Yes. If your organization uses Google Workspace, you can make selected Instant 27001 documents available through Google Docs or Google Sites.
The recommended starting point is Instant 27001 for Confluence. Confluence remains the best place to manage the structure of the ISMS, including risks, controls, responsibilities, reports and audit preparation. Google Workspace can then be used as a practical access layer for the wider organization.
For most organizations, the best approach is a hybrid setup:
- Use Confluence to manage the ISMS structure
- Use Confluence for risks, controls and audit-sensitive administration
- Publish selected policies and procedures in Google Docs or Google Sites
- Link from Confluence to the Google Workspace version of each document
This keeps the core ISMS controlled and auditable, while making frequently used documents available in an environment your team already knows.
Option 1: Publish selected documents in Google Docs
If your team prefers Google Docs for day-to-day document access, you can copy or export selected Instant 27001 documents from Confluence and recreate them as Google Docs.
This is especially useful for policies and procedures that need to be read, reviewed or discussed by a wider internal audience.
💡After creating the Google Docs version, you can replace the corresponding Confluence page content with a simple link, for example:
Click here to view this document in Google Docs
That way, controls and ISMS administration can still refer to the right document, while the actual document is maintained in Google Docs.
Option 2: Publish selected documents in Google Sites
Google Sites can be useful if you want to create a simple internal ISMS portal for employees.
In this setup, Confluence remains the working environment for the ISO 27001 team, while Google Sites is used to present selected documents, policies and practical guidance to the wider organization.
This can work well for documents such as:
- Information security policy
- Mobile device policy
- Access control procedure
- Incident reporting instructions
- Supplier security instructions
- Employee-facing awareness content
Google Sites is best used as a publishing layer. It should not replace the controlled ISMS administration in Confluence.
Option 3: Publish PDF versions in Google Drive
A third option is to keep managing the ISMS documents in Confluence, and publish PDF versions in Google Drive.
This is often the cleanest Google Workspace setup.
In this approach, Confluence remains the controlled working environment for the ISO 27001 team. Policies, procedures, risks, controls, reports and audit preparation stay in the original Instant 27001 space.
Google Drive is then used only as a publication layer for the wider organization.
For example, you can:
- Maintain the Information security policy in Confluence
- Export the approved version as a PDF
- Publish that PDF in a shared Google Drive folder
- Give employees read-only access to the published PDF
- Link from Confluence to the published PDF where needed
This keeps ownership, version control and audit preparation in Confluence, while still making key documents easy to access for employees who mainly work in Google Workspace.
Why this is often the best Google Workspace option
Publishing PDFs in Google Drive avoids many of the limitations of copying or recreating documents in Google Docs or Google Sites.
The main advantages are:
- The controlled source remains in Confluence
- Employees get simple read-only access through Google Drive
- Documents are not accidentally changed outside the ISMS process
- Formatting stays stable
- Approved versions can be shared without exposing the full ISMS workspace
- Risks, controls and the Statement of Applicability remain managed in Confluence
This approach is especially useful for employee-facing documents, such as policies and procedures.
Why we do not recommend a full migration to Google Docs or Google Sites
Google Workspace is excellent for collaboration and document access, but it is not a direct replacement for Confluence as an ISMS workspace. A full migration may lead to practical limitations:
Reports will become manual
Instant 27001 includes structured pages and reports for managing the ISMS. If these are moved into Google Docs or Google Sites, they will lose their original structure and need to be maintained manually. This is especially important for the Statement of Applicability, which must remain accurate and audit-ready.
Reusable content will no longer stay reusable
Some Instant 27001 content is designed to be reused across multiple pages. If this content is copied into Google Docs or Google Sites, it will become static text. That means later updates need to be managed manually in every place where the text appears.
Risks and controls are harder to manage
Google Docs and Google Sites are not designed for managing structured ISMS administration, such as risks, controls, implementation status, responsibilities and audit preparation.
For these reasons, we recommend keeping those parts in Confluence.
Best practical approach
For most Google Workspace organizations, the best setup is:
- Start with Instant 27001 for Confluence.
- Keep risks, controls, reports and ISMS administration in Confluence.
- Move or publish only selected policies and procedures in Google Docs or Google Sites.
- Replace the relevant Confluence document pages with links to the Google Workspace versions.
- Keep the original Confluence space available as the controlled ISMS backbone.
This gives your team practical access through Google Workspace, without losing the structure and audit-readiness of Instant 27001.