# How it Works

The Policies module enables you to create, manage, and maintain documentation aligned with your compliance frameworks. Whether you use Sprinto templates, upload custom documents, or sync from Confluence, all policies follow a structured lifecycle designed to ensure audit readiness and team-wide visibility.

***

### **Step 1: Add a policy, procedure, or document**

You can create a new item in the Policies module in one of the following ways:

<table><thead><tr><th width="215.95703125">Method</th><th>Description</th></tr></thead><tbody><tr><td><strong>Use a Sprinto template</strong></td><td>Select from pre-built policies aligned with frameworks like ISO 27001, SOC 2, and GDPR.</td></tr><tr><td><strong>Use the built-in editor</strong></td><td>Draft policies or procedures from scratch using Sprinto’s rich text editor.</td></tr><tr><td><strong>Upload a file</strong></td><td>Upload a non-editable document in PDF format.</td></tr><tr><td><strong>Select from library</strong></td><td>Choose framework-required documents (e.g. ISMS scope) from Sprinto’s content library.</td></tr><tr><td><strong>Sync from Confluence or SharePoint</strong></td><td>Import policies directly using document labels and metadata.</td></tr></tbody></table>

Once added, each policy appears in **Draft** status and must be reviewed before it becomes active.

***

### **Step 2: Review and approve the policy**

After drafting or uploading a policy:

1. Assign an **Approver** to the document.
2. (Optional) Assign **Reviewers**, who can comment but cannot approve.
3. Click **Send for approval**.

Once the policy is approved, it moves from **Pending approval** to **Active**. Only active policies can be shared with employees for acknowledgement.

***

### **Step 3: Map security controls**

For each approved policy, you can map it to specific controls required by your framework.

* Use **AI-assisted mapping** to generate control suggestions.
* Or manually select controls from the control drawer.
* Once mapped, the policy acts as evidence for the selected controls.

Policies created from templates often come with predefined control mappings.

***

### **Step 4: Monitor policy status and history**

Every policy includes version history and metadata:

* Track changes, approvals, and reviewer comments across versions.
* View the status of each policy (Draft, Pending, Active, or Disabled).
* Download documents or update branding from the three-dot menu.

You can also use the **Monitoring tab** to set up compliance checks tied to policy acknowledgements, reviews, or evidence submissions.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sprinto.com/policies/how-it-works.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.