Skip to main content

Managing External Policies from Confluence and Notion

External Policy Management connection types consist of BambooHR, Confluence, Notion. Expand your policies by using one of these connections

Updated this week

You can connect Confluence or Notion to Drata to manage policies from an external system in one central location. This allows your team to maintain policy documentation in your preferred workspace while streamlining version control and audit-readiness within Drata.

To learn about external policy management with BambooHR, refer to Using External Policies Housed in BambooHR.

Prerequisite

To use this feature, connect either Confluence or Notion under External Policy Management Connections.

  • Only one connection can be active at a time.

  • If no connection is established, some features described in this article may not apply.

Important notes about confluence and notion:

  • If you make changes to a policy in your Confluence or Notion, you must either re-import the updated version or sync changes in Drata

  • Confluence allows exporting policy files in HTML format only. This may cause formatting differences. It is recommended to review imported files in Drata to confirm the formatting appears as expected.

  • Notion files cannot include database blocks or attachments.

Import a Policy into the Policy Center

When you import a policy from Confluence or Notion into Drata, it is automatically converted to a PDF. This read-only format ensures consistency and audit readiness.

To import a policy:

  1. Go to the Policy Center and select the Import Policy button.

  2. Enter policy details, such as the name, owner, and personnel groups, and confirm your selection.

Once imported, the policy is marked as Linked in the External Source column. The linked file also appears in My Drata and can also be included in audit package exports.

Editing Policy Details

You can edit policy metadata—such as the title, owner, or personnel groups—within Drata.To learn more, refer to Edit policy details

The policy file itself remains read-only in Drata. To update the file contents:

  1. Make the change in Confluence or Notion.

  2. Then sync the updated file into Drata.

Updating or Syncing Policies

To update a policy linked to Confluence or Notion:

  • If you made changes to the file in the external system, select Actions > Sync Changes to pull the latest version into Drata.

  • If you want to replace the file entirely, select Actions > Import File.

Then, finalize your draft and publish the changes to ensure the new version is live for personnel and compliance purposes.

Behavior When an Confluence or Notion connection is disconnected

When Confluence or Notion is dis-connected:

  • Policies continue to appear in the Policy Center.

  • Actions available are: Upload File or Author Policy.

When the connection is restored, the available policy actions depend on whether the policy was modified during the disconnected period.

  • If no changes were made while disconnected: Drata retains a reference to the original Confluence or Notion file associated with the policy. When the connection is restored, the system automatically re-establishes the link to that same external file existing in Confluence or Notion. This ensures the policy can resume syncing without requiring manual re-imports.

    • Import and Sync actions become available again.

    • When Autopilot runs, if it detects updates to the policy in Confluence or Notion, it will prompt you to sync the latest changes.

    • You can also sync by selecting Actions > Sync Changes from the policy page.

  • If new changes were made while disconnected: Drata does not restore the link to the previously connected file in Confluence or Notion, because the policy was modified locally during the disconnected period.

    • Import and Sync actions are not restored.

    • You can continue managing the policy locally using: Upload File or Author Policy.

    • To re-enable Import and Sync, you must re-import the policy from the Policy Center. This creates a new version linked to the external system. Simply reconnecting the integration does not restore Import and Sync for policies that were edited during disconnection.

Handling Missing or Deleted External Files

Drata uses Autopilot to verify the existence of externally linked policy files each day. If a file is removed from Confluence or Notion, the system will notify you through visual alerts in the Policy Center and on the policy detail page.

  • The External Source column will display Missing.

  • A red notification banner appears at the top of the policy table and The corresponding rows are highlighted to indicate the issue.

  • The example below shows a missing policy file from BambooHR, but the same style applies to Confluence and Notion.

  • On the individual policy page, a red information banner indicates that the linked file no longer exists in the external system.

Revert to the previous version after syncing

To revert to a previous version of a policy:

  • If the changes are considered material, a new major version is created and requires policy owner approval and personnel acknowledgement.

  • If the changes are not material, a minor version is created that does not require re-acknowledgement.

This action cannot be undone. Reverting does not trigger Autopilot sync unless further updates are detected.

Did this answer your question?