Yes. If your organization prefers to use Notion for managing ISO 27001 documentation, you can move Instant 27001 content from Confluence to Notion using Notion’s Confluence import options.
The recommended starting point is Instant 27001 for Confluence. From there, you can decide whether to move the full space into Notion, or only move selected documents while keeping the core ISMS structure in Confluence.
Option 1: Full import into Notion
Using the Confluence API importer ↗️, you can connect to your Confluence instance and import a complete Confluence space into Notion.
This can be useful if your organization wants to manage the entire ISMS in Notion and accepts that some Confluence-specific functionality may not transfer one-to-one.
Known limitations
Confluence and Notion are not identical platforms. Some Instant 27001 functionality relies on Confluence features that may be converted or flattened during import.
Reports are converted to plain text
Some reports, such as the Risk Overview and Risk Treatment Plan, are included for convenience. However, the Statement of Applicability is a required ISO 27001 document and must remain accurate.
After a full import into Notion, the Statement of Applicability needs to be maintained manually. For example, if you decide to exclude one or more Annex A controls, you need to update both the individual control page and the Statement of Applicability by hand.
Embedded snippets are converted to plain text
Instant 27001 uses snippets for reusable pieces of text, such as explanations or instructions that are included in multiple pages.
After import into Notion, these snippets are no longer shared reusable elements. They become plain text on the pages where they were imported. This means later changes to a snippet will not automatically update all places where that text appears.
Option 2: Import selected documents into Notion
You can also use Notion’s Confluence file import ↗️ option to import only part of the Confluence space.
This is often the most practical approach if your organization wants a hybrid setup:
- Keep risks, controls and ISMS administration in Confluence
- Move policies and procedures to Notion for broader internal access
After the import, you only need to adjust the relevant links in Confluence so they point to the corresponding Notion pages.
💡 A practical shortcut is to replace the content of the original Confluence document pages with a simple link, for example:
Click here to view this document in Notion
That way, you do not need to edit every control page individually.
Recommended approach
For most organizations, the hybrid approach is the better fit.
It keeps the administrative and audit-sensitive parts of the ISMS in Confluence, where Instant 27001 was designed to work. At the same time, it allows your wider team to access commonly used policies and procedures in Notion, if that is where they already work.
This gives you the best of both worlds:
- a structured, pre-built ISMS in Confluence
- practical document access in Notion
- fewer limitations from the import process
- less manual maintenance of risks, controls and the Statement of Applicability
Not sure which setup fits?
Start with a full import into Notion as a test, but leave the original Confluence space unchanged.
That gives you a safe fallback. You can explore whether Notion works for your team, while keeping the original Instant 27001 setup in Confluence available for managing risks, controls and audit preparation.