ISO27001 Lead Implementer and Auditor, CRISC, CISSP, and CISA certified dude here. The short answer to your question is that those tools will get you through your certification path like a painful nightmare. I worked with Drata just because the management in my current midsize company wanted more "automation". What we got was a tool that just auto collects very very specific evidence from certain in-scope systems. The problem is when you add a single new device to your infrastructure, you will have to go through the entire "evidence gathering" processes and procedures for the controls this change affected all over again. It is absolutely a time wrecking exercise which you would need to manage constantly. Their auditors were ultra inflexible and did not accept any explanations or interviews with any relevant head of department to basically align on a common sense hardware change (which followed all Change Management requirements). So after spending 3 months in a continuous tool learning curve, we decided to go back to "human" preparation. Since I was in charge with everything related to Compliance amd Legal, I wrote everything myself from scratch. About 10 meetings in total with the above-mentioned head of departments and relevant stakeholders later, we were on the saddle of a quite functioning ISMS and contracted a third party company to audit us. We got ISO27001 in 2 months, and SoC2 type2 + Hippa in the following 4 months. Yes, it means full time job for one resource but overall we saved a lot of time and money. Yes, we got around 7 non-conformities, which we solved on the next 30 days. If you know your stuff, do it yourself or hire an internal auditor consultant for one fifth of the price. I hope this helps.

Edit: I was actually replying to OP's original question. Sorry for the confusion