This month marks the broad rollout of the new Drata experience, now available for all customers.
Built from extensive feedback across real-world GRC programs, the updated interface focuses on reducing time-to-task and improving operational clarity.
Key capabilities unlocked with the new experience include:
- Modern Framework Architecture for multi-framework and multi-workspace environments
- Improved audit and evidence workflows with clearer object relationships
- Enhanced tables and navigation designed for large datasets
- More actionable insights and remediation visibility
For new tenants, the new experience is now the default—marking a major evolution of the Drata platform as programs scale.
Continuous Compliance
Automate evidence, reduce audit prep, stay ready year-round.
Compliance programs break down when evidence collection, monitoring, and remediation live across disconnected tools. This month, Drata introduced platform updates that strengthen continuous compliance—giving teams better visibility into control health, faster remediation, and expanded automation across cloud infrastructure and vulnerability monitoring.
Drata Test Library
Drata introduced a centralized Test Library featuring 1,000+ new infrastructure tests across AWS, Azure, and GCP.
Teams can now browse, discover, and bulk provision automated tests directly within the platform. Each test continuously monitors infrastructure configurations and surfaces failures in real time, helping teams expand automation coverage without writing custom checks.
Insights with MTTR
The Insights dashboard now includes Mean Time to Resolution (MTTR) tracking for failed monitoring tests.
This provides teams with clearer visibility into remediation performance—helping identify bottlenecks, assign ownership faster, and reduce time spent resolving control failures.
Internal Audits in Drata
Drata now supports end-to-end internal audits directly within the platform.
Teams can create internal audit programs, assign auditors, collect evidence, and track remediation without relying on spreadsheets or external tools. With a built-in evidence viewer and structured workflows, collaboration between internal audit teams and compliance owners stays centralized and traceable.
Vendor & Internal Risk Management
Streamline assessments, centralize reviews, and strengthen oversight.
Risk management is only effective when teams can coordinate reviews, documentation, and remediation in one place. This month’s updates introduce stronger workflows for vendor risk, internal audits, and data visibility.
Vulnerability Scanning Integrations: Upwind and Orca Security
Drata now integrates with Upwind Security and has released Orca Security Vulnerability Scanning integration as generally available.
These integrations automatically import vulnerability findings into Drata, enabling continuous monitoring of security issues tied to compliance controls.
Instead of manually tracking vulnerabilities across tools, teams gain a unified view of risk and automated evidence collection tied to vulnerability management requirements.
Embedded Trust Centers for Vendor Reviews
Drata now supports embedded Trust Centers within third-party profiles, giving security teams immediate awareness of a vendor’s available assurance resources.
Teams can see whether a vendor maintains a Trust Center and identify the types of security documentation and artifacts available. This helps reviewers quickly understand what evidence may exist and streamline vendor communication during assessments.
TPRM Workflow Enhancements
Additional updates to third-party risk workflows include:
- Custom questionnaire subject lines
- Expanded email sending limits
- Enhanced SOC 2 field support
- Improved vendor filtering
Together, these improvements help teams manage vendor communication and documentation more efficiently as vendor ecosystems grow.
Automated Governance
Operationalize compliance workflows across teams.
As compliance programs grow, governance becomes harder to coordinate across policies, controls, risks, and people. This month’s updates introduce new capabilities that simplify operational governance and reduce manual work.
Self-Serve Bulk Import
Teams can now perform bulk creation and updates for Risks, Controls, Trainings, and Background Checks directly in Drata using CSV imports.
AI-powered column mapping and data transformation make it easier to migrate large datasets without SQL scripts or support tickets, significantly reducing onboarding friction for large programs.
Control Page Action Panel
A new Control Action Panel surfaces control readiness blockers in one centralized workspace.
From this panel, teams can quickly see:
- Failed monitoring tests
- Overdue evidence
- Missing approvals
- Policy dependencies
Instead of navigating across multiple pages, users get a focused view of what needs attention to restore control readiness.
Enhanced Tables, Search, and Custom Fields
Drata introduced high-performance search with OpenSearch and fuzzy matching, along with support for searching custom fields across Vendors, Risks, and Controls.
Combined with customizable table columns and saved preferences, these improvements make it easier to operate large GRC datasets and find the information teams need quickly.
Security Assurance
Prove trust faster across customers, auditors, and stakeholders.
Security assurance isn’t just about audits—it’s about demonstrating trust across your ecosystem. This month’s updates focus on reducing friction in security reviews and scaling assurance workflows through automation.
AI Trust Center Item Generation
AI can now generate Trust Center item descriptions automatically using existing documentation and knowledge base entries.
Instead of manually writing each item, teams can generate descriptions with one click and review them before publishing—dramatically reducing the time required to launch a Trust Center.
What’s Coming Next
Drata continues expanding automation, AI capabilities, and platform scalability to support modern GRC programs.
Upcoming updates will focus on deeper automation across risk management, expanded integrations across the security ecosystem, and continued evolution of the new Drata experience.
From continuous compliance to automated governance and scalable security assurance, every release is designed to help teams turn trust into a business accelerator. Try it for yourself—schedule a demo today.
