Sprinto Dashboard

Staff Onboarding & Access Reviews

Track and resolve onboarding and periodic access review checks for staff using Sprinto’s workflow monitoring system to ensure access hygiene and compliance.

Sprinto monitors whether your organisation has implemented structured onboarding and access review processes for staff. These checks ensure that new hires are provisioned with the correct access based on their roles, and that existing access is periodically reviewed for relevance and risk.

This article outlines the checks Sprinto performs, how to comply with them, and the recommended evidence formats for resolution.

What is Monitored

Sprinto evaluates the following two areas under this category:

  1. Staff Onboarding Process

    • New hires are onboarded using a standardised checklist or workflow

    • Access is provisioned based on defined roles and approval trails

    • Identity and access tools (e.g., Okta, Azure AD) are used for provisioning

  2. Access Review for Existing Staff

    • Periodic reviews are conducted to verify if access levels still match job roles

    • Dormant, unused, or excessive access is flagged and remediated

    • Review artefacts are captured and uploaded into Sprinto

How to Resolve the Staff Onboarding Monitor

  1. Prepare your Onboarding Workflow Artefact

    • This could be a screenshot or export from:

      • An HRMS or identity platform (e.g., BambooHR, Okta)

      • An internal checklist template (e.g., Google Sheet, Notion doc)

    • Should include:

      • New hire’s name and role

      • Assigned systems and permissions

      • Approval or reviewer name

  2. Go to Monitoring > Check History

    • Locate the Staff Onboarding workflow check

    • Click Upload Evidence

    • Attach onboarding artefact

    • Add a comment (e.g., “Access provisioned via Okta on 05 July for SRE role”)

    • Click Mark as Resolved

How to Resolve the Staff Access Review Monitor

  1. Export a User Access Report

    • From your identity provider, endpoint manager, or HRMS

    • Include name, department, role, and last login

  2. Conduct a Review

    • Compare current access against role expectations

    • Identify users who need access removed or downgraded

    • Capture actions taken and reviewer name

  3. Upload into Sprinto

    • Locate the Access Review check in Monitoring

    • Attach completed access review spreadsheet or export

    • Add context in the comments (e.g., “2 dormant accounts deactivated”)

    • Click Mark as Resolved

Best Practices

  • Integrate HRMS and IDP platforms for automated onboarding and access provisioning

  • Assign access based on predefined roles and least-privilege principles

  • Perform access reviews every 3–6 months or when team structures change

  • Retain onboarding and access review logs for audit traceability

PreviousCritical System Access ReviewsNextUser Decisioning

Last updated