Ctrlk
Sprinto DashboardAPI Reference

Frequently Asked Questions

Find answers to common questions about AI Systems, Shadow AI, risk scoring, due diligence, questionnaires, and governance workflows in Sprinto.

This article answers common questions about the AI Systems module in Sprinto.

The FAQs below cover:

  • AI system management

  • Shadow AI discovery

  • Risk scoring

  • Due diligence workflows

  • Questionnaires

  • Violations

  • Governance configuration

General FAQs

1. What is AI Systems in Sprinto?

AI Systems is a governance module within Sprinto’s Data Library that helps organisations discover, manage, assess, and monitor AI systems used across the organisation.

The module supports:

  • AI inventory management

  • Shadow AI discovery

  • AI risk assessments

  • Due diligence workflows

  • Violations monitoring

  • Governance tracking

2. What types of AI systems does Sprinto support?

Sprinto supports:

  • Internal AI systems

  • Third-party AI systems

Internal AI systems are managed within the organisation, while third-party AI systems can be linked to vendors for governance and due diligence workflows.

3. Why should organisations maintain an AI inventory?

Maintaining an AI inventory helps organisations:

  • Track AI usage across teams

  • Review governance posture

  • Assess operational and compliance risks

  • Monitor AI-related violations

  • Maintain audit-ready evidence

  • Support AI governance requirements

Shadow AI FAQs

4. What is Shadow AI?

Shadow AI refers to AI tools or services being used outside approved governance workflows.

Examples may include:

  • Public AI tools

  • Unreviewed AI vendors

  • AI-enabled SaaS applications

  • AI systems used without governance approval

5. How does Sprinto discover Shadow AI?

Sprinto can automatically detect AI usage across the organisation using supported discovery workflows and integrations.

The Shadow AI section helps organisations review:

  • Discovered AI systems

  • Associated users

  • Risk levels

  • Governance violations

6. Can I add discovered Shadow AI systems into the inventory?

Yes.

You can onboard discovered AI systems into the governed AI inventory by selecting the AI system and clicking Add.

After onboarding, organisations can:

  • Assign owners

  • Assess risk

  • Perform due diligence

  • Configure governance workflows

Risk Assessment FAQs

7. How does AI risk scoring work?

Sprinto calculates AI system risk using configurable risk factors.

Each risk factor contains:

  • Configurable scoring values

  • Associated score weights

  • Governance logic

Sprinto automatically calculates cumulative risk scores and assigns risk levels based on configured thresholds.

8. Can I customise AI risk factors?

Yes.

Administrators can customise:

  • Risk factors

  • Risk values

  • Score ranges

  • Mandatory factors

  • Risk thresholds

from the Configuration tab.

9. What risk levels are supported?

Depending on your configuration, Sprinto may support:

  • No risk

  • Low risk

  • Medium risk

  • High risk

  • Critical risk

Risk levels are automatically assigned based on configured score thresholds.

10. Are risk assessments mandatory?

This depends on your organisation’s governance workflows.

Administrators can configure mandatory risk factors and governance requirements from the Configuration tab.

Due Diligence FAQs

11. Can I request documents from AI vendors?

Yes.

Sprinto supports document request workflows for AI vendors.

You can request:

  • SOC reports

  • ISO certifications

  • GDPR agreements

  • HIPAA agreements

  • Security questionnaires

  • Other governance documents

12. Can I upload governance evidence manually?

Yes.

You can manually upload:

  • Documents

  • Evidence files

  • URLs

  • Supporting artefacts

within the AI system record.

13. Does Sprinto support AI-assisted due diligence reviews?

Yes.

Sprinto AI can review uploaded documents and generate suggested findings during due diligence workflows.

14. Can I manually review documents and add findings?

Yes.

You can manually review uploaded evidence and create governance findings directly from the Due diligence workflow.

Security Questionnaire FAQs

15. Can I create custom security questionnaires?

Yes.

Sprinto supports CSV-based questionnaire creation workflows.

You can:

  • Download questionnaire templates

  • Upload completed CSV files

  • Configure questionnaire recommendations

  • Publish reusable questionnaires

16. Can questionnaires be linked to document requests?

Yes.

Questionnaires can be associated with document request workflows during due diligence and vendor review activities.

17. Can I recommend questionnaires by framework or risk level?

Yes.

Questionnaires can be recommended based on:

  • Compliance frameworks

  • Vendor risk levels

  • Vendor categories

Violations FAQs

18. What types of AI violations can Sprinto detect?

Depending on your configuration, Sprinto can surface violations involving:

  • Personally identifiable information (PII)

  • Protected health information (PHI)

  • Legal or contractual information

  • Sensitive organisational data

19. Are violations linked to users and AI systems?

Yes.

Each violation can be associated with:

  • Users

  • AI systems

  • Severity levels

  • Detection timestamps

This helps organisations investigate governance concerns.

20. Can Shadow AI systems also generate violations?

Yes.

Violations may also be surfaced during Shadow AI discovery workflows.

This helps organisations identify risky AI usage patterns and unmanaged AI activity.

Configuration FAQs

21. Can I configure AI governance workflows?

Yes.

The Configuration tab allows administrators to customise:

  • Risk scoring

  • Risk thresholds

  • Field ordering

  • Document request workflows

  • Email templates

  • Questionnaire integrations

22. Can I create custom fields for AI systems?

Yes.

Sprinto supports organisation-specific custom fields for AI systems.

Supported field types may include:

  • Text

  • Select fields

  • Date fields

  • Number fields

  • User fields

  • Attachments

23. Can I customise document request emails?

Yes.

Administrators can configure:

  • Email subject

  • Email header

  • Email body

  • Notification recipients

  • Dynamic variables

for document request workflows.

Governance and Compliance FAQs

24. Which AI governance frameworks does Sprinto support?

AI Systems supports governance workflows aligned with frameworks such as:

  • ISO 42001

  • EU AI Act

  • NIST AI RMF

25. Can AI Systems help with audit readiness?

Yes.

The AI Systems module helps organisations maintain:

  • Governance evidence

  • Risk assessments

  • Due diligence records

  • Questionnaires

  • Findings

  • Remediation tracking

This helps support audit and compliance activities.

26. Can I track remediation activities for governance findings?

Yes.

Sprinto supports:

  • Findings management

  • Task assignment

  • Due dates

  • Evidence uploads

  • Governance tracking

within AI system workflows.

Related Information

PreviousConfigure AI SystemsNextGlossary

Last updated