Sprinto Dashboard

Sprinto Policies

Overview

Sprinto maintains a comprehensive set of organisational and security policies designed to safeguard data, ensure compliance, and establish clear responsibilities for staff, contractors, and third parties. These policies provide the framework for how Sprinto manages information security, business continuity, vendor relationships, and operational practices.

The policies define expectations for acceptable use, access control, incident management, vendor management, human resources security, physical and environmental security, and more. They apply to all staff members and external parties who interact with Sprinto systems, data, or facilities.

Each policy outlines its objective, scope, and key requirements. Together, they support Sprinto’s commitment to:

  • Protecting the confidentiality, integrity, and availability of information assets.

  • Complying with relevant legal, regulatory, and contractual requirements.

  • Ensuring continuity of operations and resilience against disruptions.

  • Maintaining transparency, accountability, and professional conduct across the organisation.

The content of these policies has been standardised for inclusion in the self-serve dashboard. No modifications have been made to the text to ensure that all staff members can access the approved versions in their original form.

Policy Index

Information Security

Information Security Policy

Establishes principles and objectives for confidentiality, integrity, and availability of information.

Communications & Network Security Policy

Defines requirements for protecting networks, communication channels, and information transfer.

Network Security Procedure

Outlines responsibilities and controls for protecting Sprinto networks and services.

Organisation of Information Security Policy

Defines ISMS governance, responsibilities, and segregation of duties.

Access and Asset Management

Policy/Procedure
Description

Access Control Policy

Establishes a framework for controlled access to systems and data based on least privilege.

Access Control Procedure

Details the procedure for user access management and removal of rights.

Acceptable Usage Policy

Defines responsible and prohibited use of company systems, devices, and accounts.

Asset Management Policy

Ensures assets are classified, tracked, and protected from unauthorised access or misuse.

Asset Management Procedure

Provides a formal process for maintaining, handling, and protecting information assets.

Media Disposal Policy

Provides guidance on secure disposal of media to prevent unauthorised data recovery.

Human Resources and Conduct

Policy/Procedure
Description

HR Security Policy

Defines information security requirements for staff and contractors across the employment lifecycle.

HR Security Procedure

Specifies HR-related security steps before, during, and after employment.

Code of Business Conduct Policy

Sets expectations for professional behaviour, integrity, and conduct.

Operations and Development

Policy/Procedure
Description

Operation Security Policy

Defines controls to ensure secure operations, including change management, logging, and monitoring.

Operations Security Procedure

Details procedures for backup, vulnerability management, and change handling.

Software Development Lifecycle Policy

Ensures security is embedded throughout the system development lifecycle.

Software Development Lifecycle Procedure

Outlines secure practices and responsibilities across software development stages.

Incident and Continuity Management

Policy/Procedure
Description

Incident Management Policy

Provides a framework for reporting, responding to, and learning from security incidents.

Incident Management Procedure

Defines the procedure for handling, classifying, and remediating security incidents.

Business Continuity & Disaster Recovery Policy

Outlines plans for continuity of operations and disaster recovery.

Business Continuity Plan

Provides step-by-step guidance for responding to extended outages or disasters.

Vendor and Compliance

Policy/Procedure
Description

Vendor Management Policy

Defines requirements for managing vendor relationships and associated risks.

Vendor Management Procedure

Provides responsibilities and steps for monitoring vendor contracts, risks, and performance.

Compliance Policy

Establishes guidelines for managing compliance with statutory, regulatory, and contractual requirements.

Compliance Procedure

Details methods for identifying and managing compliance requirements and audits.

Physical and Environmental Security

Policy/Procedure
Description

Physical & Environmental Security Policy

Establishes requirements for securing office premises, remote work, and physical access.

Physical & Environmental Security Procedure

Provides detailed procedures for protecting assets, facilities, and staff responsibilities.

Would you like me to also add a short one-line SEO description for this overview page, in line with your other Sprinto documentation pages?

PreviousSelf‑Serve DashboardNextAcceptable Usage Policy

Last updated