Sprinto Dashboard

Create an Audit (Plans 1 and 2)

Learn how to create audits in Sprinto, define audit periods, and add requirements with ease.

Prerequisites

Before you begin:

  • You must have the Admin role in Sprinto.

  • Your compliance framework should be connected if you're creating an integrated audit.

  • Relevant zones and integrations should already be configured.

Create an Audit

These audits are pre-configured audits tied to a compliance framework (e.g. SOC 2, ISO 27001). These audits automatically map framework requirements to Sprinto’s control set.

Steps:

  1. Navigate to Audits from the left navigation menu.

  2. Click Plan new audit.

  3. Fill in audit details in the "Plan an audit" screen:

    • Zone: Select the operational zone the audit applies to (e.g. Pacific).

    • Audit Type: Choose External or Internal, depending on whether it’s conducted by an external auditor.

    • Framework: Select the applicable compliance framework (e.g. SOC 2).

    • Standards for the framework: Choose one or more control categories (e.g. Security, Confidentiality).

Once the audit is created, the framework cannot be changed.

  1. Set the evidence collection period:

    • Select an evidence collection start date using the calendar picker.

    • Choose the duration (12, 6, or 3 months), or select Custom to define your own period.

    • The end date will automatically adjust based on your selection, and can be modified if needed.

  1. Click “Start Audit” to generate the audit and proceed to the requirement mapping stage.

Custom Audit Drawer

Add Your Audit Requirements

After you create your audit, you’ll land on the Summary page. At this stage, no requirements are linked to your audit.

To begin defining the scope of what the audit will cover, you must add audit requirements.

To Add Audit Requirements

  1. On the Summary page, locate the Requirements panel.

  2. Select Add.

  1. In the side drawer, choose one of the following methods:

Upload Your Requirements

Use this method to upload your own list of audit requirements using a CSV file.

To Upload a CSV File

  1. In the drawer, select Upload your requirements.

  2. Click Download CSV template to download the template.

  3. Fill in the required details and upload the file into the uploader.

  1. Review the uploaded requirements.

    • Sprinto displays a preview of the parsed file.

    • Any issues, such as missing fields or formatting errors, are shown with inline guidance.

  1. Make necessary corrections if validation errors appear.

  2. Select Save to confirm and import your requirements.

You can upload additional files later or delete and re-upload files as needed.

Add Requirements by Framework Criteria

Use this method to select specific requirements from a compliance framework (for example, SOC 2 or ISO 27001).

To Add Framework-Based Requirements

  1. In the drawer, select By framework criteria.

  2. Choose a framework and the applicable standards (such as Security or Confidentiality).

  1. Use the search or scroll to locate the relevant criteria.

  2. Select the checkboxes next to the requirements you want to include.

  3. Select Save to confirm.

Sprinto auto-populates framework-based requirements with instructions and metadata, where available.

Add Requirements by Controls

Use this method to convert existing controls into audit requirements.

To Use Existing Controls

  1. In the drawer, select By controls.

  2. Choose a framework to filter available controls.

  1. Tick the checkboxes next to the controls you want to convert.

  2. Select Add to confirm.

  3. Your selected controls are added as audit requirements with mapped descriptions.

This method works best if your controls are already configured in Sprinto.

What’s Next?

After creating the audit:

  • Monitor completion status via the Audit Dashboard.

  • Share access securely with auditors when you're ready.

PreviousDashboard ActionsNextCreate an Audit (Plans 3 and 4)

Last updated