Skip to main content
All CollectionsPolicy Center
Managing External Policies from Confluence and Notion
Managing External Policies from Confluence and Notion

External Policy Management connection types consist of BambooHR, Confluence, Notion. Expand your policies by using one of these connections

Updated this week

Integrating external policy management connections such as BambooHR, Confluence, or Notion to Drata transforms the Policy Center into a centralized hub for managing your policy lifecycle.

This article explains how to manage and update Confluence and Notion policies in Drata. To learn about external policy management with BambooHR, refer to Using External Policies Housed in BambooHR.

Prerequisite

You can only connect one of these connections. If you do not have any of these connections, some of the features described in this page might not be applicable to you.

Important notes about confluence and notion:

  • If there are changes made in confluence or notion, you must manually re-import those policies into Drata.

  • Confluence only allows exporting the file as HTML. Formatting may not be preserved when viewing the policy in Drata. It is recommended to review the file in Drata to ensure the formatting meets your expectations.

  • Notion files cannot include database blocks or attachments.

Import a Policy into the Policy Center

When you import a policy file from an external platform (e.g., BambooHR, Confluence, or Notion) into Drata, it is automatically converted and saved as a PDF. This ensures a consistent, uneditable format is used for compliance tracking and audit purposes.

Go to the Policy Center and select the Import Policy button.

Enter policy details, such as the name, owner, and personnel groups, and confirm your selection.

On the Policy Center page, under External Sources, it will indicate Linked.

The linked file or policy is shown with My Drata for your personnel and can be a part of a download when referenced in controls or audit packages. In both cases, the linked file is converted into a PDF file which may change the original format.

Edit policy details

You can edit the policy details for a policy that has an External Source linked. To learn more, refer to Edit policy details.

Update your policy

  1. Go to the Policy Page in Drata. Select the policy that must be updated.

  2. You can either re-import a file or sync the new changes you made.

    • If you would like to import a new file:

      • Select Actions > Import file

    • If you would like to keep the same file, but sync the changes you made:

      • Select Actions > Sync changes.

  3. Finalize your draft.

  4. Publish the changes to ensure compliance.

Add missing or deleted external source files

On a daily basis, Autopilot verifies if all externally linked files or policies still exist in the system that you connected with. For example, if you connected the Confluence connection, each day autopilot verifies any files that are linked to a policy still exists on your Confluence system. ​If your remove a linked file within Confluence, the actions related like acknowledgements are still saved within Drata for compliance purposes. All imported files are saved as raw files within Drata for compliance purposes.

If the file that was linked to a policy is deleted, the Policy Center page notifies you with an information banner that there was a policy deleted and the External source column will indicate missing.

Removing a file

You can still view a removed file. However, if you remove a file from your policy, you may not be able to update its status until a new, valid file is uploaded. The removal of an external policy does not impact the readiness of a mapped control and will remain linked to their mapped controls.


If Drata detects that a policy has been removed from an external service, the following alerts will appear:

  • Policy table Notification: A red banner will display at the top of the policy table to notify you about removed policies. The rows corresponding to these policies will also be marked in red for easy identification. The following image showcase when a file is missing from BambooHR. A similar red banner will be displayed for Notion and Confluence.

  • Policy Page Notification: On the specific policy page, a red banner will inform you that the policy requires a new file to proceed. The following image showcase when a file is missing from BambooHR. A similar red banner will be displayed for Notion and Confluence.

Revert to the previous version after syncing

You can revert to the previous version in Drata.

Note: This action cannot be undone and if there are no newer modifications, this also means that the next time Autopilot runs, there is no information banner that indicates the externally linked file was updated.

Select if the changes are material changes or not.

  • If the changes are material changes, a new version is created and the policy owner must approve the changes. Once the policy owner approves the version, all the assigned personnel must acknowledge the policy on My Drata.

  • If the changes are not material changes, the version stays the same and the policy owner does not need to approve the changes.

Did this answer your question?