# How it Works

The **Frameworks** section helps you enable and manage compliance standards within Sprinto. It breaks your compliance journey into clear steps—starting from framework selection and scope definition to control mapping and continuous monitoring.

<figure><img src="/files/dyR3tUMOM2sCtvTgX3gl" alt="" width="540"><figcaption></figcaption></figure>

#### Step 1: Enable a framework

* Navigate to **Compliance > Frameworks** from the left navigation.
* Choose from standard frameworks (such as SOC 2, ISO 27001, PCI DSS, or regional regulations) or create a custom framework.
* Once enabled, the framework appears on your dashboard with readiness indicators.

#### Step 2: Review criteria

* Each framework is organised into **criteria** representing specific compliance requirements.
* The scope status (**In scope** or **Not in scope**) determines whether the criterion applies to your organisation.
* Select a criterion to view its description and any linked controls.

#### Step 3: Map controls to criteria

* Controls are the actions, policies, or configurations that fulfil a criterion.
* You can map:
  * **Automated checks** – System-run checks to validate compliance (e.g., encryption enabled).
  * **Workflow checks** – Manual steps that require review or evidence from your team.
* The same control can be reused across multiple criteria in different frameworks.

#### Step 4: Manage scope

* Use the **Manage scope** option within a criterion to include or exclude it from your compliance plan.
* Exclude criteria that are not relevant to your business or regulatory requirements.

#### Step 5: Monitor progress

* Your framework readiness percentage updates as mapped controls pass verification.
* Automated checks run continuously, and workflow checks prompt assigned staff when action is needed.
* Failing checks are flagged for remediation to maintain readiness.

#### Step 6: Update control mappings

* To change control mappings, click **Manage** next to the mapped controls list in a criterion.
* Uncheck controls you want to unmap and save your changes.
* This flexibility helps align controls with evolving compliance requirements.

#### Step 7: Audit and reporting

* Export readiness reports for auditors or share them with stakeholders.
* Continuous monitoring ensures that compliance status remains transparent and up-to-date.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sprinto.com/compliance/frameworks/how-it-works.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.