Ctrlk
Sprinto DashboardAPI Reference

How AI Systems Work

Learn how AI Systems in Sprinto helps organisations discover, assess, govern, and monitor AI systems throughout their lifecycle.

AI Systems in Sprinto provides a structured governance workflow for managing AI systems used across your organisation.

The module helps teams:

  • Discover AI systems in use

  • Maintain a centralised AI inventory

  • Assess AI-related risks

  • Perform due diligence reviews

  • Collect governance evidence

  • Monitor AI-related violations

  • Track findings and remediation tasks

AI governance workflows in Sprinto follow a lifecycle-based approach that helps organisations maintain continuous oversight of AI systems from onboarding to ongoing monitoring.

AI System Lifecycle in Sprinto

AI Systems typically move through the following lifecycle stages:

  1. Discovery or onboarding

  2. Inventory and classification

  3. Risk assessment

  4. Due diligence and evidence collection

  5. Monitoring and compliance tracking

  6. Findings and remediation

  7. Ongoing governance review

Each stage helps organisations establish visibility, accountability, and governance controls for AI usage.

Stage 1: Discover or Add AI Systems

Organisations can onboard AI systems into Sprinto using two methods.

Manually Add AI Systems

Teams can manually add AI systems to the inventory.

Sprinto supports:

  • Internal AI systems

  • Third-party AI systems

During onboarding, organisations can capture:

  • AI system name

  • Use case

  • Business objective

  • Owners

  • Stakeholders

  • AI models used

  • Geography

  • Vendors

  • Custom metadata

Third-party AI systems can additionally be linked to vendors for due diligence and compliance workflows.

Discover Shadow AI Automatically

Sprinto can automatically detect AI tools being used across the organisation.

The Shadow AI section helps organisations:

  • Detect unmanaged AI usage

  • Identify users accessing AI systems

  • Review associated risks

  • Review violations

  • Bring discovered systems into governance workflows

Once reviewed, discovered AI systems can be added directly into the governed inventory.

Stage 2: Inventory and Classification

After onboarding, AI systems become part of the governed AI inventory.

The Added AI Systems section provides visibility into:

  • AI systems across the organisation

  • Risk posture

  • Due diligence status

  • Owners and stakeholders

  • Lifecycle stages

  • Monitoring health

Sprinto supports lifecycle stages such as:

  • Active

  • Offboarding

  • Archived

These stages help organisations track the operational status of AI systems.

Stage 3: Assess AI System Risk

Each AI system can undergo a structured risk assessment.

Sprinto supports configurable AI-specific risk scoring workflows that help organisations evaluate:

  • Operational impact

  • Data sensitivity

  • Exposure risk

  • Deployment scale

  • Affected users

  • Business criticality

  • Reversibility of AI outputs

Risk assessments are completed by selecting predefined values for configured risk factors.

Sprinto automatically:

  • Calculates cumulative risk scores

  • Assigns risk levels

  • Maintains assessment history

  • Surfaces risk posture across the inventory

Administrators can customise:

  • Risk factors

  • Risk values

  • Scoring thresholds

  • Risk levels

from the Configuration tab.

Stage 4: Perform Due Diligence

Organisations can perform due diligence reviews for AI systems, especially third-party AI vendors.

Due diligence workflows help organisations:

  • Collect compliance evidence

  • Request security documents

  • Review vendor security posture

  • Assess compliance readiness

  • Track due diligence completion

Sprinto supports multiple due diligence methods.

Request Documents from Vendors

Users can request documents such as:

  • SOC reports

  • ISO certifications

  • GDPR agreements

  • Security policies

  • Security questionnaires

The request workflow includes:

  • Email templates

  • Notifications

  • Custom questionnaires

  • Required and optional document tracking

Upload Documents Manually

Teams can also manually upload:

  • Documents

  • Evidence files

  • URLs

  • Supporting artefacts

This helps centralise AI governance evidence within the AI system record.

AI-assisted Due Diligence Reviews

Sprinto supports AI-assisted document reviews.

Sprinto AI can:

  • Review uploaded documents

  • Generate findings

  • Surface governance observations

  • Assist with due diligence analysis

Users can also manually review documents and create findings.

Stage 5: Manage Security Questionnaires

AI Systems supports reusable security questionnaires for vendor and AI system assessments.

Organisations can:

  • Upload questionnaires using CSV templates

  • Recommend questionnaires by framework or risk level

  • Send questionnaires to vendors

  • Collect responses

  • Track submissions

  • Maintain evidence for audits

Questionnaires can also be linked directly to document request workflows.

Stage 6: Monitor Violations and Governance Signals

Sprinto continuously supports governance monitoring across AI systems.

Violations Monitoring

The Violations section helps organisations detect AI-related policy breaches involving:

  • Personally identifiable information (PII)

  • Protected health information (PHI)

  • Legal or contractual data

  • Sensitive organisational information

Violations are mapped to:

  • Users

  • AI systems

  • Detection timestamps

  • Severity levels

Monitoring Workflows

Sprinto also tracks governance-related workflows such as:

  • Risk assessments

  • Due diligence completion

  • Governance reviews

  • AI system onboarding decisions

  • Shadow AI review actions

This helps organisations maintain continuous AI governance oversight.

Stage 7: Create Findings and Remediation Tasks

Governance reviews may identify risks, gaps, or compliance concerns that require remediation.

Sprinto allows teams to:

  • Create findings

  • Upload supporting evidence

  • Assign remediation tasks

  • Configure due dates

  • Track remediation ownership

Tasks can be:

  • Linked directly to findings

  • Created independently for operational tracking

This helps organisations operationalise AI governance activities.

Stage 8: Configure AI Governance Workflows

Administrators can customise how AI governance workflows operate within Sprinto.

The Configuration tab supports:

  • Risk scoring configuration

  • Risk threshold management

  • AI system field ordering

  • Custom field management

  • Document request configuration

  • Email template configuration

  • Questionnaire configuration

This allows organisations to align AI governance workflows with internal policies and compliance requirements.

Relationship Between AI Systems and Vendors

AI Systems extends Sprinto’s vendor governance infrastructure.

For third-party AI systems, organisations can:

  • Associate vendors with AI systems

  • Reuse document request workflows

  • Reuse due diligence workflows

  • Track vendor-related evidence

  • Maintain centralised governance records

This creates consistent governance workflows across vendors and AI systems.

AI Governance Workflows in Sprinto

A typical AI governance workflow in Sprinto may look like this:

  1. Detect or add an AI system

  2. Assign owners and stakeholders

  3. Configure AI-specific metadata

  4. Assess risk posture

  5. Perform due diligence reviews

  6. Request documents and questionnaires

  7. Monitor violations and governance signals

  8. Create findings and remediation tasks

  9. Periodically review AI governance posture

This lifecycle helps organisations maintain structured oversight of AI usage across the organisation.

Related Information

PreviousAI SystemsNextDashboard Actions

Last updated