Reviews

The Reviews section in Sprinto helps organisations maintain compliance by enabling periodic evaluations of key security processes. Located within the Data Library, it supports formalised reviews conducted by designated roles—typically the Senior Management—across areas such as policies, risk assessments, organisational structure, vendor assessments, and internal audits.

Sprinto separates reviews into two categories:

• Senior Management Reviews – Mandatory, scheduled reviews initiated by Sprinto as per framework SLAs.

• Workflow Checks – Configurable, process-driven checks added manually for specific review cycles (e.g. Internal Audit).

These reviews are designed to validate the effectiveness and correctness of actions taken by assigned Infosec roles. When a review is due, the system notifies relevant stakeholders, highlights status (e.g. Passing, Failing), and allows review completion via an intuitive checklist and evidence upload flow.

Features

• Built-in Compliance Monitors Sprinto automatically provisions periodic review monitors based on your selected frameworks (e.g. SOC 2, ISO 27001, GDPR). These monitors trigger reviews such as policy evaluations, risk reassessments, and org structure validation at scheduled intervals.

• Customisable Workflow Checks Teams can add workflow checks for specific compliance-driven processes not covered by built-in monitors. For example, internal audits, PCI DSS-specific assessments, or board-level operations reviews. Each check can be configured with instructions, frequency, assigned reviewers, and evidence requirements.

• Visual Review Status Indicators Each review check is labelled as Passing, Failing, Due, or Critical, based on SLA thresholds and reviewer activity. This allows stakeholders to prioritise pending actions and maintain audit-readiness at all times.

• Role-Based Assignments and Notifications Each review is assigned to a relevant stakeholder—typically someone in a senior management or Infosec role. Sprinto automatically sends reminders when a check is activated and tracks accountability throughout the review lifecycle.

• Review Flow with Acknowledgement and Comments Reviewers can click Finish Pending Review to access the assigned check, validate content, add comments, and confirm accuracy. Completion is tracked with timestamps and optional review notes.

• Evidence Upload Support All reviews support uploading of supporting evidence, such as policy documents, internal audit reports, or org charts. Users can also mark a check as a “special case” if the review cannot be completed under standard conditions.

• Audit Trail and History View Completed reviews are archived and can be accessed anytime via the View Completed Reviews link. Sprinto retains a complete activity log for every review event, useful for external audits or internal governance reporting.

Use Cases