Glossary

Vendor

A third-party entity or service provider with access to your organisation’s data, systems, or infrastructure.

Vendor Library

A curated list of preloaded vendors available in Sprinto, including metadata such as website, category, and risk level.

Vendor Discovery

A feature that identifies third-party services accessed by staff via connected SSO platforms like Google Workspace or Okta.

Vendor Admin

The internal Sprinto user responsible for managing compliance tasks related to a specific vendor.

Risk Scoring

The process of assigning a risk level to a vendor based on data sensitivity, access level, and operational importance.

Due Diligence

A compliance task to evaluate a vendor’s security posture by reviewing supporting documents and/or questionnaire responses.

Sprinto AI

An automated analysis engine that reviews vendor security documents (e.g., SOC 2, ISO) and generates findings.

Security Questionnaire

A structured set of questions sent to vendors to evaluate their security controls and practices.

Monitoring Tab

A dashboard view displaying vendors with open compliance tasks, such as incomplete due diligence or overdue assessments.

Breach Monitoring

A feature that tracks public data breach disclosures related to your vendors and displays them in the dashboard.

Custom Fields

Additional metadata fields created by your organisation to store vendor-specific information (e.g., region, renewal date).

Archived Vendor

A vendor that has been removed from active monitoring and assessment but remains stored for record-keeping.

Configuration Tab

A settings interface where you define risk scoring logic, enable AI review, and manage shared document types.

Assessment Cycle

A periodic review of all vendors to confirm their risk status and compliance posture, typically reviewed by senior management.

Shared Documents

Document types (e.g., SOC 2 Report, Privacy Policy) expected to be collected from each vendor as part of due diligence.