💡 Still using the classic Drata experience? Refer to Managing External Policies from Confluence and Notion for the original UI.

When you use Confluence or Notion as your external policy manager:

Policy content is authored and edited in Confluence or Notion
Drata stores a read-only PDF copy for audit purposes
Policy metadata (title, owner, personnel groups) is managed in Drata
Acknowledgment behavior follows Drata-managed policy rules, not external acknowledgment
You must manually sync or re-import changes made externally

Prerequisites

Confluence or Notion is connected to Drata.
Only one external policy connection can be active at a time

Important limitations

Changes made in Confluence or Notion are not automatically synced. You must sync or re-import the policy in Drata.
Confluence exports policies in HTML format only, which may cause formatting differences when converted to PDF. Review imported files in Drata.
Notion policies cannot include database blocks or attachments.

Import a policy from Confluence or Notion

When you import a policy, Drata converts the file to a read-only PDF to ensure consistency and audit readiness.

Open Policies
Select Import policy.
Enter the policy details:
- Policy name
- Policy owner
- Personnel groups
Confirm your selection.

What happens after import

Imported policies are created as drafts in Drata.
Approval and publishing happen in Drata.
The policy appears as Linked in the External Source column.
The linked file appears in My Drata.
The policy can be included in audit package exports.
Policy content cannot be edited and policies cannot be deleted or archived in Drata.

Edit policy

To update policy content:

Make changes in Confluence or Notion.
Sync or re-import the updated file into Drata.

To update a policy linked to Confluence or Notion:

If you edited the policy in the external system, select Actions → Sync changes to pull the latest version.
If you want to replace the file entirely, select Actions → Import file.

After syncing or importing:

Finalize the draft.
Publish the policy so the new version is live for personnel and compliance purposes.

Behavior when the connection is disconnected

If the Confluence or Notion connection is disconnected:

Policies continue to appear in the Policy Center.
Available actions are limited to:
- Upload file
- Author policy

When the connection is restored and no changes made while disconnected:

Drata retains the reference to the original external file.
The link is automatically restored when the connection reconnects.
Import and Sync actions become available again.
If Autopilot detects changes in Confluence or Notion, it prompts you to sync.
You can also manually sync from Actions → Sync changes.

Changes made while disconnected:

Drata does not restore the link to the external file.
Import and Sync actions remain unavailable.
You must continue managing the policy locally using:
- Upload file
- Author policy

To re-enable Import and Sync, re-import the policy from the Policy Center. Reconnecting the integration alone does not restore these actions.

Deletion and archiving limitations for synced policies

Policies synced from Confluence or Notion cannot be deleted or archived directly in Drata. To remove a synced policy from Drata, you must permanently delete it in Confluence or Notion.

Note: Archiving a policy does not remove the policy from Drata. The policy must be deleted entirely in Confluence or Notion to be removed from your Drata policy list.

What happens if an external policy file is removed

If a policy file is deleted or no longer available in Confluence or Notion:

The External Source column displays Missing
The affected policy row is highlighted in the Policies table
A red banner appears on the policy detail page indicating the external file no longer exists

This helps you quickly identify policies that are no longer accessible from their external source.