> For the complete documentation index, see [llms.txt](https://docs.sprinto.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.sprinto.com/data-library/ai-systems/dashboard-actions/perform-ai-system-due-diligence.md).

# Perform AI System Due Diligence

The AI Systems module in Sprinto includes due diligence workflows that help organisations review the security, compliance, and governance posture of AI systems and AI vendors.

Due diligence workflows help organisations:

* Review AI vendor security posture
* Collect governance evidence
* Request compliance documents
* Send security questionnaires
* Review uploaded evidence
* Track due diligence completion
* Maintain audit-ready records

Sprinto supports both manual and AI-assisted due diligence reviews.

***

## Navigate to the Due Diligence Tab

To access AI system due diligence:

1. Log in to the Sprinto dashboard.
2. Navigate to **Data Library**.
3. Select **AI Systems**.

<figure><img src="/files/b2kFBWWs7KNpL6ZbTrZ9" alt="" width="563"><figcaption></figcaption></figure>

4. Open an AI system from the **Added AI Systems** tab.
5. Select the **Due diligence** tab.

<figure><img src="/files/VJOxstcbJZUlcOlv1cV6" alt="" width="563"><figcaption></figcaption></figure>

The Due diligence tab displays the due diligence status and review workflows associated with the AI system.

***

## Due Diligence Eligibility

Sprinto determines whether due diligence is mandatory or optional based on configured governance criteria.

If the AI system does not meet the configured due diligence requirements, Sprinto displays:

* Due diligence is optional for this AI system

You can still perform due diligence manually if required.

***

## Start Due Diligence

To begin a due diligence review:

1. Open the AI system.
2. Navigate to the **Due diligence** tab.
3. Click **Perform due diligence**.

<figure><img src="/files/1sKvxcNbElSaR1fm3T6Q" alt="" width="563"><figcaption></figcaption></figure>

The due diligence workflow opens in a side drawer.

***

## Due Diligence Workflow

The due diligence workflow contains two major stages:

1. Choose vendor documents for due diligence
2. Review vendor documents and complete due diligence

***

## Request Documents from Vendors

Sprinto allows organisations to request compliance and security documents directly from vendors.

### Request Vendor Documents

To request documents:

1. In the due diligence drawer, select **Request from vendor**.

<figure><img src="/files/lE2xoTNvCuiKoSpeYInl" alt="" width="563"><figcaption></figcaption></figure>

2. Select the required documents.
3. Configure the request settings.
4. Click **Preview & send request**.

<figure><img src="/files/cCL9AT58r9WucV2OlSuy" alt="" width="563"><figcaption></figcaption></figure>

Sprinto sends the request to the vendor after confirmation.

***

## Configure Requested Documents

You can configure:

* Required documents
* Optional documents
* Custom questionnaires
* Document request notifications

Examples of supported documents include:

* SOC 2 reports
* ISO 27001 certifications
* GDPR agreements
* HIPAA agreements
* Security whitepapers
* PCI DSS reports

***

## Configure Custom Questionnaires

You can attach custom questionnaires while requesting documents.

To add a questionnaire:

1. Enable the custom questionnaire option.
2. Upload the questionnaire.
3. Configure whether the questionnaire is mandatory.

<figure><img src="/files/25RH6AGffVV5Uw9ZNE4u" alt="" width="563"><figcaption></figcaption></figure>

Questionnaires help organisations standardise AI vendor assessments.

***

## Configure Request Notifications

Sprinto supports configurable request notifications.

You can configure:

* Recipients
* CC recipients
* Submission notification recipients
* Email subject
* Email header
* Email body

You can also choose whether selected documents appear inside the email.

***

## Preview and Send Requests

Before sending the request:

1. Click **Preview & send request**.
2. Review the generated email.
3. Click **Send request**.

<figure><img src="/files/jSUkJ17JcOvZK921Yw9i" alt="" width="563"><figcaption></figcaption></figure>

Sprinto then sends the due diligence request to the vendor.

***

## Upload Documents Manually

Teams can manually upload documents instead of requesting them from vendors.

### Upload Documents or Links

To upload documents:

1. In the due diligence drawer, select **Upload documents**.

<figure><img src="/files/lE2xoTNvCuiKoSpeYInl" alt="" width="563"><figcaption></figcaption></figure>

2. Choose the document or link type.
3. Upload files or add URLs.
4. Click **Save**.

<figure><img src="/files/UgWXp8ZHl19geMHCcJxa" alt="" width="563"><figcaption></figcaption></figure>

Sprinto stores the uploaded evidence within the AI system record.

***

## Supported Upload Types

Sprinto supports:

* File uploads
* URL-based evidence
* Multiple document uploads

Supported file formats may include:

* PDF
* DOC/DOCX
* XLS/XLSX
* CSV
* PPT/PPTX
* ZIP
* JSON
* MSG
* ODT/ODS

***

## Add Multiple Documents

To upload additional evidence:

1. Click **Add another document/link**.
2. Repeat the upload process.

This helps organisations centralise all governance evidence for the AI system.

***

## Review Vendor Documents

After documents are uploaded or received, organisations can review the vendor evidence.

Sprinto supports three review approaches.

***

## Option 1: Complete Due Diligence Without Findings

If the vendor meets the required security and governance standards:

1. Select:
   * Vendor meets necessary security requirements. There are no due diligence findings.
2. Complete the review.

This closes the due diligence workflow without creating findings.

<figure><img src="/files/6PnUXOCMG5hbwKlJIQGl" alt="" width="563"><figcaption></figcaption></figure>

***

## Option 2: Manually Review Documents and Add Findings

Teams can manually review submitted evidence and record governance observations.

To manually review documents:

1. Select:
   * Manually review the vendor documents and add findings
2. Review the uploaded evidence.
3. Add findings and observations.
4. Complete the review.

<figure><img src="/files/vPXShnj90khZooylSkcu" alt="" width="563"><figcaption></figcaption></figure>

This helps organisations document governance gaps or compliance concerns.

***

## Option 3: Use Sprinto AI to Generate Findings

Sprinto supports AI-assisted due diligence reviews.

To generate AI-assisted findings:

1. Select:
   * Let Sprinto AI review vendor documents and add findings
2. Click **Generate findings**.

<figure><img src="/files/ZNCFbfPyuXJCJmHfTSQG" alt="" width="563"><figcaption></figcaption></figure>

Sprinto AI analyses the uploaded documents and surfaces suggested findings.

The generated findings can then be reviewed before completing due diligence.

***

## Complete Due Diligence

After the review is completed:

1. Click **Complete due diligence**.

Sprinto:

* Updates the due diligence status
* Records the review activity
* Maintains governance history
* Stores the associated evidence

***

## Review Due Diligence History

The Due diligence tab also maintains historical review information.

You can review:

* Due diligence status
* Review dates
* Performed by details
* Document counts
* Additional review information

<figure><img src="/files/K5DM8W2nsxZtDSmrwBS8" alt="" width="563"><figcaption></figcaption></figure>

This helps organisations maintain audit-ready governance records.

***

## Relationship Between Due Diligence and Risk

AI systems with higher risk scores may require additional due diligence reviews.

Organisations may use due diligence workflows to:

* Validate vendor security posture
* Review compliance readiness
* Assess data protection practices
* Evaluate governance controls
* Support management review workflows

Due diligence and risk assessment workflows work together to strengthen AI governance.

***

## AI Governance Best Practices

When performing AI system due diligence:

* Review governance evidence periodically
* Request updated certifications when required
* Maintain audit-ready records
* Review sensitive data handling practices
* Use questionnaires for standardised assessments
* Track unresolved findings and remediation activities
* Reassess vendors after significant security changes

***

## Related Information

* [AI Systems Overview](/data-library/ai-systems.md)
* [How AI Systems Work](/data-library/ai-systems/how-ai-systems-work.md)
* [Assess AI System Risk](/data-library/ai-systems/dashboard-actions/assess-ai-system-risk.md)
* [Manage Documents and Security Questionnaires](/data-library/ai-systems/dashboard-actions/manage-documents-and-security-questionnaires.md)
* [Manage Findings and Tasks](/data-library/ai-systems/dashboard-actions/manage-findings-and-tasks.md)
* [Configure AI Systems](/data-library/ai-systems/dashboard-actions/configure-ai-systems.md)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sprinto.com/data-library/ai-systems/dashboard-actions/perform-ai-system-due-diligence.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.