Drata - Security at Drata

Our Ethos

Drata was founded to help build trust across the internet by allowing companies to stand up and maintain their security posture. Security and compliance is at the core of what we provide, and it's also at the core of what we do. Drata works with independent experts to verify our own security, privacy, and compliance controls, and have achieved certification against stringent standards.

SOC 2 Report

We work with an independent auditor to maintain a SOC 2 report, which objectively certifies our controls to ensure the continuous security of our customers' data.

Developed by the Assurance Services Executive Committee (ASEC) of the AICPA, the Trust Services Criteria is the set of control criteria to be used when evaluating the suitability of the design and operating effectiveness of controls relevant to the security, availability, or processing integrity of information and systems, or the confidentiality or privacy of the information processed by the systems at an entity, a division, or an operating unit of an entity.

Trusted by the best:

Stringent Security Controls

Drata continuously monitors 200+ security controls across the organization using its own automation platform. Automated alerts and evidence collection allows Drata to confidently prove its security and compliance posture any day of the year, while fostering a security-first mindset and culture of compliance across the organization.

Encryption

We encrypt all sensitive data both at rest and in-transit using strong, industry-leading encryption algorithms.

Penetration Testing

We conduct rigorous annual penetration tests with leading independent security consulting firms.