Ctrlk
Sprinto DashboardAPI Reference

AI Systems

Learn how Sprinto’s AI Systems module helps organisations discover, manage, and govern AI systems using risk assessments, due diligence, and Shadow AI monitoring.

AI Systems is a dedicated governance module within Sprinto’s Data Library that helps organisations discover, manage, assess, and monitor AI systems used across the organisation.

As AI adoption grows, organisations must maintain visibility into how AI systems are being used, what risks they introduce, and whether they comply with internal security policies and emerging AI governance frameworks.

The AI Systems module provides a centralised inventory for managing:

  • Internal AI systems developed within the organisation

  • Third-party AI tools and services used by teams

  • Shadow AI usage discovered across the organisation

  • AI-specific risk assessments and governance workflows

  • Security due diligence and vendor reviews

  • AI policy violations and remediation tracking

AI Systems extends Sprinto’s existing vendor governance infrastructure with AI-specific capabilities such as model tracking, AI risk scoring, Shadow AI discovery, AI system questionnaires, and AI-focused compliance workflows.

Note

AI Systems is currently available as an on-demand feature. Contact Sprinto Support to raise a request and get this feature enabled for your organisation.

Why AI Governance Matters

AI systems introduce unique operational, security, privacy, and compliance risks that traditional vendor management workflows may not fully address.

Organisations increasingly need to:

  • Maintain an inventory of AI systems used across teams

  • Identify unauthorised or unreviewed AI usage

  • Assess AI-related privacy and security risks

  • Review AI vendors and supporting evidence

  • Monitor violations involving sensitive data exposure

  • Demonstrate AI governance maturity during audits

The AI Systems module helps organisations operationalise these workflows through a single governance workspace.

Supported AI Governance Frameworks

AI Systems supports governance workflows aligned with commonly adopted AI governance and compliance frameworks, including:

  • ISO 42001

  • EU AI Act

  • NIST AI Risk Management Framework (AI RMF)

The module includes configurable risk scoring, due diligence workflows, evidence collection, and monitoring capabilities that support AI governance and audit readiness.

AI System Types

Sprinto supports two types of AI systems.

Internal AI Systems

Internal AI systems are AI applications, models, or services developed and managed within your organisation.

Examples include:

  • Internal AI copilots

  • Custom LLM integrations

  • Internal automation workflows

  • Proprietary machine learning systems

Internal AI systems are managed without linking an external vendor.

Third-party AI Systems

Third-party AI systems are externally provided AI platforms, tools, or services used by your organisation.

Examples include:

  • ChatGPT Enterprise

  • Claude

  • Gemini

  • AI-enabled SaaS tools

  • Vendor-hosted AI platforms

Third-party AI systems can be linked to vendors for due diligence, security reviews, and document request workflows.

Key Capabilities

The AI Systems module includes the following core capabilities.

AI System Inventory

Maintain a central inventory of AI systems used across the organisation.

You can:

  • Add internal and third-party AI systems

  • Track owners and stakeholders

  • Associate vendors with AI systems

  • Capture AI-specific metadata

  • Configure custom fields

  • Monitor lifecycle stages

Shadow AI Discovery

Sprinto can automatically discover unmanaged or unapproved AI usage across the organisation.

The Shadow AI section helps you:

  • Detect AI applications used by employees

  • Review associated users

  • Review risk classifications

  • Identify AI policy violations

  • Add discovered systems into the governed inventory

AI Risk Assessment

AI Systems includes configurable AI-specific risk assessment workflows.

You can:

  • Evaluate AI risk factors

  • Configure scoring thresholds

  • Assign AI risk levels

  • Review risk posture across systems

  • Maintain periodic risk assessments

Risk scoring supports governance workflows aligned with AI governance frameworks such as ISO 42001.

Due Diligence and Security Reviews

Sprinto supports AI vendor due diligence workflows for collecting and reviewing security documentation.

You can:

  • Request documents from vendors

  • Upload supporting evidence

  • Send questionnaires

  • Review compliance artefacts

  • Generate AI-assisted findings

  • Track due diligence completion

Security Questionnaires

The AI Systems module supports reusable AI security questionnaires.

You can:

  • Create questionnaires using CSV templates

  • Recommend questionnaires by framework or risk level

  • Send questionnaires to vendors

  • Track submissions and responses

  • Maintain audit-ready evidence

Violations Monitoring

Sprinto can monitor and surface AI-related violations involving:

  • Personally identifiable information (PII)

  • Protected health information (PHI)

  • Legal or contractual information

  • Sensitive organisational data

Violations are mapped to:

  • AI systems

  • Users

  • Severity levels

  • Detection timestamps

Findings and Tasks

AI governance workflows often require remediation and operational follow-up.

Sprinto allows teams to:

  • Create findings

  • Upload supporting evidence

  • Assign remediation tasks

  • Track due dates and ownership

  • Monitor issue resolution

Main Tabs in AI Systems

The AI Systems module contains the following main tabs.

Tab
Purpose

Added AI Systems

Displays all governed AI systems in the organisation

Shadow AI

Displays automatically discovered AI usage

Violations

Displays AI-related policy and compliance violations

Questionnaire

Manages AI security questionnaires

Configuration

Configures AI governance settings and workflows

AI System Lifecycle in Sprinto

AI governance in Sprinto typically follows the lifecycle below:

  1. Discover or add an AI system

  2. Classify the AI system

  3. Assign owners and stakeholders

  4. Assess AI-related risk

  5. Perform vendor due diligence if required

  6. Upload documents and questionnaires

  7. Monitor violations and findings

  8. Track remediation tasks

  9. Periodically review governance posture

This lifecycle helps organisations maintain continuous oversight of AI systems across their environment.

Relationship Between AI Systems and Vendors

AI Systems extends Sprinto’s existing vendor governance workflows.

For third-party AI systems, organisations can:

  • Associate vendors with AI systems

  • Reuse due diligence workflows

  • Request compliance documents

  • Send questionnaires

  • Track vendor risk and evidence

This enables consistent governance workflows across both vendors and AI systems.

AI-specific Metadata Supported

AI Systems supports AI-focused metadata fields including:

  • AI models used

  • Use case

  • Business objective

  • Deployment geography

  • Stakeholders

  • Vendors

  • Owners

  • Lifecycle stage

  • Custom AI fields

These attributes help organisations maintain structured AI governance records.

Monitoring and Governance Workflows

Sprinto continuously supports governance monitoring through:

  • Risk scoring

  • Due diligence tracking

  • Violations monitoring

  • Findings management

  • Task tracking

  • Shadow AI discovery

  • Monitor-based workflows

This helps organisations maintain visibility into AI governance activities and compliance posture.

Related Information

PreviousData Protection Impact Assessment (DPIA)NextHow AI Systems Work

Last updated