Glossary

AI Model

The underlying machine learning or generative AI model used by an AI system, such as GPT-4, Claude, Gemini, or self-hosted models.

AI System

An internal or third-party AI application, platform, service, or workflow managed within Sprinto.

AI System Lifecycle

The governance lifecycle followed by AI systems, including discovery, inventory management, risk assessment, due diligence, monitoring, remediation, and periodic reviews.

Compliance Framework

A regulatory or governance standard used to guide AI governance workflows, such as ISO 42001, EU AI Act, or NIST AI RMF.

Critical Risk

A high-priority AI risk classification assigned to AI systems requiring additional governance oversight or remediation.

Custom Field

An organisation-specific metadata field added to AI systems for governance or operational tracking.

Due Diligence

A governance and security review workflow used to assess the compliance and security posture of AI systems or AI vendors.

Dynamic Variables

Reusable placeholders used within document request templates, such as {{vendor_name}} or {{internal_business_contact}}.

Finding

A governance observation, issue, compliance gap, or security concern identified during AI governance reviews.

Geography

The deployment region or data processing location associated with an AI system.

Governance Workflow

A structured process used to manage AI systems, governance reviews, risk assessments, due diligence activities, and remediation tracking.

Internal AI System

An AI system developed, hosted, or managed internally by the organisation.

Monitor

A governance tracking workflow or compliance activity associated with an AI system.

Multiuser Field

A custom field type that allows multiple users to be associated with an AI system or governance workflow.

PHI

Protected health information associated with individuals.

PII

Personally identifiable information that can identify an individual directly or indirectly.

Questionnaire

A structured assessment form used during AI governance and due diligence workflows.

Remediation Task

An operational or governance action assigned to resolve a finding, risk, or compliance concern.

Risk Factor

A scoring criterion used during AI risk assessments.

Risk Level

A classification assigned to AI systems based on calculated risk scores.

Risk Threshold

A configured score range used to determine the assigned AI risk level.

Security Questionnaire

A questionnaire used to assess the security and governance posture of AI vendors or AI systems.

Shadow AI

AI tools or services being used within the organisation outside approved governance workflows.

Stakeholder

A user, team, or business function associated with an AI system.

Third-party AI System

An externally provided AI application, platform, or service used by the organisation.

Vendor

An external organisation that provides an AI system or AI-enabled service.

Violation

An AI-related policy breach, governance issue, or sensitive data exposure event detected by Sprinto.

Violation Severity

The priority classification assigned to a violation.