# How it Works

Sprinto’s **Reviews** feature helps you stay compliant by guiding designated roles through periodic evaluations of your organisation’s security practices. These reviews can either be auto-triggered based on framework SLAs (like SOC 2, ISO 27001) or created manually to suit internal processes.

There are two kinds of reviews you can perform:

* **Senior Management Reviews**\
  Mandatory, time-based checks like policy review, org chart validation, risk and vendor assessments.
* **Workflow Checks**\
  Customisable, process-driven reviews—ideal when your organisation conducts assessments outside of Sprinto.

***

### What You’ll Need

* You must be assigned the correct role: Infosec Officer or Senior Management.
* Reviews must be triggered (either automatically by Sprinto or manually via **Add Workflow Check**).
* For some reviews, required actions like policy setup or risk assessments must already be completed.

***

### Step 1: Go to Reviews

1. Log in to the Sprinto dashboard.
2. Navigate to **Data Library** > **Reviews**.
3. Use the tabs to switch between:
   * **Senior Management** (default)
   * **Workflow Checks**

***

### Step 2: Finish a Pending Review

You’ll see a list of review cards with current statuses:\
✅ Passing ⚠️ Critical ⏳ Due ❌ Failing

1. Click **Finish pending review** on any check.
2. Review the presented data—this might include:
   * A list of policies
   * Your org chart and roles
   * A vendor risk report
   * An internal audit summary
3. Add comments if needed.
4. Confirm the checklist by ticking **I have reviewed...**
5. Click **Submit Review**.

***

### Step 3: View Completed Reviews

You can view past reviews for audit trail purposes:

1. Click **View completed reviews** on any review card.
2. You’ll see:
   * Who completed the review
   * When it was completed
   * Any comments or evidence added

***

### Step 4: Add or Manage Workflow Checks

To manually add a review check:

1. Click **Add workflow check**.
2. Choose from predefined templates (e.g. Internal Audit, Board Review) or create a custom one.
3. Configure the check:
   * Add title and description
   * Set frequency (e.g. every 12 months)
   * Assign a reviewer
   * Enable evidence requirement, if needed

***

### Step 5: Upload Evidence (Optional)

Some reviews may require documentation, such as:

* Internal audit reports (CSV or PDF)
* Org chart screenshots
* Vendor due diligence files

You can upload evidence while completing the review or later by going into **Manage**.

***

### Step 6: Track Status and Stay Compliant

Sprinto automatically updates the status of each review:

<table><thead><tr><th width="143.08203125">Status</th><th width="405.9375">Meaning</th></tr></thead><tbody><tr><td><strong>Passing</strong></td><td>Review completed within the SLA</td></tr><tr><td><strong>Due</strong></td><td>Review pending; SLA breach not yet critical</td></tr><tr><td><strong>Critical</strong></td><td>Review due in 7 days or fewer</td></tr><tr><td><strong>Failing</strong></td><td>Review overdue and non-compliant</td></tr></tbody></table>

Sprinto sends reminders to assigned stakeholders, helping you stay on top of what’s due.
Status	Meaning
Passing	Review completed within the SLA
Due	Review pending; SLA breach not yet critical
Critical	Review due in 7 days or fewer
Failing	Review overdue and non-compliant