⚠️ Select your experience
The steps depend on your interface version. Select a link to skip to the instructions for your version.
Customers who joined Drata on or after Feb 24, 2026 are automatically on the New Experience.
Instructions for the New Experience ⬇️
Some organizations already manage policies, distribution, and employee acknowledgment in BambooHR. This workflow lets you:
Keep policy creation and acknowledgment in BambooHR
Avoid collecting acknowledgments in Drata
Use Drata to map policies to controls and sync signed evidence for audits
If BambooHR is the source of truth for policy content and acknowledgments, Drata can import the policy file, maps it to controls, and syncs acknowledgment evidence daily.
How policy management works with BambooHR
When you use BambooHR as your policy manager:
Policies are created and updated in BambooHR
Acknowledgment happens only in BambooHR
Drata does not send acknowledgment prompts in My Drata
Approval workflows in Drata are bypassed
Imported policies are published immediately in Drata
Drata runs a daily sync to collect signed acknowledgment evidence
Prerequisites
BambooHR is connected to Drata.
You have Admin permissions in both Drata and BambooHR.
Policies must be created in BambooHR first; you cannot create policies in Drata and sync them back to BambooHR.
The files uploaded to BambooHR must have one file extension. Files with multiple extensions will fail to import.
Employees acknowledge policies in BambooHR, not in Drata. Employees do not receive acknowledgment tasks in My Drata, even if the policy is assigned to them.
BambooHR does not support draft or approval states. Every policy imported from BambooHR is published immediately in Drata.
Import a policy from BambooHR
Only the policy owner can import or sync files from BambooHR.
Open Governance → Policies.
Select Import policy.
Enter the policy details:
Policy name
Policy owner
Personnel groups
Confirm your selection.
The policy is published immediately in Drata as Version 1 (new policy) or the next version (existing policy update). Drata skips drafts, approvals, and tiered workflows. The policy is available for control mapping immediately
How acknowledgment data syncs
Drata runs a daily sync with BambooHR to collect acknowledgment evidence. When an employee signs a BambooHR policy:
The signed file is saved to the employee’s Signed Documents folder in BambooHR
Drata pulls acknowledgment evidence only from this folder
Replace Drata templates with a BambooHR policy
Some BambooHR documents (such as a Company Handbook) may satisfy multiple policy requirements. In these cases, replace all applicable Drata policy templates with the single imported BambooHR policy to avoid duplicate coverage.
Open Governance → Policies.
Select the BambooHR policy that will replace Drata templates.
Select Edit in the details section.
For Should this policy replace any Drata default policies?, select Yes.
Select all applicable policy templates the BambooHR policy replaces. Examples include:
Acceptable Use Policy
Code of Conduct
Information Security Policy
Save your changes.
Replacing templates ensures accurate control coverage and prevents duplicate policies in your audit scope.
What happens if a BambooHR policy file is removed
If a policy file is removed from BambooHR:
The policy remains visible in Drata.
The policy stays mapped to its controls.
Mapped control readiness is not impacted.
You cannot update the policy status until a new valid file is uploaded.
Drata displays clear warning banners when an external policy file is missing.
Key distinction to remember
BambooHR-managed policies
Source of truth: BambooHR
Acknowledgment: BambooHR
Drata role: evidence sync and control mapping
No drafts or approvals in Drata
If you want policy creation, approvals, renewals, and acknowledgment in Drata, do not use BambooHR or other external policy connections.
Instructions for the Classic Experience ⬇️
HERE'S WHY
Though Drata can be used to create and manage policies, some companies already use another platform to manage, distribute and collect policies and acknowledgment. This feature allows you to designate an external source as the source of truth for policies and track user acknowledgment, so you don’t have to bring those users into Drata to gather that information.
This article explains how to link BambooHR policies to Drata, manage removed policies, and handle updates.
BEFORE DIVING IN
Policy Creation: You cannot create policies in Drata and sync them back to BambooHR. Policies must first be manually added to BambooHR.
File Requirements: Ensure the original file uploaded to BambooHR has only one extension (for example,
.pdf,.txt). Files with multiple extensions will cause errors when importing into Drata.Policy Acknowledgment: Policy acknowledgment is managed directly in BambooHR. Users will not see acknowledgment prompts in My Drata, even if policies are assigned to them there.
Prerequisites
Ensure BambooHR is connected.
To link policies from BambooHR, ensure BambooHR is connected as your HRIS in Drata.
This requires you to have Admin roles in both Drata and BambooHR.
Understand Policy Management with BambooHR:
Once BambooHR is connected, you cannot make changes to other policies in Drata.
However, you can import BambooHR policies into Drata and make updates to those policies as needed.
Importing a file into Drata from BambooHR automatically publishes the policy since BambooHR does not have draft or approval statuses. The file is immediately marked as a published version (Version 1) upon import.
Import a BambooHR policy
Navigate to the Policy Center. A banner at the top of the page confirming BambooHR is the source for policy acknowledgment
Select the Import Policy button.
Enter policy details, such as the name, owner, and personnel groups, and confirm your selection.
Policy Ownership: Only policy owners can import or sync files with BambooHR.
Important note: Once imported, the policy will be immediately published in Drata as Version 1 (or the next version if updating), since BambooHR does not support draft or approval statuses.
Imported BambooHR policies bypass Drata’s approval and tiered workflow features.
Drata will run a daily sync to update policy acknowledgement data from BambooHR. When an employee completes a Bamboo document signature request, the signed document will be saved to the "Signed Documents" folder on the employee's profile. This is the folder from which Drata syncs acknowledgement data.
Some policies available in your external source may need to replace multiple Drata policy templates. For example, your Company Handbook may cover an Acceptable Use Policy, a Code of Conduct, and an Information Security Policy. In such cases, be sure that all of these policy templates are replaced by the new file imported from the external source. You can do this in the policy specific page under the Details section.
Removing an external file
You can still view a removed file. However, if you remove a file from your policy, you may not be able to update its status until a new, valid file is uploaded. The removal of an external policy does not impact the readiness of a mapped control and will remain linked to their mapped controls.
If Drata detects that a policy has been removed from an external service, the following alerts will appear:
Policy table Notification: A red banner will display at the top of the policy table to notify you about removed policies. The rows corresponding to these policies will also be marked in red for easy identification.
Policy Page Notification: On the specific policy page, a red banner will inform you that the policy requires a new file to proceed.
TROUBLESHOOTING
If you are running into an issue when attempting to import a BambooHR file, your file in BambooHR might be corrupted. To fix this, go to BambooHR and re-upload the file in BambooHR before trying to import it into Drata.