Sprinto Dashboard

Change Management & Disaster Recovery

Ensure compliance by documenting change control processes and disaster recovery plans in Sprinto with supporting logs, test results, and approval workflows.

Sprinto monitors whether your organisation enforces a structured approach to change management and maintains a disaster recovery (DR) plan for business continuity. These workflow checks are essential for demonstrating operational resilience and compliance with standards such as SOC 2, ISO 27001, and HIPAA.

This article outlines how Sprinto validates these checks and how to resolve them using evidence uploads or documented policies.

What is Monitored

Sprinto tracks the following areas related to operational continuity:

  1. Change Management Process

    • Existence of a documented change control policy

    • Approval and logging of infrastructure, application, or process changes

    • Use of change tracking tools or ticketing systems (e.g., Jira, ServiceNow)

  2. Disaster Recovery Planning

    • Availability of a formal DR plan

    • Frequency of DR testing (e.g., annually or semi-annually)

    • Evidence of DR drills, test reports, or recovery documentation

These are typically manual checks and require policy documents or audit logs as evidence.

Resolving the Change Management Monitor

  1. Upload your Change Management Policy

    • The document should describe:

      • Types of changes covered (infrastructure, application, access)

      • Approval workflows and roles

      • Emergency change handling

      • Change log retention and review

  2. Optional: Upload additional artefacts

    • Change request tickets (e.g., from Jira or ServiceNow)

    • Screenshots of change control board reviews or change logs

  3. Go to Monitoring > Check History

    • Locate the change management workflow check

    • Click Upload Evidence, attach documents/screenshots

    • Add a comment describing how changes are tracked and reviewed

    • Click Mark as Resolved

Resolving the Disaster Recovery Monitor

  1. Upload your Disaster Recovery Plan (DRP)

    • It should contain:

      • Recovery Point Objective (RPO) and Recovery Time Objective (RTO)

      • Responsibilities during a disaster event

      • Backup and data recovery procedures

      • DR site or cloud-based recovery strategy

  2. Upload evidence of DR Testing

    • DR drill execution report (PDF, screenshots, ticket exports)

    • Summary of issues identified and resolved

    • Date of last test (ideally within the last 12 months)

  3. In Sprinto:

    • Navigate to the DR monitor

    • Upload both DRP and test evidence

    • Add comments indicating the test scope and frequency

    • Click Mark as Resolved

Best Practices

  • Review and update the DR plan at least once a year or after major infra changes

  • Log all high-risk changes in a formal tool with timestamps and approvals

  • Maintain evidence templates for DR drills, including participant logs and outcomes

  • Ensure alignment between your DR plan and data backup monitors (RDS, EBS, etc.)

PreviousFile Integrity & Firewall ConfigurationNextCritical System Access Reviews

Last updated