# Overview

Sprinto helps you set up policies that are aligned with your compliance frameworks, track their approval and acknowledgment status, and ensure that your employees are always aware of the rules that govern your operations.

***

### **What are Policies?**

Policies are documented rules that define how your organisation operates securely, ethically, and in compliance with regulatory requirements. They are essential for building trust with auditors, customers, and employees.

Each policy sets the **what**—the rule itself—while procedures define the **how**—the steps required to implement or comply with the rule. Sprinto also supports non-policy artefacts, such as ISMS scope documents or audit reports, which can be submitted as evidence.

<figure><img src="/files/9FDbNcne2ToGLUTCkyb8" alt=""><figcaption></figcaption></figure>

***

### **Why use Policies in Sprinto?**

* Get pre-configured policies tailored to your selected framework
* Create or upload policies and procedures with flexible options
* Assign approval workflows and track employee acknowledgements
* Map policies to relevant security controls for audit readiness
* Sync with Confluence or SharePoint to import existing documentation

***

### **Supported document types**

<table><thead><tr><th width="108.71875">Type</th><th width="595.91015625">Description</th></tr></thead><tbody><tr><td><strong>Policy</strong></td><td>Defines an organisational rule (e.g. <em>All staff devices must be encrypted</em>).</td></tr><tr><td><strong>Procedure</strong></td><td>Describes how to implement a policy (e.g. <em>Steps to enable encryption on Windows</em>).</td></tr><tr><td><strong>Document</strong></td><td>Any supporting artefact, such as an audit charter, vendor risk assessment, or system description.</td></tr></tbody></table>

You can create these using Sprinto templates, write them from scratch, upload them as PDFs, or sync them from Confluence or SharePoint.

***

### **Who is it for?**

<table><thead><tr><th width="235.890625">Role</th><th width="487.8828125">Responsibilities</th></tr></thead><tbody><tr><td><strong>Admins and InfoSec owners</strong></td><td>Set up and maintain policies, assign reviewers, track acknowledgements, and monitor version history.</td></tr><tr><td><strong>Employees</strong></td><td>View and acknowledge assigned policies through the employee portal.</td></tr><tr><td><strong>Auditors</strong></td><td>Review policy documents and control mappings during compliance assessments.</td></tr></tbody></table>

***

### **Use cases**

<table><thead><tr><th width="222.2890625">Scenario</th><th>Description</th></tr></thead><tbody><tr><td><strong>Initial setup</strong></td><td>Create policies using framework-aligned templates to get started quickly.</td></tr><tr><td><strong>Policy maintenance</strong></td><td>Keep policies up to date, versioned, and reviewed by the right stakeholders.</td></tr><tr><td><strong>Audit readiness</strong></td><td>Map policies to controls and generate evidence reports for audit cycles.</td></tr><tr><td><strong>Organisation-wide rollout</strong></td><td>Assign policies to specific teams or business units using zones.</td></tr><tr><td><strong>Documentation sync</strong></td><td>Automatically pull policies and procedures from Confluence or SharePoint.</td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sprinto.com/policies/overview.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.