How it Works

Sprinto’s Reviews feature helps you stay compliant by guiding designated roles through periodic evaluations of your organisation’s security practices. These reviews can either be auto-triggered based on framework SLAs (like SOC 2, ISO 27001) or created manually to suit internal processes.

There are two kinds of reviews you can perform:

• Senior Management Reviews Mandatory, time-based checks like policy review, org chart validation, risk and vendor assessments.

• Workflow Checks Customisable, process-driven reviews—ideal when your organisation conducts assessments outside of Sprinto.

What You’ll Need

• You must be assigned the correct role: Infosec Officer or Senior Management.

• Reviews must be triggered (either automatically by Sprinto or manually via Add Workflow Check).

• For some reviews, required actions like policy setup or risk assessments must already be completed.

Step 1: Go to Reviews

1. Log in to the Sprinto dashboard.

2. Navigate to Data Library > Reviews.

3. Use the tabs to switch between:

   • Senior Management (default)

   • Workflow Checks

Step 2: Finish a Pending Review

You’ll see a list of review cards with current statuses: ✅ Passing ⚠️ Critical ⏳ Due ❌ Failing

1. Click Finish pending review on any check.

2. Review the presented data—this might include:

   • A list of policies

   • Your org chart and roles

   • A vendor risk report

   • An internal audit summary

3. Add comments if needed.

4. Confirm the checklist by ticking I have reviewed...

5. Click Submit Review.

Step 3: View Completed Reviews

You can view past reviews for audit trail purposes:

1. Click View completed reviews on any review card.

2. You’ll see:

   • Who completed the review

   • When it was completed

   • Any comments or evidence added

Step 4: Add or Manage Workflow Checks

To manually add a review check:

1. Click Add workflow check.

2. Choose from predefined templates (e.g. Internal Audit, Board Review) or create a custom one.

3. Configure the check:

   • Add title and description

   • Set frequency (e.g. every 12 months)

   • Assign a reviewer

   • Enable evidence requirement, if needed

Step 5: Upload Evidence (Optional)

Some reviews may require documentation, such as:

• Internal audit reports (CSV or PDF)

• Org chart screenshots

• Vendor due diligence files

You can upload evidence while completing the review or later by going into Manage.

Step 6: Track Status and Stay Compliant

Sprinto automatically updates the status of each review:

Sprinto sends reminders to assigned stakeholders, helping you stay on top of what’s due.