⚠️ Select your experience
The steps depend on your interface version. Select a link to skip to the instructions for your version.
Customers who joined Drata on or after Feb 24, 2026 are automatically on the New Experience.
Instructions for the New Experience ⬇️
When you use Confluence or Notion as your external policy manager:
Policy content is authored and edited in Confluence or Notion
Drata stores a read-only PDF copy for audit purposes
Policy metadata (title, owner, personnel groups) is managed in Drata
Acknowledgment behavior follows Drata-managed policy rules, not external acknowledgment
You must manually sync or re-import changes made externally
Prerequisites
Confluence or Notion is connected to Drata.
Only one external policy connection can be active at a time
Important limitations
Changes made in Confluence or Notion are not automatically synced. You must sync or re-import the policy in Drata.
Confluence exports policies in HTML format only, which may cause formatting differences when converted to PDF. Review imported files in Drata.
Notion policies cannot include database blocks or attachments.
Import a policy from Confluence or Notion
When you import a policy, Drata converts the file to a read-only PDF to ensure consistency and audit readiness.
Open Policies
Select Import policy.
Enter the policy details: Policy name, Policy owner, Personnel groups
Confirm your selection.
Edit policy
To update policy content:
Make changes in Confluence or Notion.
Sync or re-import the updated file into Drata.
To update a policy linked to Confluence or Notion:
If you edited the policy in the external system, select Actions → Sync changes to pull the latest version.
If you want to replace the file entirely, select Actions → Import file.
Behavior when the connection is disconnected
If the Confluence or Notion connection is disconnected, policies continue to appear in the Policy Center. When the connection is restored and no changes were made while disconnected, Drata retains the reference to the original external file and Import and Sync actions become available again.
Instructions for the Classic Experience ⬇️
You can connect Confluence or Notion to Drata to manage policies from an external system in one central location. This allows your team to maintain policy documentation in your preferred workspace while streamlining version control and audit-readiness within Drata.
To learn about external policy management with BambooHR, refer to Using External Policies Housed in BambooHR.
Prerequisite
To use this feature, connect either Confluence or Notion under External Policy Management Connections.
Only one connection can be active at a time.
If no connection is established, some features described in this article may not apply.
Important notes about Confluence and Notion:
If you make changes to a policy in your Confluence or Notion, you must either re-import the updated version or sync changes in Drata
Confluence allows exporting policy files in HTML format only. This may cause formatting differences. It is recommended to review imported files in Drata to confirm the formatting appears as expected.
Notion files cannot include database blocks or attachments.
Import a Policy into the Policy Center
When you import a policy from Confluence or Notion into Drata, it is automatically converted to a PDF. This read-only format ensures consistency and audit readiness.
To import a policy:
Go to the Policy Center and select the Import Policy button.
Enter policy details, such as the name, owner, and personnel groups, and confirm your selection.
Editing Policy Details
You can edit policy metadata—such as the title, owner, or personnel groups—within Drata. The policy file itself remains read-only in Drata. To update the file contents, make the change in Confluence or Notion, then sync the updated file into Drata.
Handling Missing or Deleted External Files
Drata uses Autopilot to verify the existence of externally linked policy files each day. If a file is removed from Confluence or Notion, the External Source column will display Missing and a red notification banner appears at the top of the policy table.