Sprinto DashboardAPI Reference

Workflow Checks

Workflow Checks in Sprinto are time-driven compliance tasks that help you collect evidence, delegate ownership, and maintain audit readiness.

Workflow Checks in Sprinto are periodic, time-driven checks that ensure specific compliance actions or processes are completed within defined intervals.

Unlike system checks, which continuously monitor configuration states in real time, workflow checks activate on a schedule to uphold organisational compliance standards.

Benefits of Workflow Checks

  • Timely compliance notifications – workflow checks remind users to complete pending compliance actions within specified timeframes.

  • Evidence collection for auditing – supporting documents can be attached, helping streamline audits.

  • Delegation of responsibilities – checks can be assigned to administrators or designated users, allowing Infosec responsibilities to be distributed effectively.

How Workflow Checks Work

The lifecycle of a workflow check can be understood in two stages:

1. Configuring Workflow Checks

  • You can configure workflow checks from the dedicated Workflow Checks section in the Data Library.

  • Some workflow checks are preconfigured automatically when you enable a compliance framework. These can be modified if required.

  • You can also configure checks within specific compliance areas, such as:

    • People

    • Vendors

    • Access

    • Vulnerabilities

    • Infrastructure

    • Staff devices

    • Reviews

  • For detailed setup, refer to the guides on adding a workflow check or adding a custom workflow check.

2. Resolving Workflow Checks

Once active, workflow checks appear with statuses such as Due, Critical, or Failing, depending on the time elapsed since activation.

You can resolve them in the following ways:

  • Run a workflow check – upload evidence (via template or manual upload) to demonstrate that the required process has been completed.

    • Example: A workflow check for staff device health requires uploading a Mobile Device Management (MDM) report showing device compliance status.

  • Mark as a special case – if a check is irrelevant or cannot be completed, you can mark it as a special case. This passes the check for the cycle and categorises the submission under “Special Cases”.

Use Cases

Use Case
Description
Example Evidence

Staff device compliance

Validate that all in-scope devices meet organisational security requirements.

Screenshot or report from an MDM tool.

Disaster recovery

Demonstrate that disaster recovery plans are reviewed and tested periodically.

Tabletop exercise notes or simulation test reports.

Privacy policy review

Show that organisational privacy policies are periodically updated and approved.

Revised policy document with approval notes.

Vendor due diligence

Confirm that critical vendor assessments are performed as required.

Vendor risk report or completed security questionnaire.

Employee onboarding checks

Ensure hiring evaluations and background checks are performed for new employees.

HR records, evaluation forms, or training logs.

PreviousGlossaryNextHow Workflow Checks Work

Last updated