Security at Drata

A security-first mindset rooted in our core value of trust.

Responsible disclosure policy

Trust Is Our Ethos

Drata was founded to help build trust across the internet by allowing companies to stand up and maintain their security posture. Security and compliance is at the core of what we provide, and it’s also at the core of what we do.

Drata works with independent experts to verify our own security, privacy, and compliance controls, and have achieved certification against stringent standards. Download our security whitepaper to learn more.

About Drata Logo Image@2x

Join the thousands of companies that trust Drata

Abnormal Logo
BambooHR Logo
Clearco Logo
Clearbit Logo
Lemonade Logo
Fivetran Logo
Notion Logo
Vercel Logo
Wordpress VIP
Calendly Logo

SOC 2 Type 2 Report

We work with an independent auditor to maintain a SOC 2 Type 2 report, which objectively certifies our controls to ensure the continuous security, availability, confidentiality, and integrity of our customers' data.

Developed by the Assurance Services Executive Committee (ASEC) of the AICPA, the Trust Services Criteria is the set of control criteria to be used when evaluating the suitability of the design and operating effectiveness of controls relevant to the security, availability, or processing integrity of information and systems, or the confidentiality or privacy of the information processed by the systems at an entity, a division, or an operating unit of an entity.

SOC 2 Type 2 Report Image

Security Automation First

An automation-led approach allows us to confidently prove our security and compliance posture any day of the year and foster a culture of compliance.

Endpoint Monitoring Icon

Continuous Compliance

We monitor 100+ security controls and work with auditors and security experts to ensure automated tests are accurate.

Third Party Library Scanning

Automated Detection & Response

We use best-in-class services and tools to provide 24/7 automated detection and response capabilities.

DNS Filtering

DevSecOps Forward

Security checks are baked into our software development lifecycle and secure baselines are automatically enforced.

Above and Beyond Compliance

We continuously invest in our security program to protect against potential threats from all entry points and to instill a cybersecurity-first mindset across our organization.

Credential Checking

Zero Trust

We're a remote-first, cloud-native company, and have designed our networks and access controls with Zero Trust principles.

Phishing Testing

Phishing Resistance MFA

We use the Web Authentication API (WebAuthn) multi-factor standard to protect authentication to sensitive systems.

Third Party Pen Testing

Red Team Testing

We conduct red team testing both internally and with third parties to best identify security gaps.

Bug Bounty

We host a private bug bounty program on the HackerOne platform. Please contact [email protected] if you would like to be invited to the program. For other urgent reports, please follow our responsible disclosure policy.

The Latest Resources


SOC 2 Guide List Image

SOC 2 Compliance: A Beginner's Guide

SOC 2 compliance means having controls in place to meet industry standards for security, privacy, and more. Learn how to become compliant.


Containers and Kubernetes Why DevSecOps is Critical to Success

Containers and Kubernetes: Why DevSecOps is Critical to Success

While containerization is certainly not without risks, the path towards a more secure environment starts with DevSecOps on day one.



Drata Leads Fall 2022 G2 Reports

Drata is a Leader in the Fall 2022 Grid Reports for Security and Compliance, and the highest-rated cloud compliance solution on G2.

Automate Your Journey

Drata's platform experience is designed by security and compliance experts so you don't have to be one.


Easily integrate your tech stack with Drata.


Pre-map auditor validated controls.


Begin automating evidence collection.

Put Security & Compliance on Autopilot®

Close more sales and build trust faster while eliminating hundreds of hours of manual work to maintain compliance.