Skip to main content
External Policy Management

External Policy Management connection types consist of BambooHR, Confluence, Notion. Expand your policies by using one of these connections

Updated over 5 months ago

External Policy Integration is a type of connection in Drata. You can go to the Connections page and select External Policy Management as a filter to see all of the available external policy management connections. Connect one of the available connections to import policy documents to Drata so that we can run automated tests and collect evidence for your auditors to view.

The external policy management connections are the following.

You can only connect one of these connections. If you do not have any of these connections, some of the features described in this page might not be applicable to you.

Import a page or policy into Policy Center

Note: You cannot edit the content of the imported policy.

Note for Confluence: Confluence only allows exporting the file as html through an API. Formatting may not be preserved when viewing the policy in Drata.

Note for Notion: Ensure that the Notion pages do not contain database blocks and that the attachments with the Notion pages do not need to be synced. The database blocks and attachments are not synced.

Go to the Policy Center and select the Import Policy button.

You can enter the policy details like name, owner, personnel groups.

The External file section is where you can browse and import your policies based on the external policy management connection. Select Browse files under External file section and import the policies you would like.

The newly created policy is displayed on the Policy Center. If you imported a file then under the External Source column is marked as Linked.

The linked file or policy is shown with My Drata for your personnel and can be a part of a download when referenced in controls or audit packages. In both cases, the linked file is converted into a PDF file which may change the original format.

Edit policy details

You can edit the policy details for a policy that has an External Source linked.

Select the edit icon for a policy. In the Policy Builder, you can update the policy name, renewal date, owner, description, assigned personnel, and the policies that were replaced. Select Update Policy to save any changes.

Add missing or deleted external source files

On a daily basis, Autopilot verifies if all externally linked files or policies still exist in the system that you connected with. For example, if you connected the Confluence connection, each day autopilot verifies any files that are linked to a policy still exists on your Confluence system.

If the file that was linked to a policy is deleted, the Policy Center page notifies you with an information banner that there was a policy deleted and the External source column will indicate missing.

Select that policy and select Import New File to link a new external source. Enter the details for the new file you are importing.

Note: All imported files are saved as raw files within Drata for compliance purposes. The actions that relate to the imported files are also saved.

For example, if you linked a file from Confluence for one of your policies, but you removed that file within Confluence, the actions related like acknowledgements are still saved within Drata for compliance purposes.

Update a modified linked file in Drata

Note: Ensure to select Update Policy or Save changes button after you made changes. If you do not, your changes are not saved.

On a daily basis, Autopilot verifies if there are any modifications made on the linked file.

For example, if you linked a Confluence file to a policy and then made changes to that file within Confluence, the next day Autopilot will verify that there are changes made. The policy owner is notified through email that there have been modifications made or you can also go to Policy Center to see an information banner, notifying you a policy was modified.

To sync the changes, select Actions and then Sync file. You can also view the changes. Under the Policy details section, select the View modification history. A new tab is opened, comparing the version that was found in Drata with the one synced. If you connect to Confluence, a confluence tab is opened.

Revert to the previous version after syncing

You can revert to the previous version in Drata.

Note: This action cannot be undone and if there are no newer modifications, this also means that the next time Autopilot runs, there is no information banner that indicates the externally linked file was updated.

Select if the changes are material changes or not.

  • If the changes are material changes, a new version is created and the policy owner must approve the changes. Once the policy owner approves the version, all the assigned personnel must acknowledge the policy on My Drata.

  • If the changes are not material changes, the version stays the same and the policy owner does not need to approve the changes.

Did this answer your question?