Sprinto DashboardAPI Reference

Configure Vendor Risk Scoring, Fields, and Documents

Learn how to configure vendor risk scoring, AI-based due diligence, custom fields, and shared documents in Sprinto.

Sprinto’s Configuration tab in the Vendors section allows you to tailor your vendor risk management framework to suit your compliance and operational needs. From defining custom scoring logic to managing metadata fields and documents, the configuration workspace ensures your vendor workflows are aligned with internal policies and industry frameworks.

1. Configure Vendor Risk Auto-Scoring

Sprinto provides a default scoring model that you can customise by editing or adding your own risk factors.

Steps:

  1. Navigate to Data Library > Vendors > Configuration.

  2. Under Vendor Risk Auto-Scoring, click Manage.

  1. Configure the Vendor risk factors by:

    1. Enabling/Disabling the risk factor by using a toggle.

    2. Add a new risk factor value by adding value name, score and description.

    3. Edit Risk factor value, description and score.

    4. Archive the risk factor value

  1. To add a new factor:

    • Scroll to the bottom and click Add Risk Factor.

  • Choose a response type (single or multi-select).

  • Define scoring values and click Add.

Changes can be applied retroactively or kept only for new assessments.

2. Enable AI-Powered Due Diligence

Sprinto AI helps you automatically evaluate security documents submitted by vendors.

Steps:

  1. In the Configuration tab, locate the Automate Due Diligence using Sprinto AI section.

  2. Click Manage to see details of AI-supported frameworks (e.g., SOC 2, ISO).

  3. Enable Sprinto AI for supported documents.

AI analysis is optional; manual review is always available as a fallback.

3. Manage Custom Fields for Vendors

Custom fields allow you to capture organisation-specific metadata (e.g., business unit, compliance contact, renewal date).

Steps:

  1. In the Configuration tab, scroll to Custom Fields.

  2. Click Manage.

  1. You’ll be redirected to Settings > Custom Fields.

  2. To learn about this in detail refer to the Custom Fields document.

Disabled fields are hidden from the UI but data is retained.

4. Define Shared Vendor Documents

You can predefine a list of documents that must be collected from vendors during due diligence.

Steps:

  1. In the Configuration tab, find the Documents for Vendors section.

  2. Click Manage.

  3. Add, edit, or remove required document types.

    • Examples: SOC 2 Report, Penetration Test Report, Privacy Policy

  4. Changes apply across all vendors.

These document types appear as selectable options when uploading or requesting documents.

PreviousVendor Risk AssessmentNextFrequently Asked Questions

Last updated