Continuous Compliance
Automate evidence, reduce audit prep, stay ready year-round.
Compliance doesn’t scale when teams rely on point-in-time checks and manual follow-ups. This quarter, Drata strengthened its continuous compliance foundation—helping teams automate evidence collection, improve visibility, and stay audit-ready across evolving frameworks and complex environments.
No-Code Custom Workflows
Custom workflows are now live, giving teams the ability to automate follow-ups across their compliance program.
GRC teams can define no-code automation that assigns tasks, sends reminders, or escalates issues based on control status, evidence gaps, or monitoring failures. By replacing manual follow-ups with system-driven actions, teams close issues faster and maintain continuous readiness as programs grow.
Evidence Library Upgrades
The Evidence Library now supports larger uploads and additional file types, including .mp4, .msg, .html, and .log.
Whether storing training recordings, system logs, or audit artifacts, teams can support complex compliance workflows without workarounds—keeping evidence complete, current, and audit-ready.
Insights with MTTR
A new dashboard in Insights now tracks mean time to resolution (MTTR) for failed monitoring tests.
This gives teams visibility into remediation trends, clearer ownership of issues, and a faster path to resolution—turning continuous monitoring into actionable insight rather than noise.
New Framework Support: TISAX, NYDFS, and ISO/IEC 27018:2025
Drata expanded its framework library to support additional global and industry-specific requirements.
- TISAX enables automotive and manufacturing organizations to meet critical EU security standards, with built-in mapping to ISO 27001 and SOC 2 to reduce duplication.
- NYDFS Cybersecurity Regulation support brings mapped controls, real-time monitoring, and integrated risk workflows for financial institutions.
- ISO/IEC 27018:2025 adds dedicated coverage for cloud privacy controls, helping organizations processing PII align privacy and security requirements across ISO and SOC 2.
These additions allow teams to adopt new frameworks with clarity—without rebuilding controls from scratch.
Automated Governance
Turn governance into a system, not a spreadsheet.
As compliance programs mature, governance breaks when ownership, approvals, and accountability live in disconnected tools. This quarter’s updates help teams operationalize governance across people, systems, and workflows.
Multiple HRIS Support
Organizations can now connect and unify employee data across multiple HR systems.
Designed for global and hybrid organizations, this capability gives GRC teams a single, reliable view of workforce evidence—eliminating duplication, reducing access risk, and simplifying audits across regions and subsidiaries.
Multiple IdP Support
Drata now supports connecting multiple identity providers (IdPs) simultaneously, giving GRC teams a unified view of personnel compliance and policy enforcement across teams, tenants, and regions. This is a core Enterprise capability that affects identity, sync, policy assignment, compliance tracking, and governance at scale.
Custom Workflow Automation Across Governance Events
Drata’s no-code workflows now trigger actions across 26 event types, from failed controls to personnel changes.
Instead of chasing updates manually, teams enforce governance through automated task routing and escalation, ensuring accountability stays intact as environments change.
Security Assurance
Prove trust—faster and at scale.
Security assurance isn’t a one-time exercise. It’s a continuous signal to customers, auditors, and partners that trust is actively maintained. This quarter, Drata expanded Trust Center and questionnaire automation to reduce friction while preserving accuracy and control.
AI Feature Items
AI Feature Items enable customers to publish clear, structured AI disclosures directly in their Trust Center, covering AI features, models, data handling, and governance practices. This helps security reviewers get the AI answers they need upfront, reducing back-and-forth and positioning AI transparency as a strength, not a blocker.
Trust Center Documents APIs
New APIs enable teams to programmatically upload, replace, delete, and manage documents in Trust Center .
With full document lifecycle management and metadata-level control, enterprises can eliminate duplicate document workflows and reduce the risk of outdated security content being shared with customers, auditors, or partners. By enabling automated trust workflows across systems, not just native integrations, these APIs support scalable assurance operations in complex environments.
SafeBase Chrome Extension + Drata Portal Support
Drata questionnaires are now supported in the SafeBase Chrome extension.
Teams can import approved SafeBase answers and autofill Drata Portal questionnaires directly in the browser, cutting manual copy/paste and accelerating security reviews while maintaining a single source of truth for approved responses.
AI Search for the SafeBase Chrome Extension
The AI Questionnaire Automation Chrome Extension now includes AI-powered search for questionnaire responses.
GRC and Sales teams can quickly find approved questionnaire answers directly in their browser, reducing context switching and speeding up responses during live security reviews.
Questionnaire Parsing and Search Enhancements
Drata introduced multiple improvements to questionnaire workflows:
- Parsing support for PDF, Word, and TXT files while preserving original formatting
- Search by question number or keyword within large questionnaires
- Spreadsheet questionnaire GA, including sheet selection, automatic column mapping, and consistent review steps
These enhancements reduce manual cleanup, improve accuracy, and help teams respond to security reviews faster, without sacrificing control.
Granular RBAC and Trust Center Single Item Edit
Trust Center now supports fully customizable role-based access control, allowing teams to assign permissions by function and involve Legal, Privacy, and Sales without overexposing access.
Single Item Edit enables teams to update individual Trust Center sections without unlocking entire pages, making fast, low-risk updates easier as trust content evolves.
What’s Coming Next
Upcoming releases will continue to expand automation, interoperability, and scale across the platform—including deeper identity provider support, a refreshed Drata experience, and continued expansion of the framework library.
From continuous compliance to automated governance and security assurance, every Drata update is built to scale trust with speed and visibility. Explore what Drata has to offer today.
