# How it Works

Sprinto’s **Reviews** feature helps you stay compliant by guiding designated roles through periodic evaluations of your organisation’s security practices. These reviews can either be auto-triggered based on framework SLAs (like SOC 2, ISO 27001) or created manually to suit internal processes.

There are two kinds of reviews you can perform:

* **Senior Management Reviews**\
  Mandatory, time-based checks like policy review, org chart validation, risk and vendor assessments.
* **Workflow Checks**\
  Customisable, process-driven reviews—ideal when your organisation conducts assessments outside of Sprinto.

***

### What You’ll Need

* You must be assigned the correct role: Infosec Officer or Senior Management.
* Reviews must be triggered (either automatically by Sprinto or manually via **Add Workflow Check**).
* For some reviews, required actions like policy setup or risk assessments must already be completed.

***

### Step 1: Go to Reviews

1. Log in to the Sprinto dashboard.
2. Navigate to **Data Library** > **Reviews**.
3. Use the tabs to switch between:
   * **Senior Management** (default)
   * **Workflow Checks**

***

### Step 2: Finish a Pending Review

You’ll see a list of review cards with current statuses:\
✅ Passing ⚠️ Critical ⏳ Due ❌ Failing

1. Click **Finish pending review** on any check.
2. Review the presented data—this might include:
   * A list of policies
   * Your org chart and roles
   * A vendor risk report
   * An internal audit summary
3. Add comments if needed.
4. Confirm the checklist by ticking **I have reviewed...**
5. Click **Submit Review**.

***

### Step 3: View Completed Reviews

You can view past reviews for audit trail purposes:

1. Click **View completed reviews** on any review card.
2. You’ll see:
   * Who completed the review
   * When it was completed
   * Any comments or evidence added

***

### Step 4: Add or Manage Workflow Checks

To manually add a review check:

1. Click **Add workflow check**.
2. Choose from predefined templates (e.g. Internal Audit, Board Review) or create a custom one.
3. Configure the check:
   * Add title and description
   * Set frequency (e.g. every 12 months)
   * Assign a reviewer
   * Enable evidence requirement, if needed

***

### Step 5: Upload Evidence (Optional)

Some reviews may require documentation, such as:

* Internal audit reports (CSV or PDF)
* Org chart screenshots
* Vendor due diligence files

You can upload evidence while completing the review or later by going into **Manage**.

***

### Step 6: Track Status and Stay Compliant

Sprinto automatically updates the status of each review:

<table><thead><tr><th width="143.08203125">Status</th><th width="405.9375">Meaning</th></tr></thead><tbody><tr><td><strong>Passing</strong></td><td>Review completed within the SLA</td></tr><tr><td><strong>Due</strong></td><td>Review pending; SLA breach not yet critical</td></tr><tr><td><strong>Critical</strong></td><td>Review due in 7 days or fewer</td></tr><tr><td><strong>Failing</strong></td><td>Review overdue and non-compliant</td></tr></tbody></table>

Sprinto sends reminders to assigned stakeholders, helping you stay on top of what’s due.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sprinto.com/data-library/reviews/how-it-works.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.