Drata Release Notes

See how customers are discovering the New Drata Experience—faster workflows, clearer insights, and a more intuitive way to manage compliance at scale.

A new interface only matters if it improves how teams actually work.

That’s exactly what our customers are understanding as they explore the New Drata Experience.

Released in February, it represents a fundamental shift in how GRC teams navigate, act, and scale their programs. Early feedback signals how it’s something bigger than a redesign, offering smoother navigation, clearer workflows, and far less time spent digging through information. And that’s only the beginning.

Here’s how customers are experiencing it.

The Challenge — Remove GRC Speed Bumps

GRC teams don’t struggle because of a lack of tools—they struggle because of friction between them.

Navigation that requires too many clicks. Workflows that break context. Data that lives across tables, reports, and spreadsheets. Teams are forced to hunt for answers instead of acting on them.

As programs grow, so does the problem:

• Reviews take longer because context is scattered
• Manual updates and imports slow down progress
• Teams rely on spreadsheets to fill workflow gaps
• Time-to-action stretches when it should shrink

The result? Compliance becomes reactive instead of continuous.

The Solution — A More Intuitive, Action-Driven Experience

The New Drata Experience changes how teams move through compliance work—bringing navigation, context, and action together into a single, unified flow.

For many teams, the biggest shift is immediate.

“ The UI feels a lot smoother, and the cleanup of the left-side navigation makes the experience easier to work through.”
Micah Colwell
Systems Engineer, HealthLink Dimensions, LLC

“ The interface looks a lot more friendly than the previous version. It feels easier to navigate and work in.”
Dan Abraham
Security Analyst, Calgary Flames

“ The new user experience feels like a whole new generation of the product.”
Saeed Elahi
Head of Cyber Risk & Assurance, Tenable

Behind these positive reactions is a system designed for how teams actually work:

• Smarter navigation reduces friction and eliminates feature hunting
• Persistent panels and detail pages keep context visible while you act
• Configurable tables with saved preferences adapt to each team’s workflow
• Powerful search and filtering surface the right data instantly
• Bulk import capabilities eliminate days of manual work and support tickets

These capabilities make it easier to find what you need and allow teams to move through tasks without unnecessary friction.

Persona Use Cases — Connect Work to Real Outcomes

Director of Compliance

• Instantly sees what’s changed across controls and tests
• Avoids manual follow-ups with clearer visibility into readiness

Unlocks: faster oversight and stronger audit confidence.

GRC Manager / Security Engineer

• Bulk imports risks, controls, or training evidence in minutes instead of days
• Customizes tables and workflows without relying on spreadsheets
• Quickly identifies and resolves failed tests

Unlocks: faster resolution and dramatically reduced manual effort.

VP of Security / Head of GRC

• Gains consistency across workflows and teams
• Scales programs with configurable, enterprise-grade infrastructure
• Monitors trends like remediation time and control readiness

Unlocks: a system that scales with complexity and supports continuous compliance.

The Impact — Early Feedback, Real Results

While the rollout is still in progress, early reactions point to a consistent theme: the experience is simply easier to work in. It helps our customers get more done, faster.

“ I like the new look of the platform and I’m looking forward to using it more once everything is fully rolled out.”
Chad Peterson
Strategic Advisor, Doxy.me

The impact is readily apparent across customer feedback. Users report faster navigation and less time searching, quicker movement from insight to action, and reduced reliance on spreadsheets. And most importantly, greater confidence in day-to-day workflows.

And in many cases, tasks that once took days—like bulk updates or evidence imports—can now be completed in minutes.

Why It Matters — A Foundation for Modern GRC

This isn’t just a better interface—it’s a better way to operate.

The New Drata Experience makes it even easier to enjoy continuous compliance instead of point-in-time audits and scalable workflows that grow with your program. It enables faster, more confident decision-making powered by future-ready automation and AI-driven insights.

It’s a shift from managing compliance to actually operating it.

Explore how the New Drata Experience helps GRC teams automate with clarity, accountability, and control. Book a demo now.

Original source

Drata and Ramp now integrate to automate vendor security reviews from spend requests, closing the loop between procurement, security, and compliance.

Every time someone adds a new vendor in Ramp, security or GRC needs to get involved, a review has to start, and the decision needs to find its way back to procurement before the purchase moves forward.

That manual handoff is one of the most persistent points of friction between finance and security. It slows down purchasing, adds back-and-forth over email and tickets, and makes it harder to prove that every vendor was actually reviewed.

The Drata and Ramp integration closes that gap.

The Challenge: Procurement and Compliance Live in Different Systems

Most companies manage vendor spend and vendor security in separate tools.

Ramp owns spend requests, approvals, and budget controls. Drata owns vendor security reviews, evidence collection, and control monitoring.

The connection between them is usually email, tickets, and spreadsheets. It starts when someone on the finance team adds a vendor in Ramp and emails security. Then, the security team creates the vendor in their own system and kicks off a review. Eventually, someone sends an approval back so the request can move forward.

The whole process can take days or weeks and depends on both teams staying perfectly in sync across systems that don’t actually talk to each other.

For companies working toward SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, or any framework that requires vendor due diligence, this isn’t just an efficiency problem. It creates real risk when vendors are approved for spend before a security review is complete.

The Solution: The Ramp × Drata Integration

Drata now integrates directly with Ramp to connect spend management with vendor security compliance.

When a team member submits a spend request in Ramp that includes a new vendor, Drata detects it automatically and:

1. Creates the vendor record in Drata—no redundant data entry.
2. Maps any configured custom fields from the Ramp form directly to the Drata vendor record, so context carries through.
3. Kicks off a vendor security review based on your Drata program configuration.

When the review is complete and approved in Drata, the status syncs back to Ramp automatically—every hour by default, or immediately via manual sync. Finance sees when a vendor is cleared, and procurement keeps moving without tracking down status over email or Slack.

No email chains. No copy-paste. No vendors slipping through the gap between procurement and security.

How the Integration Works

Here’s what happens behind the scenes once Ramp and Drata are connected:

1. A team member submits a spend request in Ramp and selects a new vendor.
2. Ramp detects that the vendor is new and triggers the Drata integration.
3. Drata automatically creates the vendor record and starts a security review based on your program configuration (review type, deadline, and required fields).
4. The security team completes and approves the review in Drata.
5. Drata syncs the approval back to Ramp automatically every hour, or immediately via manual sync.
6. The Ramp request is cleared for approval with a documented security review on record.

From the requester’s perspective, they stay in their existing Ramp workflow.

From the security team’s perspective, every new vendor appears in Drata with the right details and a linked review, without manual intake work.

How Finance and Security Teams Benefit

The Ramp × Drata integration is designed for companies where finance and security need to stay aligned—without turning every new vendor into a multi-week project.

Finance and procurement teams can eliminate manual notifications to security every time you add a vendor. Instead, Drata picks up new vendors from Ramp automatically and starts the review. They can also see review status without leaving Ramp, so they know exactly when a vendor is ready for approval. It helps keep spend moving without waiting on email threads or chasing approvers.

For security and compliance teams, they see every new vendor requested in Ramp in the Drata vendor security review queue automatically. They can stop chasing procurement for vendor details or re-entering the same information in multiple systems. Plus they can configure review types, deadlines, and required fields once in Drata—the integration applies those settings every time.

Get Set Up in Under 10 Minutes

Connecting Ramp and Drata does not require engineering work in most environments. You can get up and running in a few steps:

1. In Ramp, go Company > Integrations and select for Drata
2. Select Connect and follow instructions to create an OAuth application in Drata.
3. In Drata, go to Settings → Integrations and select Ramp.
4. Create an application in Drata with the required API scopes: Events, VendorCreate, VendorCreateUpdate, VendorCreateAndRead, and VendorSecurityReviews.
5. Copy the application credentials into Ramp. The integration pulls the required data from Drata automatically.
6. Configure a Drata Program with your review type, deadline, and any field mappings from your Ramp forms.

Once live, the integration runs in the background. You manage your vendor security reviews in Drata; Ramp reflects the latest status automatically.

Who This Is For

The Ramp × Drata integration is built for teams that want procurement and compliance to move in lockstep from the start. For instance, organizations building or maturing a compliance program toward SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, or similar frameworks with vendor due diligence requirements will also see value.

If you’re scaling procurement and expecting vendor reviews to happen automatically, not through ad hoc email, or if you want to cut the back-and-forth between procurement and security on every new vendor, this integration is designed with your needs in mind. It removes friction without forcing teams to abandon their existing workflows.

Common Questions, Answered

Does this work with existing vendors in Ramp?

The integration triggers for new vendors that Ramp hasn’t seen before. Requests for existing vendors continue to follow your current workflow.

What if I need the sync to happen immediately?

Drata syncs vendor review status back to Ramp automatically every hour. If you need an immediate update, you can trigger a manual sync from the integration flow.

Can I control which fields carry over from Ramp to Drata?

Yes. When you configure a Drata Program, you define which Ramp form fields—including custom fields—map to which Drata vendor fields. The information entered in Ramp carries through to Drata according to those mappings.

What compliance frameworks does this support?

Vendor security reviews completed in Drata through the Ramp integration support Drata’s framework library, including SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, and others, and can be used as evidence across applicable frameworks.

Getting Started

The Ramp × Drata integration is available today.

If you already use both Ramp and Drata, open Settings → Integrations in your Drata account and select Ramp to connect the integration.

Not using Drata or Ramp yet? See how Drata connects to your existing stack and book a demo to explore how Ramp and Drata can help you automate vendor security reviews end to end.

Original source

Connect NinjaOne with Drata to sync device configuration data for continuous compliance and to automate evidence collection and stay audit-ready.

The Gap Between Endpoint Management and Continuous Compliance

Security and IT teams rely on endpoint management platforms like NinjaOne to configure and protect devices.

The harder part is proving those controls operate consistently across every device, every day.

NinjaOne acts as the system of record for endpoint configuration—enforcing policies like full disk encryption, screen lock, antivirus, and OS patching.

At the same time, compliance teams must demonstrate that those controls are in place and operating across frameworks such as SOC 2 and ISO 27001.

When device management and compliance live in separate systems, that proof becomes manual.

Exports. Screenshots. Spreadsheet reconciliation. Evidence collected right before an audit. As device fleets grow, this process slows teams down and introduces risk.

Most organizations do not struggle to configure devices. They struggle to demonstrate that device security controls operate consistently over time.

Without integration, teams often need to:

• Export device inventories and reports for audits
• Map device findings to compliance controls
• Track device posture outside the compliance system
• Recreate documentation for each audit or customer assessment

These disconnected workflows create operational overhead and fragmented visibility into device risk.

How the NinjaOne Integration Connects to Continuous Compliance

The Drata integration to NinjaOne connects endpoint data directly into Drata’s continuous compliance workflows, so device management and control monitoring stay in sync.

NinjaOne remains the source of truth for device configuration and posture across supported computers, including policies for disk encryption and screen lock. Drata uses that data to evaluate control readiness, monitor compliance, and maintain audit-ready evidence.

Device data—such as inventory, configuration, and security status—syncs into Drata and feeds device-related control monitoring.

Assets appear as devices in Drata and are evaluated through monitoring tests aligned to compliance controls, helping teams stay continuously audit-ready instead of rebuilding proof for each review.

Why This Matters

NinjaOne is increasingly used as a primary endpoint management solution across growing and enterprise environments. As organizations standardize on NinjaOne for device management, they need a way to connect that operational data directly into their compliance program.

Without that connection, teams are forced to recreate proof manually—even when the data already exists. This integration closes that gap by turning endpoint data into continuously maintained evidence inside Drata.

What This Enables

Continuous Control Monitoring

Core device controls—such as disk encryption, screen lock, antivirus, patching, and password management—are continuously evaluated using endpoint data from NinjaOne. Teams can demonstrate that controls are operating over time, not just during audits.

Reduced Manual Work

Device data syncs into Drata automatically and feeds control monitoring. Instead of exporting reports and rebuilding evidence, teams maintain an always audit-ready posture.

Stronger Audit and Customer Assurance

When auditors or customers request proof of device security controls, teams can point to continuously monitored evidence.

• Controls are enforced in NinjaOne and evaluated in Drata, providing clear, consistent visibility into device posture without relying on point-in-time documentation.

Built for Scale

As organizations grow, so do their device fleets, audit requirements, and customer expectations. Manual evidence collection does not scale. By connecting NinjaOne to Drata, teams move from point-in-time audits to continuous compliance—maintaining audit readiness across their entire device fleet.

Now Generally Available

Organizations using NinjaOne as their primary endpoint management platform can now connect device data directly into Drata’s agentic trust management platform to support continuous compliance and real-time assurance.

• Device management and remediation remain in NinjaOne
• Device posture syncs into Drata
• Compliance monitoring remains continuous

The Drata Integration to NinjaOne guide in the Drata Help Center provides setup instructions, required fields, and configuration guidance. Learn more by scheduling some time with the Drata team.

Original source

Connect NinjaOne with Drata to sync device configuration data for continuous compliance and to automate evidence collection and stay audit-ready.

The Gap Between Endpoint Management and Continuous Compliance

Security and IT teams rely on endpoint management platforms like NinjaOne to configure and protect devices.

The harder part is proving those controls operate consistently across every device, every day.

NinjaOne acts as the system of record for endpoint configuration—enforcing policies like full disk encryption, screen lock, antivirus, and OS patching.

At the same time, compliance teams must demonstrate that those controls are in place and operating across frameworks such as SOC 2 and ISO 27001.

When device management and compliance live in separate systems, that proof becomes manual.

Exports. Screenshots. Spreadsheet reconciliation. Evidence collected right before an audit. As device fleets grow, this process slows teams down and introduces risk.

Most organizations do not struggle to configure devices. They struggle to demonstrate that device security controls operate consistently over time.

Without integration, teams often need to:

• Export device inventories and reports for audits
• Map device findings to compliance controls
• Track device posture outside the compliance system
• Recreate documentation for each audit or customer assessment

These disconnected workflows create operational overhead and fragmented visibility into device risk.

How the NinjaOne Integration Connects to Continuous Compliance

The Drata integration to NinjaOne connects endpoint data directly into Drata’s continuous compliance workflows, so device management and control monitoring stay in sync.

NinjaOne remains the source of truth for device configuration and posture across supported computers, including policies for disk encryption and screen lock. Drata uses that data to evaluate control readiness, monitor compliance, and maintain audit-ready evidence.

Device data—such as inventory, configuration, and security status—syncs into Drata and feeds device-related control monitoring.

Assets appear as devices in Drata and are evaluated through monitoring tests aligned to compliance controls, helping teams stay continuously audit-ready instead of rebuilding proof for each review.

Why This Matters

NinjaOne is increasingly used as a primary endpoint management solution across growing and enterprise environments. As organizations standardize on NinjaOne for device management, they need a way to connect that operational data directly into their compliance program.

Without that connection, teams are forced to recreate proof manually—even when the data already exists. This integration closes that gap by turning endpoint data into continuously maintained evidence inside Drata.

What This Enables

Continuous Control Monitoring

Core device controls—such as disk encryption, screen lock, antivirus, patching, and password management—are continuously evaluated using endpoint data from NinjaOne. Teams can demonstrate that controls are operating over time, not just during audits.

Reduced Manual Work

Device data syncs into Drata automatically and feeds control monitoring. Instead of exporting reports and rebuilding evidence, teams maintain an always audit-ready posture.

Stronger Audit and Customer Assurance

When auditors or customers request proof of device security controls, teams can point to continuously monitored evidence.

• Controls are enforced in NinjaOne and evaluated in Drata, providing clear, consistent visibility into device posture without relying on point-in-time documentation.

Built for Scale

As organizations grow, so do their device fleets, audit requirements, and customer expectations. Manual evidence collection does not scale. By connecting NinjaOne to Drata, teams move from point-in-time audits to continuous compliance—maintaining audit readiness across their entire device fleet.

Now Generally Available

Organizations using NinjaOne as their primary endpoint management platform can now connect device data directly into Drata’s agentic trust management platform to support continuous compliance and real-time assurance.

• Device management and remediation remain in NinjaOne
• Device posture syncs into Drata
• Compliance monitoring remains continuous

The Drata Integration to NinjaOne guide in the Drata Help Center provides setup instructions, required fields, and configuration guidance. Learn more by scheduling some time with the Drata team.

Original source

Drata now supports ISO/IEC 27701:2025!

ISO/IEC 27701:2025 is the latest version of the global standard for building a Privacy Information Management System (PIMS), extending ISO 27001 to define clear responsibilities for PII controllers and processors while supporting compliance efforts under regulations such as GDPR and CCPA. The 2025 update clarifies privacy governance, aligns with ISO’s harmonized structure and ISO 27001:2022, and strengthens accountability across the full PII lifecycle. Click here to learn more!

Original source