# Create an Audit (Plans 1 and 2) ### Prerequisites Before you begin: * You must have the **Admin** role in Sprinto. * Your compliance framework should be connected if you're creating an integrated audit. * Relevant zones and integrations should already be configured. *** ### Create an Audit These audits are pre-configured audits tied to a compliance framework (e.g. SOC 2, ISO 27001). These audits automatically map framework requirements to Sprinto’s control set. #### Steps: 1. **Navigate to** **Audits** from the left navigation menu. 2. **Click** **Plan new audit.** 3. **Fill in audit details** in the "Plan an audit" screen: * **Zone**: Select the operational zone the audit applies to (e.g. Pacific). * **Audit Type**: Choose **External** or **Internal**, depending on whether it’s conducted by an external auditor. * **Framework**: Select the applicable compliance framework (e.g. SOC 2). * **Standards for the framework**: Choose one or more control categories (e.g. Security, Confidentiality). {% hint style="info" %} Once the audit is created, the framework cannot be changed. {% endhint %}
4. **Set the evidence collection period**: * Select an **evidence collection start date** using the calendar picker. * Choose the **duration** (12, 6, or 3 months), or select **Custom** to define your own period. * The **end date** will automatically adjust based on your selection, and can be modified if needed.
5. **Click “Start Audit”** to generate the audit and proceed to the requirement mapping stage.
Custom Audit Drawer
*** ### Add Your Audit Requirements After you create your audit, you’ll land on the **Summary** page. At this stage, no requirements are linked to your audit. To begin defining the scope of what the audit will cover, you must add audit requirements. #### To Add Audit Requirements 1. On the **Summary** page, locate the **Requirements** panel. 2. Select **Add**.
3. In the side drawer, choose one of the following methods: #### Upload Your Requirements Use this method to upload your own list of audit requirements using a CSV file. **To Upload a CSV File** 1. In the drawer, select **Upload your requirements**. 2. Click Download CSV template to download the template. 3. Fill in the required details and upload the file into the uploader.
3. Review the uploaded requirements. * Sprinto displays a preview of the parsed file. * Any issues, such as missing fields or formatting errors, are shown with inline guidance.
4. Make necessary corrections if validation errors appear. 5. Select **Save** to confirm and import your requirements. {% hint style="info" %} You can upload additional files later or delete and re-upload files as needed. {% endhint %}
*** #### Add Requirements by Framework Criteria Use this method to select specific requirements from a compliance framework (for example, SOC 2 or ISO 27001). **To Add Framework-Based Requirements** 1. In the drawer, select **By framework criteria**. 2. Choose a framework and the applicable standards (such as Security or Confidentiality).
3. Use the search or scroll to locate the relevant criteria. 4. Select the checkboxes next to the requirements you want to include. 5. Select **Save** to confirm. {% hint style="info" %} Sprinto auto-populates framework-based requirements with instructions and metadata, where available. {% endhint %}
*** #### Add Requirements by Controls Use this method to convert existing controls into audit requirements. **To Use Existing Controls** 1. In the drawer, select **By controls**. 2. Choose a framework to filter available controls.
3. Tick the checkboxes next to the controls you want to convert. 4. Select **Add** to confirm. 5. Your selected controls are added as audit requirements with mapped descriptions. {% hint style="info" %} This method works best if your controls are already configured in Sprinto. {% endhint %}
### What’s Next? After creating the audit: * Monitor completion status via the Audit Dashboard. * Share access securely with auditors when you're ready.