search
Sprinto DashboardAPI Reference

How it Works

Understand how Sprinto’s Frameworks section works, from enabling a framework to monitoring compliance readiness.

The Frameworks section helps you enable and manage compliance standards within Sprinto. It breaks your compliance journey into clear steps—starting from framework selection and scope definition to control mapping and continuous monitoring.

hashtag
Step 1: Enable a framework

  • Navigate to Compliance > Frameworks from the left navigation.

  • Choose from standard frameworks (such as SOC 2, ISO 27001, PCI DSS, or regional regulations) or create a custom framework.

  • Once enabled, the framework appears on your dashboard with readiness indicators.

hashtag
Step 2: Review criteria

  • Each framework is organised into criteria representing specific compliance requirements.

  • The scope status (In scope or Not in scope) determines whether the criterion applies to your organisation.

  • Select a criterion to view its description and any linked controls.

hashtag
Step 3: Map controls to criteria

  • Controls are the actions, policies, or configurations that fulfil a criterion.

  • You can map:

    • Automated checks – System-run checks to validate compliance (e.g., encryption enabled).

    • Workflow checks – Manual steps that require review or evidence from your team.

  • The same control can be reused across multiple criteria in different frameworks.

hashtag
Step 4: Manage scope

  • Use the Manage scope option within a criterion to include or exclude it from your compliance plan.

  • Exclude criteria that are not relevant to your business or regulatory requirements.

hashtag
Step 5: Monitor progress

  • Your framework readiness percentage updates as mapped controls pass verification.

  • Automated checks run continuously, and workflow checks prompt assigned staff when action is needed.

  • Failing checks are flagged for remediation to maintain readiness.

hashtag
Step 6: Update control mappings

  • To change control mappings, click Manage next to the mapped controls list in a criterion.

  • Uncheck controls you want to unmap and save your changes.

  • This flexibility helps align controls with evolving compliance requirements.

hashtag
Step 7: Audit and reporting

  • Export readiness reports for auditors or share them with stakeholders.

  • Continuous monitoring ensures that compliance status remains transparent and up-to-date.

PreviousFrameworksNextDashboard Actions

Last updated