All Collections
Policies
Using External Policies Housed in BambooHR
Using External Policies Housed in BambooHR
Dana Mauger avatar
Written by Dana Mauger
Updated over a week ago

HERE'S WHY

Though Drata can be used to create and manage policies, some companies already use another platform to manage, distribute and collect policies and acknowledgment. This feature allows you to designate an external source as the source of truth for policies and track user acknowledgment, so you don’t have to bring those users into Drata to gather that information.

BEFORE DIVING IN

  • This article covers syncing External Policies through BambooHR.

  • The policy syncing is a read-only integration, so you cannot utilize Drata for policy creation and expect it to sync with your BambooHR policies, the policies must be manually added in BambooHR.

  • To set up the connection, you must have BambooHR connected as an HRIS in Drata, this requires you to have the Admin role in Drata and be an admin in your BambooHR account.

  • Make sure that the original file, that is uploaded to BambooHR as a policy, has only one extension in its title (.pdf, .txt, etc.). Having multiple will result in an error when attempting to import to Drata from BambooHR.

  • Policy acknowledgement by end users happens in BambooHR. If and when these users log into My Drata, regardless of policies that have been assigned to them, they will not see a prompt to acknowledge any policies in My Drata.

HERE'S HOW

Connect an External Policy Integration

Go to the Connections page in Drata and select 'External Policy Management' in the side menu. Click 'Connect' on the BambooHR card.

When the drawer opens, set the 'Import Policies' toggle to 'ON' and then save the connection. click the save connection button at the bottom of the drawer and enter your BambooHR connection details to complete the Drata connection.

Once this is connected and active, navigate to the Policy Center. You will see the following:

  1. A banner at the top of the page confirming BambooHR is the source for policy acknowledgment

  2. Red bars indicating which policies in Drata still need to be linked to a policy in BambooHR or if they are currently in an unacceptable state

  3. The 'Import External Policy' button to link multiple Drata policies to a single BambooHR file at once.

To map a specific Drata policy template to file in BambooHR, select the edit icon and click the 'Import New File' button to open the file editor and then click the 'Choose File' button shown below to bring up the finder for the external policy.

Choose the BambooHR file that correlates to the policy template in Drata. Invalid file formats will be disabled and you will not be able to select them. Click the 'Import File' button to confirm the selection. This will import the file into Drata and use it as evidence of policy existence.

Drata will run a daily sync to update policy acknowledgement data from BambooHR. When an employee completes a Bamboo document signature request, the signed document will be saved to the "Signed Documents" folder on the employee's profile. This is the folder from which Drata syncs acknowledgement data.

Some policies available in your external source may need to replace multiple Drata policy templates. For example, your Company Handbook may cover an Acceptable Use Policy, a Code of Conduct, and an Information Security Policy. In such cases, be sure that all of these policy templates are replaced by the new file imported from the external source (as seen in the screenshot below).

TROUBLESHOOTING

If you are running into an issue when attempting to import a BambooHR file, your file in BambooHR might be corrupted. To fix this, go to BambooHR and re-upload the file in BambooHR before trying to import it into Drata.

Did this answer your question?