Setup Guide

Kick-start your compliance journey with Sprinto in four simple steps. This guide walks you through the essential setup actions to get your organisation up and running quickly. You’ll configure your account, set up governance, build your data security programme, and manage risks—ensuring a strong foundation for ongoing compliance.

Before you begin

• Ensure you’ve signed up for Sprinto and received your account activation email.

• Add the right stakeholders as Sprinto admins. We recommend:

  • People – HR representative

  • Infrastructure, Vulnerabilities, Change management – Infrastructure admin

  • Risks, Asset Register – Compliance officer

  • Reviews – Compliance officer, senior management

• Keep your compliance frameworks in mind—these will guide the configurations you enable.

Walkthrough Video

Here's a brief walkthrough video for the employee portal.

Step 1: Configure your Sprinto account

1. Log in to Sprinto

   • Use the sign-up link to access the admin portal. Log in with your credentials.

   • On first login, Sprinto will prompt you to set up your account.

2. Set up your company profile

   • Upload your company logo (256 x 256 px, .png or .jpg, max 2 MB).

   • Enter your display name (used in policies and documents) and legal name (used in audits and official letters).

3. Invite admin users

   • Add email addresses of admin users and click Invite & Proceed.

   • Invitees will receive a welcome email with their login details.

4. Enable compliance frameworks

   • Select the frameworks you want to enable.

   • Click View to review security controls, then Add controls to enable them.

Step 2: Set up staff and organisational governance

People

• Add staff members via service integrations or manual entry (bulk upload or individual).

• Assign security roles to define responsibilities. You can also create custom roles if needed.

Policies

• Create policies using Sprinto templates, upload your own, or draft them using the built-in editor.

• Optionally, sync policies from Confluence.

• Send policies for approval once finalised.

Security trainings

• Use Sprinto or integrate an external training provider.

• Create and manage training campaigns for staff.

Device management

• Use Dr. Sprinto for device health reporting or integrate a third-party MDM solution.

Staff onboarding

• Configure onboarding workflows after adding staff, policies, and training.

• Track onboarding progress and send reminders if needed.

Step 3: Build your data security programme

Access

• Add critical access systems automatically (ACAS) or manually (MCAS).

• Configure access controls, or integrate IAM tools for easier management.

Infrastructure

• Integrate infrastructure services for automated monitoring, or set up workflow checks for manual monitoring.

• Classify resources—only Production-classified assets are monitored for compliance.

Change management

• Add code repositories, ticketing systems, or manual workflow checks.

• Review and classify repositories.

Vulnerabilities

• Integrate a vulnerability monitoring source or manage manually.

• Review and close reported vulnerabilities.

Incidents

• Use Sprinto or integrate an external system for incident management.

• Review, manage, and report incidents.

Step 4: Identify and mitigate risks

Risk assessment

• Add risks from the Sprinto library or manually.

• Score risks and map mitigation plans.

Vendor management

• Add vendors using the vendor library, CSV upload, or vendor discovery (SSO-based).

• Perform due diligence for high-risk vendors.

Additional areas

• Trust Centre – Showcase your compliance posture publicly.

• Security Questionnaires – Maintain a centralised knowledge hub for customer questionnaires.

Support

Need help?

• Visit our Support Centre