# Overview

Sprinto’s **Audit** module empowers your organisation to manage audits confidently and systematically. Whether you're undergoing a compliance audit, internal assessment, or external review, the Audits section centralises all related activities—enabling InfoSec teams, auditors, and business stakeholders to collaborate effectively.

This module supports both **partner audits**, which are linked to specific frameworks (such as SOC 2, ISO 27001, or GDPR), and **custom audits**, which can be tailored to suit internal policies or third-party requests.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FRdg0WZmR0GM6xqFvqItt%2FAudits-%20with%20zones.jpg?alt=media&#x26;token=50d5e381-4c4b-4284-a30e-538c5610a812" alt="" width="563"><figcaption></figcaption></figure>

***

### Key Benefits

* **Streamlined management** of audit tasks, deadlines, and responsibilities.
* **Real-time visibility** into audit progress and evidence collection.
* **Automated documentation** and reporting, reducing manual overhead.
* **Seamless auditor collaboration**, with granular access control.
* **Integrated with controls and evidence** across your systems via Sprinto’s compliance engine.

***

### Types of Audits in Sprinto

<table><thead><tr><th width="140.84765625">Audit Type</th><th>Description</th></tr></thead><tbody><tr><td><strong>Partner Audit</strong></td><td>Tied to a compliance framework (e.g. SOC 2, ISO 27001). Uses pre-defined requirements mapped to controls.</td></tr><tr><td><strong>Custom Audit</strong></td><td>Flexible audit setup, allowing you to define your own checklist or respond to ad hoc auditor requests.</td></tr></tbody></table>

{% hint style="info" %}
You can access **Custom Audits** only if you are on **Plan 3 or Plan 4**. Users on **Plan 1 or Plan 2** have access to **Partner Audits** only.
{% endhint %}

***

### Core Components

<table><thead><tr><th width="177.5390625">Component</th><th>Description</th></tr></thead><tbody><tr><td><strong>Audit Events</strong></td><td>Instances that represent a scheduled audit (e.g. “SOC 2 Type II – Q1 2025”).</td></tr><tr><td><strong>Evidence Collection</strong></td><td>The process of uploading, verifying, and mapping documents to audit requirements.</td></tr><tr><td><strong>Tasks</strong></td><td>Assigned action items for evidence owners and stakeholders.</td></tr><tr><td><strong>Audit Dashboard</strong></td><td>A visual interface that provides a high-level view of audit progress and status.</td></tr><tr><td><strong>Lifecycle Reporting</strong></td><td>Insights into audit stages, completion rates, and findings to support internal reviews and board reporting.</td></tr></tbody></table>

***

### Use Cases

<table><thead><tr><th width="323.33984375">Scenario</th><th>How Sprinto Audits Help</th></tr></thead><tbody><tr><td>Preparing for a scheduled SOC 2 audit</td><td>Use the integrated audit workflow to track evidence, manage tasks, and collaborate with your auditor.</td></tr><tr><td>Responding to a customer security assessment</td><td>Create a custom audit event and upload specific documents requested by the customer.</td></tr><tr><td>Running internal policy audits</td><td>Configure a custom audit to validate internal controls and processes periodically.</td></tr><tr><td>Managing multi-framework compliance audits</td><td>Conduct and track audits across frameworks like ISO, HIPAA, and GDPR in a centralised manner.</td></tr><tr><td>Tracking audit outcomes and stakeholder tasks</td><td>Monitor progress, assign responsibilities, and generate reports for leadership and board presentations.</td></tr></tbody></table>

***

### When to Use the Audit Module

Use the Audit module when:

* You’re preparing for a framework-based audit like SOC 2 or ISO 27001.
* You need to conduct internal audits for governance and risk management.
* A customer or third party requests evidence or assessment documentation.
* You want to track the status of ongoing and completed audits in one place.