Trust Is Our Ethos
Drata was founded to help build trust across the internet by allowing companies to stand up and maintain their security posture. Security and compliance is at the core of what we provide, and it’s also at the core of what we do.
Drata works with independent experts to verify our own security, privacy, and compliance controls, and have achieved certification against stringent standards. Download our security whitepaper to learn more.
SOC 2 Type 2 Report
We work with an independent auditor to maintain a SOC 2 Type 2 report, which objectively certifies our controls to ensure the continuous security, availability, confidentiality, and integrity of our customers' data.
Developed by the Assurance Services Executive Committee (ASEC) of the AICPA, the Trust Services Criteria is the set of control criteria to be used when evaluating the suitability of the design and operating effectiveness of controls relevant to the security, availability, or processing integrity of information and systems, or the confidentiality or privacy of the information processed by the systems at an entity, a division, or an operating unit of an entity.
Security Automation First
An automation-led approach allows us to confidently prove our security and compliance posture any day of the year and foster a culture of compliance.
Continuous Compliance
We monitor 100+ security controls and work with auditors and security experts to ensure automated tests are accurate.
Automated Detection & Response
We use best-in-class services and tools to provide 24/7 automated detection and response capabilities.
DevSecOps Forward
Security checks are baked into our software development lifecycle and secure baselines are automatically enforced.
Above and Beyond Compliance
We continuously invest in our security program to protect against potential threats from all entry points and to instill a cybersecurity-first mindset across our organization.
Zero Trust
We're a remote-first, cloud-native company, and have designed our networks and access controls with Zero Trust principles.
Phishing Resistance MFA
We use the Web Authentication API (WebAuthn) multi-factor standard to protect authentication to sensitive systems.
Red Team Testing
We conduct red team testing both internally and with third parties to best identify security gaps.
Bug Bounty
We host a private bug bounty program on the HackerOne platform. Please contact [email protected] if you would like to be invited to the program. For other urgent reports, please follow our responsible disclosure policy.
The Latest Resources
Blog
SOC 2 Compliance: A Beginner's Guide
SOC 2 compliance means having controls in place to meet industry standards for security, privacy, and more. Learn how to become compliant.
Blog
Containers and Kubernetes: Why DevSecOps is Critical to Success
While containerization is certainly not without risks, the path towards a more secure environment starts with DevSecOps on day one.
Automate Your Journey
Drata's platform experience is designed by security and compliance experts so you don't have to be one.
Connect
Easily integrate your tech stack with Drata.
Configure
Pre-map auditor validated controls.
Comply
Begin automating evidence collection.
Put Compliance on Autopilot
Close more sales and build trust faster while eliminating hundreds of hours of manual work to maintain compliance.
