How to resolve Sprinto checks for roles assignments

Sprinto comes packed with the set of checks that ensure all necessary roles are assigned on your Sprinto account to meet the compliance requirements.

Sprinto activates the relevant checks when a critical compliance role is unassigned or a staff member is not assigned a job role and reporting manager. These checks remain activated “Due/Critical/Failing” until the role is assigned.

What are the Sprinto checks for role assignment

Below is the list of Sprinto checks related to the role assignments:

Check: Infosec officer should be assigned

Role description: The Infosec officer is a pivotal figure in the organizational compliance program. The Infosec role’s responsibilities include maintaining organization policies, assessing vendor risks, and overseeing staff access to critical systems.

Note: Assign Infosec and complaince manager roles to two different persons.

Check: Privacy officer should be assigned

Role description: Privacy officer is a security role, you can assign this role to any of the admin users on your Sprinto account. A privacy officer is responsible for upholding the organization's data privacy policy and device privacy.

Check: People operations person should be assigned

Role description: The People operations (People Ops) persons is a security role. You can assign this role to any of the admin users on your Sprinto account. They handle various organizational operations and related concerns and ensures the operations are compliant with the framework requirements.

Check: Infra operations person should be assigned

Role description: The Infrastructure operations person is a security role. You can assign this role to any of the admin users on your Sprinto account. Infra operations person ensures security compliance is maintained in all infrastructure operations within the organization.

Check: Compliance program manager should be assigned

Role description: The compliance program manager is a security role. You can assign this role to any of the admin users on your Sprinto account. The Compliance manager oversees compliance actions taken by the Infosec Officer, People Ops person, and Privacy Officer. The responsibilities also include ensuring that the implemented controls meet the compliance requirements of the data compliance framework. Organizational compliance goals are met with the implemented controls.

Note: Assign Infosec and complaince manager roles to two different persons.

Check: Senior management should be assigned

Role description: Senior management is a security role. You can assign this role to any of the admin users on your Sprinto account. Senior management role is usually given to someone that represents the top management roles like CEO, board members, etc. The senior management periodically reviews various assessments performed by the Infosec officer to ensure all complaint-related requirements are met.

Check: Staff role should be assigned

Role description: All staff members marked as In-scope in your Sprinto account must be assigned a job role. Defining job roles assists Sprinto in implementing various compliance controls, such as controlling critical system access, maintaining organizational charts, and more.

Check: Reporting manager should be assigned

Role description: All In-scope staff members, except top management roles like CEO and CTO, must be assigned a reporting manager. This assignment helps Sprinto maintain the organizational chart in the operational hierarchy.

Note: All In-scope staff members must be assigned a reporting manager, except for top management roles like CEO, CTO, Board members, etc.

How to fix these Sprinto checks

Once the related role is assigned to your Sprinto account, the status of the respective Sprinto check changes to "Passing." Refer to the procedures below to assign roles: