> For the complete documentation index, see [llms.txt](https://docs.sprinto.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.sprinto.com/data-library/ai-systems/frequently-asked-questions.md). # Frequently Asked Questions This article answers common questions about the AI Systems module in Sprinto. The FAQs below cover: * AI system management * Shadow AI discovery * Risk scoring * Due diligence workflows * Questionnaires * Violations * Governance configuration *** ## General FAQs ### 1. What is AI Systems in Sprinto? AI Systems is a governance module within Sprinto’s Data Library that helps organisations discover, manage, assess, and monitor AI systems used across the organisation. The module supports: * AI inventory management * Shadow AI discovery * AI risk assessments * Due diligence workflows * Violations monitoring * Governance tracking *** ### 2. What types of AI systems does Sprinto support? Sprinto supports: * Internal AI systems * Third-party AI systems Internal AI systems are managed within the organisation, while third-party AI systems can be linked to vendors for governance and due diligence workflows. *** ### 3. Why should organisations maintain an AI inventory? Maintaining an AI inventory helps organisations: * Track AI usage across teams * Review governance posture * Assess operational and compliance risks * Monitor AI-related violations * Maintain audit-ready evidence * Support AI governance requirements *** ## Shadow AI FAQs ### 4. What is Shadow AI? Shadow AI refers to AI tools or services being used outside approved governance workflows. Examples may include: * Public AI tools * Unreviewed AI vendors * AI-enabled SaaS applications * AI systems used without governance approval *** ### 5. How does Sprinto discover Shadow AI? Sprinto can automatically detect AI usage across the organisation using supported discovery workflows and integrations. The Shadow AI section helps organisations review: * Discovered AI systems * Associated users * Risk levels * Governance violations *** ### 6. Can I add discovered Shadow AI systems into the inventory? Yes. You can onboard discovered AI systems into the governed AI inventory by selecting the AI system and clicking **Add**. After onboarding, organisations can: * Assign owners * Assess risk * Perform due diligence * Configure governance workflows *** ## Risk Assessment FAQs ### 7. How does AI risk scoring work? Sprinto calculates AI system risk using configurable risk factors. Each risk factor contains: * Configurable scoring values * Associated score weights * Governance logic Sprinto automatically calculates cumulative risk scores and assigns risk levels based on configured thresholds. *** ### 8. Can I customise AI risk factors? Yes. Administrators can customise: * Risk factors * Risk values * Score ranges * Mandatory factors * Risk thresholds from the **Configuration** tab. *** ### 9. What risk levels are supported? Depending on your configuration, Sprinto may support: * No risk * Low risk * Medium risk * High risk * Critical risk Risk levels are automatically assigned based on configured score thresholds. *** ### 10. Are risk assessments mandatory? This depends on your organisation’s governance workflows. Administrators can configure mandatory risk factors and governance requirements from the **Configuration** tab. *** ## Due Diligence FAQs ### 11. Can I request documents from AI vendors? Yes. Sprinto supports document request workflows for AI vendors. You can request: * SOC reports * ISO certifications * GDPR agreements * HIPAA agreements * Security questionnaires * Other governance documents *** ### 12. Can I upload governance evidence manually? Yes. You can manually upload: * Documents * Evidence files * URLs * Supporting artefacts within the AI system record. *** ### 13. Does Sprinto support AI-assisted due diligence reviews? Yes. Sprinto AI can review uploaded documents and generate suggested findings during due diligence workflows. *** ### 14. Can I manually review documents and add findings? Yes. You can manually review uploaded evidence and create governance findings directly from the Due diligence workflow. *** ## Security Questionnaire FAQs ### 15. Can I create custom security questionnaires? Yes. Sprinto supports CSV-based questionnaire creation workflows. You can: * Download questionnaire templates * Upload completed CSV files * Configure questionnaire recommendations * Publish reusable questionnaires *** ### 16. Can questionnaires be linked to document requests? Yes. Questionnaires can be associated with document request workflows during due diligence and vendor review activities. *** ### 17. Can I recommend questionnaires by framework or risk level? Yes. Questionnaires can be recommended based on: * Compliance frameworks * Vendor risk levels * Vendor categories *** ## Violations FAQs ### 18. What types of AI violations can Sprinto detect? Depending on your configuration, Sprinto can surface violations involving: * Personally identifiable information (PII) * Protected health information (PHI) * Legal or contractual information * Sensitive organisational data *** ### 19. Are violations linked to users and AI systems? Yes. Each violation can be associated with: * Users * AI systems * Severity levels * Detection timestamps This helps organisations investigate governance concerns. *** ### 20. Can Shadow AI systems also generate violations? Yes. Violations may also be surfaced during Shadow AI discovery workflows. This helps organisations identify risky AI usage patterns and unmanaged AI activity. *** ## Configuration FAQs ### 21. Can I configure AI governance workflows? Yes. The **Configuration** tab allows administrators to customise: * Risk scoring * Risk thresholds * Field ordering * Document request workflows * Email templates * Questionnaire integrations *** ### 22. Can I create custom fields for AI systems? Yes. Sprinto supports organisation-specific custom fields for AI systems. Supported field types may include: * Text * Select fields * Date fields * Number fields * User fields * Attachments *** ### 23. Can I customise document request emails? Yes. Administrators can configure: * Email subject * Email header * Email body * Notification recipients * Dynamic variables for document request workflows. *** ## Governance and Compliance FAQs ### 24. Which AI governance frameworks does Sprinto support? AI Systems supports governance workflows aligned with frameworks such as: * ISO 42001 * EU AI Act * NIST AI RMF *** ### 25. Can AI Systems help with audit readiness? Yes. The AI Systems module helps organisations maintain: * Governance evidence * Risk assessments * Due diligence records * Questionnaires * Findings * Remediation tracking This helps support audit and compliance activities. *** ### 26. Can I track remediation activities for governance findings? Yes. Sprinto supports: * Findings management * Task assignment * Due dates * Evidence uploads * Governance tracking within AI system workflows. *** ## Related Information * [AI Systems Overview](/data-library/ai-systems.md) * [How AI Systems Work](/data-library/ai-systems/how-ai-systems-work.md) * [Assess AI System Risk](/data-library/ai-systems/dashboard-actions/assess-ai-system-risk.md) * [Perform AI System Due Diligence](/data-library/ai-systems/dashboard-actions/perform-ai-system-due-diligence.md) * [Discover and Govern Shadow AI](/data-library/ai-systems/dashboard-actions/discover-and-govern-shadow-ai.md) * [Configure AI Systems](/data-library/ai-systems/dashboard-actions/configure-ai-systems.md) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sprinto.com/data-library/ai-systems/frequently-asked-questions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.