How It Works

Overview

Sprinto helps organisations manage cloud infrastructure compliance by integrating infrastructure accounts, classifying retrieved entities, and continuously monitoring them through system and workflow checks. The process ensures your infrastructure setup aligns with the security requirements of your selected compliance framework.

Step 1: Add and Integrate Infrastructure Systems

To begin monitoring, connect your infrastructure service providers to Sprinto. Supported providers include AWS, Azure, GCP, Heroku, MongoDB Atlas, Oracle Cloud, DigitalOcean, and Cloudflare.

• Go to Data Library → Infrastructure → Infra systems.

• Click Add infra system.

• Select a provider and follow the on-screen steps to:

  • Log in to your cloud platform

  • Generate and paste API credentials

  • Assign permissions and complete the setup

Once connected, Sprinto starts syncing data and retrieving infrastructure entities.

Step 2: Assign Infrastructure Owners

Each infrastructure system must have an assigned Infra Owner—the designated person responsible for resolving compliance checks and receiving notifications.

• Open the Configure panel from the Infra system card

• Under Infra Owner, click Change

• Select a staff member with the necessary security role (e.g., Infra Operations Person)

Step 3: Classify Infrastructure Entities

Sprinto uses entity classification to determine which resources should be monitored for compliance. Entities can be classified as:

• Production – Subject to all compliance monitoring (e.g., encryption, backup, disk protection)

• Not Production – Excluded from production-specific checks

• Unclassified – Awaiting manual, tag-based, or parent-based classification

You can set a default classification at the system level and override it for individual entities.

Classification Methods:

• System-level default (via Configure drawer)

• Manual override (entity-level evaluation)

• Tag-based (using supported keys like env: prod)

• Parent-based (inherits classification from parent entity)

Step 4: Monitor System and Workflow Checks

Once entities are classified, Sprinto automatically maps relevant checks.

Types of checks:

• System checks – Triggered automatically for integrated services; statuses update based on configuration changes

• Workflow checks – Manually configured periodic checks that require evidence uploads (e.g., backup evidence)

To add checks:

• Go to the Monitoring tab

• Click Add checks

• Select from:

  • Templates

  • Single workflow check

  • Bulk upload option

Step 5: Review and Resolve Compliance Tasks

All pending issues are tracked under the Task Drawer for each infrastructure system. It displays:

• Failing, Critical, and Due checks

• Assigned and escalated owners

• Fix instructions

• Integrated remediation (via "View & Fix" or "Fix it" buttons)

Tasks can be resolved either:

• Directly in Sprinto (for supported checks)

• By performing actions in the cloud platform and syncing status

• By uploading evidence for workflow checks

Step 6: Use the Monitoring Tab for Ongoing Oversight

The Monitoring tab provides a central view of:

• All active and available infrastructure-related checks

• Check statuses (Passing, Due, Disabled, etc.)

• Task ownership and provider-level filtering

You can disable checks, reassign ownership, or add new checks at any time.