How it Works

The Policies module enables you to create, manage, and maintain documentation aligned with your compliance frameworks. Whether you use Sprinto templates, upload custom documents, or sync from Confluence, all policies follow a structured lifecycle designed to ensure audit readiness and team-wide visibility.

Step 1: Add a policy, procedure, or document

You can create a new item in the Policies module in one of the following ways:

Once added, each policy appears in Draft status and must be reviewed before it becomes active.

Step 2: Review and approve the policy

After drafting or uploading a policy:

1. Assign an Approver to the document.

2. (Optional) Assign Reviewers, who can comment but cannot approve.

3. Click Send for approval.

Once the policy is approved, it moves from Pending approval to Active. Only active policies can be shared with employees for acknowledgement.

Step 3: Map security controls

For each approved policy, you can map it to specific controls required by your framework.

• Use AI-assisted mapping to generate control suggestions.

• Or manually select controls from the control drawer.

• Once mapped, the policy acts as evidence for the selected controls.

Policies created from templates often come with predefined control mappings.

Step 4: Monitor policy status and history

Every policy includes version history and metadata:

• Track changes, approvals, and reviewer comments across versions.

• View the status of each policy (Draft, Pending, Active, or Disabled).

• Download documents or update branding from the three-dot menu.

You can also use the Monitoring tab to set up compliance checks tied to policy acknowledgements, reviews, or evidence submissions.