HERE'S WHY
Though Drata can be used to create and manage policies, some companies already use another platform to manage, distribute and collect policies and acknowledgment. This feature allows you to designate an external source as the source of truth for policies and track user acknowledgment, so you don’t have to bring those users into Drata to gather that information.
This article explains how to link BambooHR policies to Drata, manage removed policies, and handle updates.
BEFORE DIVING IN
Policy Creation: You cannot create policies in Drata and sync them back to BambooHR. Policies must first be manually added to BambooHR.
File Requirements: Ensure the original file uploaded to BambooHR has only one extension (for example,
.pdf,.txt). Files with multiple extensions will cause errors when importing into Drata.Policy Acknowledgment: Policy acknowledgment is managed directly in BambooHR. Users will not see acknowledgment prompts in My Drata, even if policies are assigned to them there.
Prerequisites
Ensure BambooHR is connected.
To link policies from BambooHR, ensure BambooHR is connected as your HRIS in Drata.
This requires you to have Admin roles in both Drata and BambooHR.
Understand Policy Management with BambooHR:
Once BambooHR is connected, you cannot make changes to other policies in Drata.
However, you can import BambooHR policies into Drata and make updates to those policies as needed.
Importing a file into Drata from BambooHR automatically publishes the policy since BambooHR does not have draft or approval statuses. The file is immediately marked as a published version (Version 1) upon import.
Import a BambooHR policy
Navigate to the Policy Center. A banner at the top of the page confirming BambooHR is the source for policy acknowledgment
Select the Import Policy button.
Enter policy details, such as the name, owner, and personnel groups, and confirm your selection.
Policy Ownership: Only policy owners can import or sync files with BambooHR.
Important note: Once imported, the policy will be immediately published in Drata as Version 1 (or the next version if updating), since BambooHR does not support draft or approval statuses.
Drata will run a daily sync to update policy acknowledgement data from BambooHR. When an employee completes a Bamboo document signature request, the signed document will be saved to the "Signed Documents" folder on the employee's profile. This is the folder from which Drata syncs acknowledgement data.
Some policies available in your external source may need to replace multiple Drata policy templates. For example, your Company Handbook may cover an Acceptable Use Policy, a Code of Conduct, and an Information Security Policy. In such cases, be sure that all of these policy templates are replaced by the new file imported from the external source (as seen in the screenshot below).
Removing an external file
You can still view a removed file. However, if you remove a file from your policy, you may not be able to update its status until a new, valid file is uploaded. The removal of an external policy does not impact the readiness of a mapped control and will remain linked to their mapped controls.
If Drata detects that a policy has been removed from an external service, the following alerts will appear:
Policy table Notification: A red banner will display at the top of the policy table to notify you about removed policies. The rows corresponding to these policies will also be marked in red for easy identification.
Policy Page Notification: On the specific policy page, a red banner will inform you that the policy requires a new file to proceed.
TROUBLESHOOTING
If you are running into an issue when attempting to import a BambooHR file, your file in BambooHR might be corrupted. To fix this, go to BambooHR and re-upload the file in BambooHR before trying to import it into Drata.