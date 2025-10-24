Governance, risk and compliance (GRC) software vendor Drata has established a Sydney base to further its push into assisting local organisations with data sovereignty requirements and regulatory complexity.

Daniel Ettenhofer has been appointed as Regional Vice President of Sales for APAC. The company has opened a Sydney office and launched an APAC data centre earlier this year.

The Drata platform automates compliance across more than 25 frameworks, including ISO 27001 and PCI DSS. Support for Australia's Essential 8 framework is expected by the end of October, according to Ettenhofer.

The vendor claims more than 8,000 customers across 60-plus countries, including over 550 in APAC, with the majority of these based in Australia or New Zealand.

The platform automates governance, risk and compliance processes. Drata claims this reduces time spent on preparing and doing annual audits and streamlines security reviews.

“I feel there is a huge opportunity for Drata in the Australian market, given 80% of businesses are under a 2000 employee count. SMB has really been our sweet spot, but we’re seeing more and more demand for Drata coming from the Mid-Market and Enterprise. There's a huge amount of opportunity in those organisations that where typically people are wearing many hats, and they don't have the ability to effectively manage and scale compliance within their business,” said Ettenhofer.

“Typically, compliance becomes an afterthought or a task that's forgotten about, and that introduces gaps and risks into the security posture of the organisation.

“CEOs and their boards have now recognized that GRC becomes a strengthening mechanism for the business posture, for business progression. So, there's a huge amount of momentum in the market.

“We've done studies of organizations that have up to about a thousand people, and they're spending just over a thousand hours per year on compliance-related activity just to pass something like an ISO27001 audit. That could require two or three FTEs.

“The power of compliance automation with Drata is we not only give those hours back, you can shift that headcount into project and valuable delivery work. The automation and the value we deliver from that is key to our value proposition.”

Drata is utilising Generative AI to assist with the task of completing vendor security questionnaires which large companies and government agencies increasingly undertake with prospective suppliers.

“The typical -old way of doing that is through receiving a lengthy questionnaire with maybe 100 to 150 questions.

It is very time consuming and takes up a lot of resources to answer those.

“But as we are already collecting all the information about an organisations security policies, how compliant they are against all of these frameworks, by leveraging AI and summarization we can populate those answers.

“What may have taken days or weeks to complete surveys and questionnaires, we're doing it in minutes. So again, more time savings that we're handing back to the security and the GRC team within an organization.”

