Sprinto Dashboard

Perform and Submit Senior Management Reviews

Learn how senior management completes scheduled compliance reviews in Sprinto to validate internal security actions.

Sprinto assigns periodic review responsibilities to senior management as part of maintaining compliance with frameworks like SOC 2, ISO 27001, and GDPR. These reviews validate the work completed by Infosec Officers across areas such as policies, organisational structure, risk management, and vendor assessments.

Each review is presented as a monitor that runs on a fixed cycle (usually every 12 months) and appears under the Senior management tab in the Reviews section.

Before you begin

  • Ensure that you are assigned the Senior Management role in Sprinto.

  • Verify that the prerequisite actions have been completed by the Infosec Officer:

    • Policies have been created and shared.

    • Organisation chart is populated with staff roles and reporting hierarchy.

    • Risk assessments and vendor due diligence have been completed.

Perform a senior management review

  1. Go to Data Library > Reviews > Senior management.

  2. Locate the review card you want to complete (e.g. Policy Review, Org Structure Review).

  3. Click Finish pending review.

You’ll now see a modal with the relevant data for review. Follow the section-specific guidance below.

Policy Review

  • Click View next to each policy to read its contents.

  • Add any review comments if policies need updates.

  • Tick the confirmation checkbox: I confirm that the policies listed above are accurate and complete.

  • Click Submit Review.

Org Structure Review

  • Review the displayed reporting hierarchy.

  • Address any warnings such as "No manager assigned yet".

  • Add optional comments under Review comments.

  • Tick the confirmation checkbox: I confirm that the org structure shown above is accurate and complete.

  • Click Submit Review.

Risk Assessment Review

  • View the list of assessed risks, risk scores, and mitigation status.

  • Validate the effective residual risk values and owner assignments.

  • Add review comments if required.

  • Confirm by checking: I have reviewed the risk assessment above.

  • Click Submit Review.

Vendor Assessment Review

  • Review the full list of vendors, their risk classification, and due diligence status.

  • Click on individual vendors for detailed assessments.

  • Validate that all high-risk vendors have completed due diligence.

  • Confirm by checking: I have reviewed all the vendors and their risks listed above and confirm they are accurate and complete.

  • Click Submit Review.

View completed reviews

  1. On any review card, click View completed reviews.

  2. You can inspect:

    • Past reviewers and their actions.

    • Submitted comments.

    • Evidence uploads (if applicable).

This helps maintain an audit trail and ensures transparency in the review process.

Monitor review status

Status
Meaning

Passing

Review completed and submitted successfully.

Due

Review is pending but within the SLA window.

Critical

Review is due within the next 7 days.

Failing

Review has breached the SLA or was never completed.

PreviousCreate and Manage Workflow ChecksNextReview Supporting Evidence

Last updated