Streamlining Security and Compliance in Q3: Key Enhancements Released this Quarter

While most businesses are winding down in Q3, Drata is moving full steam ahead.

With 100+ releases delivering new innovations, fixes, and more, we’re invested in the growth and success of your GRC program. This quarter, we’ve focused on empowering you in these key areas:

• Building Trust Faster: Your sales team relies on your GRC team to build trust quickly with partners, customers, and prospects. This quarter’s releases are designed to expedite the sales process, enabling your team to foster trust and close deals more efficiently.

• Holistically Managing Risk: We’ve continued to enhance seamless management of both internal and external risks. Our latest advancements provide a comprehensive, 360-degree view of risks across your business, empowering you to manage and mitigate them proactively.

• Increasing Visibility and Coverage in a Unified GRC Platform: Our improved unified platform ends the need to toggle between multiple tools and reduce the budget spent on point solutions. Our recent updates bring all aspects of GRC under one roof, making your operations more efficient and cost-effective.

There’s more: New frameworks and several additional integrations to support you in automating even further using Drata.

These updates address your biggest challenges head-on. Take a look at the highlights below to see how they can support your program’s success.

Expedite the Sales Cycle + Use GRC as a Revenue Generator

Accelerate your sales cycle by showcasing a strong, transparent risk & compliance posture that reassures prospects and shortens due diligence timelines. Here are some updates we’ve made to help you leverage your GRC efforts:

Answer Security Questionnaires in Minutes

Security questionnaires can be a significant drain on time but are crucial for building trust with prospects. Drata’s new Security Questionnaire Automation (SQA) product—now in beta—streamlines this process by using Drata AI to pull data from past questionnaires and your existing compliance records. This automation speeds up response times while still giving you the option to review and approve answers. SQA is available to customers on Trust Center Pro, Foundation, or Advanced packages.

With these updates, Drata is committed to helping you stay secure, compliant, and competitive. Schedule a demo to see how these new features can benefit your organization.

Streamline Document Access Through Salesforce

Drata’s Trust Center now integrates with Salesforce to simplify access to security documents, eliminating unnecessary NDA back-and-forth. By linking Trust Center to your Salesforce, you can automatically identify if an NDA is already in place, instantly granting access to relevant documents. You maintain control over document access through admin approvals, ensuring sensitive information stays protected. For teams managing NDAs outside of Salesforce, this process can also be automated with our public API.

Demonstrate GRC’s Impact on Revenue with Trust Center Analytics Dashboard

We’re excited to introduce Trust Center Analytics, offering insights into how your Trust Center is used and adopted. The new dashboard lets you monitor key metrics such as document downloads, access requests, and page views over chosen time periods. You can also export this data for easy sharing with stakeholders, enhancing visibility and supporting your sales team’s revenue objectives. Also, showcase the revenue impact and share with key stakeholders to showcase how your GRC program is a revenue generator. 

Holistically Manage Risk & Regulatory Requirements

Empower your team to take a comprehensive approach to risk and compliance by centralizing controls, automating workflows, and providing real-time insights in Drata. With an all-in-one view of your compliance posture, you can streamline your compliance journey and stay a step ahead of risks.

Monitor Vulnerabilities

Managing critical vulnerabilities is now more streamlined than ever. Drata’s new Vulnerabilities Monitoring solution lets you track security risks across multiple tools, such as AWS Inspector, Snyk, and Qualys, helping to reduce overall risk across your organization. With everything centralized in Drata, there’s no need to jump between platforms—monitor and manage vulnerabilities from a single dashboard. Ensure timely remediation of critical issues, with customizable service level agreements (SLAs) for added oversight and peace of mind.

Streamline Vendor SOC 2 Reviews with Drata AI

Reviewing SOC 2 reports for high-risk or prospective vendors is crucial but can be time-consuming, with each report needing detailed analysis. Drata’s SOC 2 AI Summary streamlines this process by automatically summarizing key report sections, highlighting major exceptions, and summarizing management responses—giving you quicker, clearer insights into vendor security postures. The side-by-side report view enables easy comparison, helping you align security requirements and make informed decisions more efficiently at any scale.

Effortless Risk Tracking with Drata’s Risk Library Enhancements

Risk management just got simpler. Now, when adding a risk to your register, Drata’s risk library retains a copy for future reference. This straightforward yet powerful feature supports a flexible, agile approach to managing active risks, making it easy to stay proactive and well-informed alongside your risk landscape.

Risk Status Tracking for Greater Insight and Control

Users can now track and manage risks more flexibly with three distinct statuses—Active, Closed, and Archived—within the risk register. Developed in response to user feedback, this update enables streamlined filtering on the insights dashboard, allowing users to focus on specific statuses and easily adjust them within the table or drawer. Supported in our Risk Assessment and Risk Management solutions, this enhancement underscores our commitment to scalable, customer-centric solutions that prioritize ease and efficiency.

Guided Vendor Security Reviews

Enhance vendor onboarding, evaluation, and compliance with Guided Vendor Security Reviews. Effortlessly track prospective vendors through the procurement process, document key insights, and keep a comprehensive record of your vendor assessments over time. Simplify third-party security management and ensure compliance—all with just a few clicks.

Unified GRC Platform with More Automation for Full Visibility and Coverage

Control Owner Notifications

Maintain compliance effortlessly with our improved Control Owner Notifications. Control owners can now choose to receive alerts through Slack, Microsoft Teams, or email whenever evidence for a control is updated, linked, edited, or added, ensuring your team stays informed and aligned.

Confidently Meet Compliance Standards with Evidence Guidance

Access clear, expert-driven guidance on required evidence to simplify your compliance process and prepare effortlessly for audits. Tailored to your needs, Evidence Guidance ensures alignment with the latest standards while giving you the flexibility to customize and manage evidence with ease.

Quick User Access Reviews

Conducting User Access Reviews (UAR) is now simpler with the Quick User Access Reviews feature. You can easily view roles and set the review status for each individual in one consolidated view, making the review process more efficient.

Policy Legal Disclaimers

We've introduced a new option for policy legal disclaimers. Customers can now easily add an optional legal disclaimer directly from the Policy Details drawer, ensuring all required legal information is properly documented and communicated.

API for Manual Import of Personnel Data

Reduce manual effort with our new API for Manual Import of Personnel Data. Automate your personnel data uploads by submitting a CSV file or JSON in the POST Body, eliminating the need for daily exports, formatting, and uploads in favor of a more efficient, automated process.

Integration with key providers is crucial for quickly pulling in the necessary evidence and staying audit-ready at all times. Explore the new providers we now support.

Multiple Instance Management (MIM) Dashboard

Introducing the new Multiple Instance Management (MIM) Dashboard—a more comprehensive way to monitor your compliance health! This feature offers a unified view of your compliance status across all accounts, allowing you to quickly pinpoint which ones require attention. With this powerful tool, staying on top of compliance has never been easier.

Dashboards for Workspaces (BETA)

Dashboards for Workspaces offers a snapshot view of key compliance metrics across each business unit, giving you greater visibility and control over your organization’s overall compliance health.

Enhanced Issue Tracking with Dynamic Ticketing for Compliance as Code

Now, every ticket generated from Compliance as Code tests provides detailed, dynamic insights on test failures, including specifics on impacted resources and issue details. These tickets, automatically organized by severity for easy readability, are compatible across all 14 supported providers, enabling teams to resolve compliance issues faster and more effectively.

New and Updated Security Frameworks

Here’s an overview of our latest framework updates: NIST CSF 2.0, NIS 2, and NIST 800-171r2.

• NIST CSF 2.0: Stay up to date with NIST CSF 2.0, featuring new and revised controls aligned with the latest Cybersecurity Framework standards. NIS 2 Cybersecurity Core: For EU-based organizations, the NIS 2 Cybersecurity Core framework supports compliance with the upcoming NIS 2 directive. This framework strengthens resilience and incident response capabilities, preparing you for the evolving regulatory environment.

• NIST 800-171r2 Control Mapping: For organizations working toward NIST 800-171r2 compliance, Drata now includes the necessary control mappings and policy templates to simplify implementation and make compliance more manageable.

• CMMC Control Mapping: Drata has enhanced CMMC readiness with built-in control mappings from Drata’s DCF controls library. This feature reduces manual work and accelerates your compliance journey by automating control mapping and simplifying CMMC compliance management.

More Automation with New and Updated Integrations

Here’s a quick look at our latest integrations:

• Jira Automated Ticketing for Compliance-as-Code: Drata now offers Jira Automated Ticketing for Compliance-as-Code, allowing you to configure workflows that automatically generate Jira tickets for IaC and compliance tests. Track compliance issues, remediation, and infrastructure misconfigurations with ease—enhancing coordination across teams.

• Bitbucket Support for Compliance as Code: For Bitbucket users, Drata now integrates with Bitbucket for Compliance as Code, enabling proactive detection of misconfigurations directly in the codebase. Automated pull requests ensure compliance issues are addressed early, helping teams deliver secure code seamlessly.

• GitLab Self-Managed Support for Automated Evidence Collection: Drata’s support now extends to GitLab Self-Managed environments, including GitLab Issues, allowing for automated compliance checks and monitoring across cloud and on-premise DevOps setups.

• GitHub Issues Enterprise Support for Improved Evidence Collection: We’re excited to introduce support for GitHub Issues in on-prem environments, enabling automated compliance checks and evidence collection to enhance accuracy and efficiency for GitHub users.

New User Access Review Integrations

Drata has expanded User Access Review (UAR) integrations to include platforms such as 1Password, Azure DevOps, Databricks, Lacework, Lattice, Lever, Matillion ETL, Microsoft 365 GCC High, Mixpanel, Sonarcloud, Vercel, and Webflow. With the new Vercel integration, Drata now supports a total of 100 direct UAR integrations.

GitHub On-Prem Environment Support

Drata now supports integrations with GitHub Enterprise Server, providing continuous monitoring and automated evidence collection for compliance in on-premise environments.

New Identity Provider Integrations: Microsoft 365 GCC High & CyberArk

We’ve expanded Identity Provider integrations to include Microsoft 365 GCC High and CyberArk, simplifying identity management with automatic synchronization and provisioning of accounts.

Vetty Integration

Introducing Vetty, Drata’s newest background check provider integration. Similar to other background check options, Vetty syncs completion timestamps and verification data directly to personnel profiles for streamlined compliance tracking.

Our third quarter updates bring a suite of new features and enhancements designed to make compliance management faster, more intuitive, and more scalable. As we continue to innovate, Drata remains dedicated to providing a robust, user-focused platform that adapts to the evolving needs of organizations everywhere, helping them stay audit-ready and resilient in an increasingly complex regulatory landscape.