ TEMPLATE]
A bridge letter is a document that covers the gap between your last SOC 2 report
and your customer’s calendar or fiscal year-end.
SOC 2
Learn More
AUTOMATE YOUR JOURNEY
Drata's platform experience is designed by security and compliance experts so
you don't have to be one.
CONNECT
EASILY INTEGRATE YOUR TECH STACK WITH DRATA.
CONFIGURE
PRE-MAP AUDITOR VALIDATED CONTROLS.
COMPLY
BEGIN AUTOMATING EVIDENCE COLLECTION.
PUT SECURITY & COMPLIANCE ON AUTOPILOT®
Close more sales and build trust faster while eliminating hundreds of hours of
manual work to maintain compliance.
Get Started
Drata is a security and compliance automation platform that continuously
monitors and collects evidence of a company’s security controls, while
streamlining workflows to ensure audit-readiness.
Solutions
StartupScaleEnhanceDrata PlatformIntegrations
Frameworks
SOC 2ISO 27001HIPAAGDPRNIST AI Risk ManagementCustom FrameworksAll Frameworks
Resources
BlogEventsWebinarsReportsCompliance GlossaryCommunityAPI Documentation
Company
Careers
HIRING
CustomersAuditorsPartnersPressContact UsLegal
Trust
Security and ComplianceTrust CenterSystem Status
BECOME A TRUSTED NEWSLETTER INSIDER
The latest security and compliance news, delivered.
utm_campaign
utm_content
utm_medium
utm_source
utm_term
Submit
--------------------------------------------------------------------------------
© 2023 Drata Inc. All rights reserved.
Cookie PreferencesPrivacy NoticeLegal