# Governance & Compliance Monitors

The **Governance & Compliance Monitors** section helps you track organisational and policy-level controls that are not directly tied to cloud infrastructure or user identity providers. These checks typically align with:

* **Risk governance**
* **Policy enforcement**
* **Compliance program oversight**

They are designed to ensure that your organisation follows a structured, repeatable approach to identifying risks, assigning responsibilities, and maintaining up-to-date security documentation.

***

#### What does Sprinto monitor here?

Sprinto automatically evaluates whether your organisation is:

<table><thead><tr><th width="220.78125">Check Type</th><th>Description</th></tr></thead><tbody><tr><td><strong>Periodic Risk Assessment</strong></td><td>Checks if your Risk Register is updated regularly and new risks are assessed.</td></tr><tr><td><strong>Risk Owner Assignment</strong></td><td>Verifies if each documented risk has a designated owner.</td></tr><tr><td><strong>Risk Treatment Updates</strong></td><td>Detects whether mitigation plans or accepted risks are outdated.</td></tr><tr><td><strong>Policy Acknowledgment</strong></td><td>(Planned) Tracks if teams have acknowledged key policies in Sprinto.</td></tr></tbody></table>

***

#### Key Checks and How to Resolve

**1. Resolve Sprinto Check for Periodic Risk Assessment**

* Go to: `Risk Register` in Sprinto
* Update stale risks or add new ones
* Assign owners and update statuses
* Upload evidence via the Risk Register or as supporting docs

***

#### Who is responsible for these checks?

<table><thead><tr><th width="184.6796875">Role</th><th width="444.0625">Responsibility</th></tr></thead><tbody><tr><td><strong>Compliance Officer</strong></td><td>Coordinates the overall risk assessment process</td></tr><tr><td><strong>Risk Owners</strong></td><td>Maintain individual risks and mitigation progress</td></tr><tr><td><strong>Infosec / GRC Teams</strong></td><td>Provide oversight, alignment with frameworks, and reviews</td></tr><tr><td><strong>Sprinto Admin</strong></td><td>Uploads evidence and updates the platform accordingly</td></tr></tbody></table>

***

#### Evidence Examples

* Screenshots of updated risks in Sprinto
* PDF summary of your latest risk workshop
* Uploaded trackers showing risk prioritisation
* Audit logs of changes to risk entries

***

#### Upcoming Additions (Coming Soon)

* Policy acknowledgment tracking
* Policy-to-risk mapping monitors
* Escalation workflows for overdue risks

***

#### Glossary

<table><thead><tr><th width="143.69921875">Term</th><th>Definition</th></tr></thead><tbody><tr><td><strong>Risk Register</strong></td><td>A list of known risks, their impact/likelihood, and current status</td></tr><tr><td><strong>Risk Owner</strong></td><td>The person responsible for managing or mitigating a particular risk</td></tr><tr><td><strong>Treatment Plan</strong></td><td>Strategy for accepting, mitigating, or transferring a risk</td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sprinto.com/monitors/governance-and-compliance-monitors.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.