Trusted, the Drata Blog

Your hub for the latest security and compliance resources, updates, and expert insights. A simplified journey to compliance starts here.

Momentum Blog Thumb

Reflecting on FY24: Resilient Growth and Leadership in Compliance Automation

With intensifying demand for compliance regulations and a constantly changing business environment, there’s never been a greater need for Drata’s continuous compliance automation capabilities.

Most Recent
Biden's executive order on AI

What the Biden Administration’s New Executive Order on AI Will Mean for Cybersecurity

Launch Alliance Program Allbound Banner

Introducing our New Partner Program: Launch—The Drata Alliance Program

New Year New Capabilities

New Year, Already New Capabilities


ISO 27001 checklist hero

ISO 27001 Checklist: 8 Easy Steps to Get Started

CCM 101 - Thumbnail

CCM 101: Introducing the Cloud Control Matrix

Illustraction depicting a GDPR compliance checklist

GDPR Compliance Checklist: How to Become Compliant

Cost of Not Being Compliant with Frameworks

The Cost of Non-Compliance

Risk Management

Drataverse Digital Risk and Reward

Control Meets Confidence at Drataverse Digital: Risk and Reward

6 Types of Risk Assessment Methodologies + How to Choose

6 Types of Risk Assessment Methodologies + How to Choose


Beginner’s Guide to Third-Party Risk Management


Penetration Testing vs. Vulnerability Scanning: What’s the Difference?


Demand for Cybersecurity Talent

Demand for Cybersecurity Analysts Is Growing Twice as Fast as the Workforce

Illustration of a scale showing different levels of risk and a clipboard.

Risk Register: How to Build One + Examples

CE Checklist Thumb

Cyber Essentials Checklist

Penetration testing hero

Penetration Testing: Why It’s Important + Common Types

News and Events

Can’t-Miss Booths at AWS re Invent

7 Booths to Visit at AWS re:Invent for Secure Clouds, Code, and Compliance

AWS re invent - Everything You Need to Know

Going to AWS re:Invent 2023? Here’s Everything You Need to Know

Drata at AWS re:Invent

Empowering Security and Compliance Automation in the Cloud at AWS re:Invent 2023

G2 Fall Reports Thumb

Drata Shines in G2 Fall Reports

Product Updates

ICYMI Drataverse Digital Header

Drata Launches Control Readiness Approval

ICYMI Drataverse Digital Header

Streamlining Security and Compliance with Drata's New Role-Based Access Control

ICYMI Drataverse Digital Header

Drata's Evidence Library: Revolutionizing Evidence Collection and Management

User Access Reviews | Drata

Drata's User Access Review: Empowering GRC Teams with Streamlined Efficiency

The Latest Resources


User access review hero image

How to Perform User Access Reviews

A user access review is a process that involves regularly reviewing access rights for a company’s employees and third-party vendors.



Beginner’s Guide to Third-Party Risk Management

Third-party risk management helps bring your external risks under control and lets you address security, financial, legal, and compliance risks.



What Is a SOC 2 Bridge Letter? [+ Template]

A bridge letter is a document that covers the gap between your last SOC 2 report and your customer’s calendar or fiscal year-end.

Automate Your Journey

Drata's platform experience is designed by security and compliance experts so you don't have to be one.


Easily integrate your tech stack with Drata.


Pre-map auditor validated controls.


Begin automating evidence collection.

Put Security & Compliance on Autopilot®

Close more sales and build trust faster while eliminating hundreds of hours of manual work to maintain compliance.