Sprinto Dashboard

List of AI Actions

View the full list of Sprinto AI actions, grouped by entity, to see how they automate compliance and risk workflows.

Sprinto AI includes a library of AI actions that help automate compliance, security, and risk workflows. These actions are grouped by entity. Each entry shows who uses it, when to use it, and what it does.

Risk

  • Suggest risk score attributes

    • Who uses it: Risk Owner

    • When: While scoring a risk where attributes exist but values need validation

    • What it does: Suggests appropriate values for scoring attributes (e.g., Likelihood, Impact), with short justifications.

  • Risk approver analyst

    • Who uses it: Risk Approver or Reviewer

    • When: During the risk review and approval process

    • What it does: Generates a structured review of risk clarity, scoring alignment, and control coverage to support approval decisions.

  • Risk summary generator

    • Who uses it: Risk Manager

    • When: Preparing summaries for leadership reviews, board decks, or customer/vendor responses

    • What it does: Produces concise summaries highlighting the risk scenario, scores, impact, treatment strength, and approval status.

Pentest

  • Generate fix plan with time and cost implications

    • Who uses it: Security Engineers, IT Operations, Remediation Owners

    • When: Immediately after receiving a pentest report

    • What it does: Translates vulnerabilities into actionable fixes with estimated effort, cost, and operational impact.

  • Recurring vulnerability patterns from pentest report

    • Who uses it: GRC Analysts, Risk Managers, Security Leaders

    • When: During post-pentest reviews, risk reporting, or audit prep

    • What it does: Identifies recurring control weaknesses and systemic issues from pentest findings.

  • Risk identification from pentest report

    • Who uses it: Compliance Manager, CISO, Risk Owner

    • When: After reviewing pentest reports with systemic or high-risk findings

    • What it does: Elevates findings into risk register entries with clear ownership and domains.

  • Pentest report executive summary

    • Who uses it: CISO, Founder, Compliance Manager, Security Programme Lead

    • When: For leadership briefings, audits, or internal reviews

    • What it does: Produces a concise, non-technical summary of pentest scope, findings, and overall posture.

Policy

  • Policy approval assistant

    • Who uses it: Compliance Manager, VCISO, Policy Approver, Internal Reviewer

    • When: During internal policy approval workflows

    • What it does: Provides an executive summary, key edits, and downstream impacts to speed up approvals.

  • Policy refinement suggestions

    • Who uses it: Compliance Manager, Policy Manager, VCISO

    • When: While drafting or reviewing policies

    • What it does: Suggests improvements to clarity, enforceability, applicability, and audit readiness.

  • Policy to process builder

    • Who uses it: Compliance Manager, Process Owner, Internal Auditor, Risk Analyst, Ops Team

    • When: When preparing policies for audits, SOPs, or training materials

    • What it does: Extracts processes and creates plain-text flow diagrams for clearer documentation.

  • Translate policy

    • Who uses it: Policy Manager

    • When: Preparing policies for non-English-speaking teams or international audits

    • What it does: Translates policies into the selected language with audit-ready accuracy.

  • Policy summariser

    • Who uses it: Compliance Manager, Internal Auditor, Security Analyst

    • When: When reviewing or onboarding policies

    • What it does: Produces simplified summaries with notable clauses and enforcement highlights.

Vendor

  • Security questionnaire gap analyser

    • Who uses it: Third-Party Risk Manager

    • When: After receiving a vendor’s security questionnaire

    • What it does: Flags vague or missing responses, highlights gaps in control coverage, and recommends follow-ups.

  • Risk identification from vendor

    • Who uses it: Third-Party Risk Manager, GRC Analyst

    • When: After reviewing vendor questionnaires and supporting documents

    • What it does: Creates draft risk entries based on weak or missing commitments, certifications, or contractual terms.

Vulnerability

  • Vulnerability remediation planner

    • Who uses it: Security Engineer or Vulnerability Management Owner

    • When: As soon as a new vulnerability is identified

    • What it does: Suggests remediation tasks with effort, cost, and operational impact estimates to prioritise fixes.

Access Critical System

  • High-risk access user identifier

    • Who uses it: GRC Manager, System Owner, Security Analyst

    • When: During access reviews or anomaly investigations

    • What it does: Flags outliers such as excessive access, misaligned roles, orphaned accounts, or anomalies within peer groups.

Staff

  • Staff GRC consistency checker

    • Who uses it: Compliance Manager, HR-GRC Analyst

    • When: During onboarding reviews, scope validation, or audit preparation

    • What it does: Checks staff metadata and documents for inconsistencies, gaps, or weak justifications.

Incident

  • Incident risk impact summariser

    • Who uses it: VCISO, Risk Manager, Compliance Reviewer

    • When: Right after an incident is reported or during audit prep

    • What it does: Produces a short summary of incident business impact, compliance relevance, and next steps.

  • Incident remediation planner

    • Who uses it: Compliance Manager

    • When: During incident triage and remediation planning

    • What it does: Recommends 2–5 concrete remediation actions based on incident details.

PreviousDashboard ActionsNextAI Playground - Create and Configure AI Actions

Last updated