# AI Systems AI Systems is a dedicated governance module within Sprinto’s Data Library that helps organisations discover, manage, assess, and monitor AI systems used across the organisation. As AI adoption grows, organisations must maintain visibility into how AI systems are being used, what risks they introduce, and whether they comply with internal security policies and emerging AI governance frameworks. The AI Systems module provides a centralised inventory for managing: * Internal AI systems developed within the organisation * Third-party AI tools and services used by teams * Shadow AI usage discovered across the organisation * AI-specific risk assessments and governance workflows * Security due diligence and vendor reviews * AI policy violations and remediation tracking AI Systems extends Sprinto’s existing vendor governance infrastructure with AI-specific capabilities such as model tracking, AI risk scoring, Shadow AI discovery, AI system questionnaires, and AI-focused compliance workflows. *** ## Why AI Governance Matters AI systems introduce unique operational, security, privacy, and compliance risks that traditional vendor management workflows may not fully address. Organisations increasingly need to: * Maintain an inventory of AI systems used across teams * Identify unauthorised or unreviewed AI usage * Assess AI-related privacy and security risks * Review AI vendors and supporting evidence * Monitor violations involving sensitive data exposure * Demonstrate AI governance maturity during audits The AI Systems module helps organisations operationalise these workflows through a single governance workspace. *** ## Supported AI Governance Frameworks AI Systems supports governance workflows aligned with commonly adopted AI governance and compliance frameworks, including: * ISO 42001 * EU AI Act * NIST AI Risk Management Framework (AI RMF) The module includes configurable risk scoring, due diligence workflows, evidence collection, and monitoring capabilities that support AI governance and audit readiness. *** ## AI System Types Sprinto supports two types of AI systems. ### Internal AI Systems Internal AI systems are AI applications, models, or services developed and managed within your organisation. Examples include: * Internal AI copilots * Custom LLM integrations * Internal automation workflows * Proprietary machine learning systems Internal AI systems are managed without linking an external vendor. *** ### Third-party AI Systems Third-party AI systems are externally provided AI platforms, tools, or services used by your organisation. Examples include: * ChatGPT Enterprise * Claude * Gemini * AI-enabled SaaS tools * Vendor-hosted AI platforms Third-party AI systems can be linked to vendors for due diligence, security reviews, and document request workflows. *** ## Key Capabilities The AI Systems module includes the following core capabilities. ### AI System Inventory Maintain a central inventory of AI systems used across the organisation. You can: * Add internal and third-party AI systems * Track owners and stakeholders * Associate vendors with AI systems * Capture AI-specific metadata * Configure custom fields * Monitor lifecycle stages *** ### Shadow AI Discovery Sprinto can automatically discover unmanaged or unapproved AI usage across the organisation. The Shadow AI section helps you: * Detect AI applications used by employees * Review associated users * Review risk classifications * Identify AI policy violations * Add discovered systems into the governed inventory *** ### AI Risk Assessment AI Systems includes configurable AI-specific risk assessment workflows. You can: * Evaluate AI risk factors * Configure scoring thresholds * Assign AI risk levels * Review risk posture across systems * Maintain periodic risk assessments Risk scoring supports governance workflows aligned with AI governance frameworks such as ISO 42001. *** ### Due Diligence and Security Reviews Sprinto supports AI vendor due diligence workflows for collecting and reviewing security documentation. You can: * Request documents from vendors * Upload supporting evidence * Send questionnaires * Review compliance artefacts * Generate AI-assisted findings * Track due diligence completion *** ### Security Questionnaires The AI Systems module supports reusable AI security questionnaires. You can: * Create questionnaires using CSV templates * Recommend questionnaires by framework or risk level * Send questionnaires to vendors * Track submissions and responses * Maintain audit-ready evidence *** ### Violations Monitoring Sprinto can monitor and surface AI-related violations involving: * Personally identifiable information (PII) * Protected health information (PHI) * Legal or contractual information * Sensitive organisational data Violations are mapped to: * AI systems * Users * Severity levels * Detection timestamps *** ### Findings and Tasks AI governance workflows often require remediation and operational follow-up. Sprinto allows teams to: * Create findings * Upload supporting evidence * Assign remediation tasks * Track due dates and ownership * Monitor issue resolution *** ## Main Tabs in AI Systems The AI Systems module contains the following main tabs.
TabPurpose
Added AI SystemsDisplays all governed AI systems in the organisation
Shadow AIDisplays automatically discovered AI usage
ViolationsDisplays AI-related policy and compliance violations
QuestionnaireManages AI security questionnaires
ConfigurationConfigures AI governance settings and workflows
*** ## AI System Lifecycle in Sprinto AI governance in Sprinto typically follows the lifecycle below: 1. Discover or add an AI system 2. Classify the AI system 3. Assign owners and stakeholders 4. Assess AI-related risk 5. Perform vendor due diligence if required 6. Upload documents and questionnaires 7. Monitor violations and findings 8. Track remediation tasks 9. Periodically review governance posture This lifecycle helps organisations maintain continuous oversight of AI systems across their environment. *** ## Relationship Between AI Systems and Vendors AI Systems extends Sprinto’s existing vendor governance workflows. For third-party AI systems, organisations can: * Associate vendors with AI systems * Reuse due diligence workflows * Request compliance documents * Send questionnaires * Track vendor risk and evidence This enables consistent governance workflows across both vendors and AI systems. *** ## AI-specific Metadata Supported AI Systems supports AI-focused metadata fields including: * AI models used * Use case * Business objective * Deployment geography * Stakeholders * Vendors * Owners * Lifecycle stage * Custom AI fields These attributes help organisations maintain structured AI governance records. *** ## Monitoring and Governance Workflows Sprinto continuously supports governance monitoring through: * Risk scoring * Due diligence tracking * Violations monitoring * Findings management * Task tracking * Shadow AI discovery * Monitor-based workflows This helps organisations maintain visibility into AI governance activities and compliance posture. *** ## Related Information * [How AI Systems Work](/data-library/ai-systems/how-ai-systems-work.md) * [Add and Manage AI Systems](/data-library/ai-systems/dashboard-actions/add-and-manage-ai-systems.md) * [Assess AI System Risk](/data-library/ai-systems/dashboard-actions/assess-ai-system-risk.md) * [Perform AI System Due Diligence](/data-library/ai-systems/dashboard-actions/perform-ai-system-due-diligence.md) * [Discover and Govern Shadow AI](/data-library/ai-systems/dashboard-actions/discover-and-govern-shadow-ai.md) * [Configure AI Systems](/data-library/ai-systems/dashboard-actions/configure-ai-systems.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sprinto.com/data-library/ai-systems.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.