# How it Works

Sprinto enables you to collect, upload, organise, and review evidence files that support your organisation’s compliance with various security frameworks.

Evidence can be:

* Collected automatically by Sprinto’s platform
* Uploaded manually by users
* Submitted in response to evidence requests
* Added through workflow checks or policy artefacts

Each evidence item is versioned, searchable, and can be linked to controls or audit requirements.

***

### Types of evidence in Sprinto

<table><thead><tr><th width="173.0859375">Evidence type</th><th>Description</th></tr></thead><tbody><tr><td><strong>Automated</strong></td><td>Collected directly via Sprinto’s integrations. No manual input is required.</td></tr><tr><td><strong>Uploaded</strong></td><td>Added manually by users. Can include metadata and be mapped to controls.</td></tr><tr><td><strong>Workflow</strong></td><td>Generated from workflow checks configured within Sprinto.</td></tr><tr><td><strong>Evidence requested</strong></td><td>Submitted by stakeholders in response to a request.</td></tr><tr><td><strong>Policy</strong></td><td>Generated automatically when a policy document is uploaded or linked.</td></tr></tbody></table>

***

### Evidence lifecycle in Sprinto

#### Step 1: Add or request evidence

* **Upload manually** by clicking **Upload evidence** and selecting files or links.
* **Request evidence** from stakeholders via the **Request evidence** button.
* **Upload in bulk** using the multi-file upload feature, assigning metadata in one go.

> Each uploaded file becomes an individual evidence item with its own metadata and version history.

***

#### Step 2: Assign metadata

After uploading, you can assign metadata such as:

* **Evidence name**
* **Identifier** (auto-generated, e.g. `EVD-001`)
* **Evidence group** (e.g. by audit, department, or control)
* **Evidence collected date**
* **Custom fields** (e.g. department, file type, owner)

You can assign metadata:

* **Individually**, via the evidence drawer
* **In bulk**, via multi-select actions in the table

***

#### Step 3: Map to controls or audits

* Optionally associate each evidence item with one or more **controls**.
* During audit preparation, attach evidence to specific **audit requirements**.

{% hint style="info" %}
Evidence can be reused across multiple audits and controls.
{% endhint %}

***

#### Step 4: Review and version

* For evidence requests, enable **Review required** and assign a reviewer.
* Reviewers can accept or ask for a re-upload.
* To update a file, use the **Update evidence** option — Sprinto will create a new version while preserving the previous one.

***

#### Step 5: Track and manage

Use the **Evidences dashboard** to:

* Filter by evidence type, status, or custom metadata
* View and manage version history
* Edit metadata inline or through the evidence drawer
* Archive or bulk update active evidence

***

### Restrictions and best practices

* **Evidence cannot be updated** if the associated audit is marked as complete.
* **Archived evidence** cannot be edited or updated in bulk.
* Use clear and consistent evidence group names to organise files efficiently.
* Maintain metadata hygiene for easier filtering and reporting.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sprinto.com/audits/evidences/how-it-works.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.