# How it Works

Sprinto enables you to collect, upload, organise, and review evidence files that support your organisation’s compliance with various security frameworks.

Evidence can be:

* Collected automatically by Sprinto’s platform
* Uploaded manually by users
* Submitted in response to evidence requests
* Added through workflow checks or policy artefacts

Each evidence item is versioned, searchable, and can be linked to controls or audit requirements.

***

### Types of evidence in Sprinto

<table><thead><tr><th width="173.0859375">Evidence type</th><th>Description</th></tr></thead><tbody><tr><td><strong>Automated</strong></td><td>Collected directly via Sprinto’s integrations. No manual input is required.</td></tr><tr><td><strong>Uploaded</strong></td><td>Added manually by users. Can include metadata and be mapped to controls.</td></tr><tr><td><strong>Workflow</strong></td><td>Generated from workflow checks configured within Sprinto.</td></tr><tr><td><strong>Evidence requested</strong></td><td>Submitted by stakeholders in response to a request.</td></tr><tr><td><strong>Policy</strong></td><td>Generated automatically when a policy document is uploaded or linked.</td></tr></tbody></table>

***

### Evidence lifecycle in Sprinto

#### Step 1: Add or request evidence

* **Upload manually** by clicking **Upload evidence** and selecting files or links.
* **Request evidence** from stakeholders via the **Request evidence** button.
* **Upload in bulk** using the multi-file upload feature, assigning metadata in one go.

> Each uploaded file becomes an individual evidence item with its own metadata and version history.

***

#### Step 2: Assign metadata

After uploading, you can assign metadata such as:

* **Evidence name**
* **Identifier** (auto-generated, e.g. `EVD-001`)
* **Evidence group** (e.g. by audit, department, or control)
* **Evidence collected date**
* **Custom fields** (e.g. department, file type, owner)

You can assign metadata:

* **Individually**, via the evidence drawer
* **In bulk**, via multi-select actions in the table

***

#### Step 3: Map to controls or audits

* Optionally associate each evidence item with one or more **controls**.
* During audit preparation, attach evidence to specific **audit requirements**.

{% hint style="info" %}
Evidence can be reused across multiple audits and controls.
{% endhint %}

***

#### Step 4: Review and version

* For evidence requests, enable **Review required** and assign a reviewer.
* Reviewers can accept or ask for a re-upload.
* To update a file, use the **Update evidence** option — Sprinto will create a new version while preserving the previous one.

***

#### Step 5: Track and manage

Use the **Evidences dashboard** to:

* Filter by evidence type, status, or custom metadata
* View and manage version history
* Edit metadata inline or through the evidence drawer
* Archive or bulk update active evidence

***

### Restrictions and best practices

* **Evidence cannot be updated** if the associated audit is marked as complete.
* **Archived evidence** cannot be edited or updated in bulk.
* Use clear and consistent evidence group names to organise files efficiently.
* Maintain metadata hygiene for easier filtering and reporting.