# How it Works

The **Frameworks** section helps you enable and manage compliance standards within Sprinto. It breaks your compliance journey into clear steps—starting from framework selection and scope definition to control mapping and continuous monitoring.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FscE4TpP5kwZa3Ro6p4RB%2FFrameworks.png?alt=media&#x26;token=63fb2324-cff4-4358-abb6-0b5c44bdf468" alt="" width="540"><figcaption></figcaption></figure>

#### Step 1: Enable a framework

* Navigate to **Compliance > Frameworks** from the left navigation.
* Choose from standard frameworks (such as SOC 2, ISO 27001, PCI DSS, or regional regulations) or create a custom framework.
* Once enabled, the framework appears on your dashboard with readiness indicators.

#### Step 2: Review criteria

* Each framework is organised into **criteria** representing specific compliance requirements.
* The scope status (**In scope** or **Not in scope**) determines whether the criterion applies to your organisation.
* Select a criterion to view its description and any linked controls.

#### Step 3: Map controls to criteria

* Controls are the actions, policies, or configurations that fulfil a criterion.
* You can map:
  * **Automated checks** – System-run checks to validate compliance (e.g., encryption enabled).
  * **Workflow checks** – Manual steps that require review or evidence from your team.
* The same control can be reused across multiple criteria in different frameworks.

#### Step 4: Manage scope

* Use the **Manage scope** option within a criterion to include or exclude it from your compliance plan.
* Exclude criteria that are not relevant to your business or regulatory requirements.

#### Step 5: Monitor progress

* Your framework readiness percentage updates as mapped controls pass verification.
* Automated checks run continuously, and workflow checks prompt assigned staff when action is needed.
* Failing checks are flagged for remediation to maintain readiness.

#### Step 6: Update control mappings

* To change control mappings, click **Manage** next to the mapped controls list in a criterion.
* Uncheck controls you want to unmap and save your changes.
* This flexibility helps align controls with evolving compliance requirements.

#### Step 7: Audit and reporting

* Export readiness reports for auditors or share them with stakeholders.
* Continuous monitoring ensures that compliance status remains transparent and up-to-date.