# Frameworks

### Overview

The **Frameworks** section in Sprinto enables you to implement and manage compliance requirements by mapping them to operational and security controls. Frameworks act as a structured compliance blueprint, ensuring that your organisation meets regulatory, industry, and customer expectations.

In Sprinto, frameworks can be global standards (e.g., SOC 2, ISO 27001), regional regulations, or custom frameworks specific to your business. Each framework is divided into criteria, which are linked to controls, automated checks, and workflow checks to ensure continuous compliance.

By aligning your operations to a framework, you can:

* Demonstrate adherence to industry or regional compliance requirements.
* Streamline evidence collection and monitoring activities.
* Reduce duplication by mapping a single control to multiple frameworks.
* Maintain readiness for audits and customer security assessments.

Here's a short video giving a brief Overview of Compliance.

{% embed url="<https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FJ4g7U4QhBQbkQQWZ1s3M%2FCompliance%20Module%20Overview.mp4?alt=media&token=d2a3e09d-92ae-409a-b63e-e4de83adf100>" %}

### Key Features

<table><thead><tr><th width="271.6796875">Feature</th><th>Description</th></tr></thead><tbody><tr><td><strong>Multiple framework support</strong></td><td>Enable and manage multiple frameworks simultaneously, including industry standards and custom requirements.</td></tr><tr><td><strong>Criteria and control mapping</strong></td><td>Map individual criteria to relevant controls for efficient compliance alignment.</td></tr><tr><td><strong>Automated and workflow checks</strong></td><td>Link criteria to system-verified checks and manual workflows to ensure continuous monitoring.</td></tr><tr><td><strong>Scope management</strong></td><td>Define which criteria are in or out of scope to streamline compliance efforts.</td></tr><tr><td><strong>Real-time readiness tracking</strong></td><td>Monitor percentage completion for each framework.</td></tr><tr><td><strong>Control reuse</strong></td><td>Map a single control to multiple frameworks to avoid redundant configuration.</td></tr></tbody></table>

### Use Cases

<table><thead><tr><th width="266.140625">Use case</th><th>Example</th></tr></thead><tbody><tr><td><strong>Audit preparation</strong></td><td>Map SOC 2 criteria to controls and track completion to achieve audit readiness.</td></tr><tr><td><strong>Multi-standard compliance</strong></td><td>Use the same control to meet both ISO 27001 and PCI DSS requirements.</td></tr><tr><td><strong>Regional compliance alignment</strong></td><td>Implement a local data protection framework alongside global security standards.</td></tr><tr><td><strong>Policy-driven control mapping</strong></td><td>Link organisational policies to relevant framework criteria for better traceability.</td></tr></tbody></table>