Frequently Asked Questions

This page answers the most frequently asked questions about the Incidents module in Sprinto. It covers incident sources, reporting methods, resolution workflows, and compliance monitoring.

1. What types of incident sources can I integrate with Sprinto?

Sprinto supports both internal and external incident sources. You can:

• Use Sprinto as your incident management system (e.g. with GuardDuty or Microsoft Defender).

• Integrate external tools such as PagerDuty, Jira, OpsGenie, ServiceDeskPlus, and Zenduty.

• Enable manual reporting by employees via the Sprinto portal or a configured email address.

2. How can employees report incidents?

Employees can report incidents in two ways:

• Sprinto portal: By filling out an incident form with title, severity, and description.

• Email: By sending an incident description to a configured address linked to your PagerDuty account (if integrated).

3. Where can I view reported incidents?

Reported incidents are listed under the Incidents section in the Data Library. Each integrated system appears as a separate tab (e.g. PagerDuty, Microsoft Defender). You can view, filter, and manage incidents from these tabs.

4. Can I close incident tickets directly from Sprinto?

Yes, but only for incidents managed via Sprinto or integrated systems that allow internal resolution. For tools like PagerDuty, resolution must be done in the external system, although Sprinto can still track the ticket status.

5. What happens if an incident involves data loss?

If an incident involves data loss:

• You must select the affected data type (e.g. customer data, PHI, CHD).

• Notify the relevant stakeholder.

• Upload supporting evidence.

• Acknowledge that the report has been communicated.

Sprinto tracks this process to meet compliance obligations.

6. How does Sprinto detect data loss in external incidents?

If an incident resolved in PagerDuty includes the term “data loss” in the closing note, Sprinto creates a separate ticket under the Sprinto tab. You must resolve this ticket by classifying the data type, notifying stakeholders, and uploading evidence.

7. What are monitoring checks and how do they work?

Monitoring checks validate that:

• Incidents have been resolved.

• Data loss (if applicable) has been reported.

• Evidence has been uploaded.

These checks help track compliance progress and appear under the Monitoring tab.

8. Can I add my own checks?

Yes. You can add incident checks using:

• Predefined templates

• Manual entry (single check)

• Bulk upload via spreadsheet

These checks can be scoped by zone and linked to compliance controls.

9. What does the "Failing" status mean?

A failing status means:

• The incident ticket is still open.

• Data loss reporting has not been acknowledged.

• Evidence has not been submitted.

You should take immediate action to prevent compliance gaps.

10. Can I view the history of incident check statuses?

Yes. Click the Status history icon next to a check in the Monitoring tab to view:

• Past status changes

• Timestamps

• Downloadable logs