# How it Works

The Policies module enables you to create, manage, and maintain documentation aligned with your compliance frameworks. Whether you use Sprinto templates, upload custom documents, or sync from Confluence, all policies follow a structured lifecycle designed to ensure audit readiness and team-wide visibility.

***

### **Step 1: Add a policy, procedure, or document**

You can create a new item in the Policies module in one of the following ways:

<table><thead><tr><th width="215.95703125">Method</th><th>Description</th></tr></thead><tbody><tr><td><strong>Use a Sprinto template</strong></td><td>Select from pre-built policies aligned with frameworks like ISO 27001, SOC 2, and GDPR.</td></tr><tr><td><strong>Use the built-in editor</strong></td><td>Draft policies or procedures from scratch using Sprinto’s rich text editor.</td></tr><tr><td><strong>Upload a file</strong></td><td>Upload a non-editable document in PDF format.</td></tr><tr><td><strong>Select from library</strong></td><td>Choose framework-required documents (e.g. ISMS scope) from Sprinto’s content library.</td></tr><tr><td><strong>Sync from Confluence or SharePoint</strong></td><td>Import policies directly using document labels and metadata.</td></tr></tbody></table>

Once added, each policy appears in **Draft** status and must be reviewed before it becomes active.

***

### **Step 2: Review and approve the policy**

After drafting or uploading a policy:

1. Assign an **Approver** to the document.
2. (Optional) Assign **Reviewers**, who can comment but cannot approve.
3. Click **Send for approval**.

Once the policy is approved, it moves from **Pending approval** to **Active**. Only active policies can be shared with employees for acknowledgement.

***

### **Step 3: Map security controls**

For each approved policy, you can map it to specific controls required by your framework.

* Use **AI-assisted mapping** to generate control suggestions.
* Or manually select controls from the control drawer.
* Once mapped, the policy acts as evidence for the selected controls.

Policies created from templates often come with predefined control mappings.

***

### **Step 4: Monitor policy status and history**

Every policy includes version history and metadata:

* Track changes, approvals, and reviewer comments across versions.
* View the status of each policy (Draft, Pending, Active, or Disabled).
* Download documents or update branding from the three-dot menu.

You can also use the **Monitoring tab** to set up compliance checks tied to policy acknowledgements, reviews, or evidence submissions.