> For the complete documentation index, see [llms.txt](https://docs.sprinto.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.sprinto.com/data-library/ai-systems/how-ai-systems-work.md). # How AI Systems Work AI Systems in Sprinto provides a structured governance workflow for managing AI systems used across your organisation. The module helps teams: * Discover AI systems in use * Maintain a centralised AI inventory * Assess AI-related risks * Perform due diligence reviews * Collect governance evidence * Monitor AI-related violations * Track findings and remediation tasks AI governance workflows in Sprinto follow a lifecycle-based approach that helps organisations maintain continuous oversight of AI systems from onboarding to ongoing monitoring. *** ## AI System Lifecycle in Sprinto AI Systems typically move through the following lifecycle stages: 1. Discovery or onboarding 2. Inventory and classification 3. Risk assessment 4. Due diligence and evidence collection 5. Monitoring and compliance tracking 6. Findings and remediation 7. Ongoing governance review Each stage helps organisations establish visibility, accountability, and governance controls for AI usage. *** ## Stage 1: Discover or Add AI Systems Organisations can onboard AI systems into Sprinto using two methods. ### Manually Add AI Systems Teams can manually add AI systems to the inventory. Sprinto supports: * Internal AI systems * Third-party AI systems During onboarding, organisations can capture: * AI system name * Use case * Business objective * Owners * Stakeholders * AI models used * Geography * Vendors * Custom metadata Third-party AI systems can additionally be linked to vendors for due diligence and compliance workflows. *** ### Discover Shadow AI Automatically Sprinto can automatically detect AI tools being used across the organisation. The Shadow AI section helps organisations: * Detect unmanaged AI usage * Identify users accessing AI systems * Review associated risks * Review violations * Bring discovered systems into governance workflows Once reviewed, discovered AI systems can be added directly into the governed inventory. *** ## Stage 2: Inventory and Classification After onboarding, AI systems become part of the governed AI inventory. The Added AI Systems section provides visibility into: * AI systems across the organisation * Risk posture * Due diligence status * Owners and stakeholders * Lifecycle stages * Monitoring health Sprinto supports lifecycle stages such as: * Active * Offboarding * Archived These stages help organisations track the operational status of AI systems. *** ## Stage 3: Assess AI System Risk Each AI system can undergo a structured risk assessment. Sprinto supports configurable AI-specific risk scoring workflows that help organisations evaluate: * Operational impact * Data sensitivity * Exposure risk * Deployment scale * Affected users * Business criticality * Reversibility of AI outputs Risk assessments are completed by selecting predefined values for configured risk factors. Sprinto automatically: * Calculates cumulative risk scores * Assigns risk levels * Maintains assessment history * Surfaces risk posture across the inventory Administrators can customise: * Risk factors * Risk values * Scoring thresholds * Risk levels from the Configuration tab. *** ## Stage 4: Perform Due Diligence Organisations can perform due diligence reviews for AI systems, especially third-party AI vendors. Due diligence workflows help organisations: * Collect compliance evidence * Request security documents * Review vendor security posture * Assess compliance readiness * Track due diligence completion Sprinto supports multiple due diligence methods. ### Request Documents from Vendors Users can request documents such as: * SOC reports * ISO certifications * GDPR agreements * Security policies * Security questionnaires The request workflow includes: * Email templates * Notifications * Custom questionnaires * Required and optional document tracking *** ### Upload Documents Manually Teams can also manually upload: * Documents * Evidence files * URLs * Supporting artefacts This helps centralise AI governance evidence within the AI system record. *** ### AI-assisted Due Diligence Reviews Sprinto supports AI-assisted document reviews. Sprinto AI can: * Review uploaded documents * Generate findings * Surface governance observations * Assist with due diligence analysis Users can also manually review documents and create findings. *** ## Stage 5: Manage Security Questionnaires AI Systems supports reusable security questionnaires for vendor and AI system assessments. Organisations can: * Upload questionnaires using CSV templates * Recommend questionnaires by framework or risk level * Send questionnaires to vendors * Collect responses * Track submissions * Maintain evidence for audits Questionnaires can also be linked directly to document request workflows. *** ## Stage 6: Monitor Violations and Governance Signals Sprinto continuously supports governance monitoring across AI systems. ### Violations Monitoring The Violations section helps organisations detect AI-related policy breaches involving: * Personally identifiable information (PII) * Protected health information (PHI) * Legal or contractual data * Sensitive organisational information Violations are mapped to: * Users * AI systems * Detection timestamps * Severity levels *** ### Monitoring Workflows Sprinto also tracks governance-related workflows such as: * Risk assessments * Due diligence completion * Governance reviews * AI system onboarding decisions * Shadow AI review actions This helps organisations maintain continuous AI governance oversight. *** ## Stage 7: Create Findings and Remediation Tasks Governance reviews may identify risks, gaps, or compliance concerns that require remediation. Sprinto allows teams to: * Create findings * Upload supporting evidence * Assign remediation tasks * Configure due dates * Track remediation ownership Tasks can be: * Linked directly to findings * Created independently for operational tracking This helps organisations operationalise AI governance activities. *** ## Stage 8: Configure AI Governance Workflows Administrators can customise how AI governance workflows operate within Sprinto. The Configuration tab supports: * Risk scoring configuration * Risk threshold management * AI system field ordering * Custom field management * Document request configuration * Email template configuration * Questionnaire configuration This allows organisations to align AI governance workflows with internal policies and compliance requirements. *** ## Relationship Between AI Systems and Vendors AI Systems extends Sprinto’s vendor governance infrastructure. For third-party AI systems, organisations can: * Associate vendors with AI systems * Reuse document request workflows * Reuse due diligence workflows * Track vendor-related evidence * Maintain centralised governance records This creates consistent governance workflows across vendors and AI systems. *** ## AI Governance Workflows in Sprinto A typical AI governance workflow in Sprinto may look like this: 1. Detect or add an AI system 2. Assign owners and stakeholders 3. Configure AI-specific metadata 4. Assess risk posture 5. Perform due diligence reviews 6. Request documents and questionnaires 7. Monitor violations and governance signals 8. Create findings and remediation tasks 9. Periodically review AI governance posture This lifecycle helps organisations maintain structured oversight of AI usage across the organisation. *** ## Related Information * [AI Systems Overview](/data-library/ai-systems.md) * [Add and Manage AI Systems](/data-library/ai-systems/dashboard-actions/add-and-manage-ai-systems.md) * [Assess AI System Risk](/data-library/ai-systems/dashboard-actions/assess-ai-system-risk.md) * [Perform AI System Due Diligence](/data-library/ai-systems/dashboard-actions/perform-ai-system-due-diligence.md) * [Manage Documents and Security Questionnaires](/data-library/ai-systems/dashboard-actions/manage-documents-and-security-questionnaires.md) * [Discover and Govern Shadow AI](/data-library/ai-systems/dashboard-actions/discover-and-govern-shadow-ai.md) * [Configure AI Systems](/data-library/ai-systems/dashboard-actions/configure-ai-systems.md) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sprinto.com/data-library/ai-systems/how-ai-systems-work.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.