Trust Center

Start your security review
View & download sensitive information
ControlK

Overview

Drata's platform helps companies build and maintain the trust of their users, customers, partners, and prospects. We believe the best way to earn trust is by being transparent and proving that we are doing what we're saying we're doing. That’s why we take a security-first approach to everything we do. From building our infrastructure as code to monitoring our environment with anomaly detection and automated remediation, security is a core value that drives our business forward. This Trust Center provides you with artifacts to help show how we walk-the-walk when it comes to our own security, compliance, and privacy programs. Please reach out to our compliance team with any questions not answered here.

Compliance

SOC 2 Type 2 Logo
SOC 2 Type 2
SOC 3 Logo
SOC 3
ISO/IEC 27001:2022 Logo
ISO/IEC 27001:2022
ISO/IEC 27017 Logo
ISO/IEC 27017
ISO/IEC 27018 Logo
ISO/IEC 27018
ISO/IEC 42001:2023 Logo
ISO/IEC 42001:2023
HIPAA Logo
HIPAA
CCPA Logo
CCPA
GDPR Logo
GDPR
CISA: Secure-by-Design Pledge Logo
CISA: Secure-by-Design Pledge
VPAT Logo
VPAT
AWS Qualified Software Logo
AWS Qualified Software
AWS Security Software Competency Partner Logo
AWS Security Software Competency Partner

Drata is reviewed and trusted by

Capital One-company-logoCapital One
Vercel-company-logoVercel
Tenable-company-logoTenable
Okta-company-logoOkta
Zscaler-company-logoZscaler
LinkedIn-company-logoLinkedIn
T-Mobile-company-logoT-Mobile
OpenAI-company-logoOpenAI
Brex-company-logoBrex
Xerox-company-logoXerox
Wiz-company-logoWiz

Documents

Featured Documents

REPORTSExternal Penetration Test Report
COMPLIANCEISO/IEC 27001:2022
COMPLIANCESOC 2 Type 2

Risk Profile

Data Access LevelRestricted
Impact LevelModerate
HostingMajor Cloud Provider
View more

Product Security

Audit Logging
Data Security
Integrations
View more

Reports

CAIQ
Data Flow Diagram (DFD)
External Penetration Test Report
View more

App Security

Vulnerability Disclosure
Application Penetration Testing
Bot Mitigation
View more

AI

AI Policy
AI Data Management
AI Resource Management Policy
View more

Legal

SubprocessorsAlgolia-company-logoAmazon Web Services (AWS)-company-logoAmplitude-company-logoApideck-company-logoBasedash-company-logo
Cyber Insurance
Data Processing Addendum
View more

Data Privacy

Cookies
Data Breach Notifications
Data Privacy Officer
View more

Infrastructure

Status Monitoring
Amazon Web Services
Anti-DDoS
View more

Policies

Access Control Policy
Asset Management Policy
Change Management Policy
View more

Security Grades

Qualys SSL Labs
app.drata.com
A+
Security Headers
app.drata.com
A

Business Continuity / Disaster Recovery

Disaster Recovery Test

FedRAMP 20x

What is FedRAMP 20x?
Description of Services Offered
Phase One Pilot Initial Submission
View more
Trust Center Updates

Drata Not Impacted by Salesloft-Drift Incident

Copy link
Incidents

Drata became aware of the Salesloft-Drift security incident shortly after news reports were released regarding the compromise.

Threat intelligence sources and news outlets reported that this incident impacted customers of the Drift product, produced by Salesloft, who had the Drift integration enabled within Salesforce.

We want our customers to know that Drata is not impacted by the Salesloft-Drift incident.

We do not leverage this software and therefore the confidentiality, integrity, and availability of our systems remain unharmed.

Knowledge Base (FAQ)
  • Will my data be transferred or shared with any third parties?
  • Are all personnel required to use Multi Factor Authentication (MFA) to access the production cloud environment?
  • What is Drata's tenancy model and how is customer data segregated?
  • What physical security controls are in place to protect data and systems?
  • Do all users have unique ID's for access to production systems and data?
View more
If you need help using this Trust Center, please contact us.
Contact support
If you think you may have discovered a vulnerability, please send us a note.
Report issue