“Data Processing And Scanning Systems For Assessing Vendor Risk” in Patent Application Approval Process (USPTO 20220300620): OneTrust LLC
2022 OCT 12 (NewsRx) -- By a
This patent application is assigned to
The following quote was obtained by the news editors from the background information supplied by the inventors: “Over the past years, privacy and security policies, and related operations have become increasingly important. Breaches in security, leading to the unauthorized access of personal data (which may include sensitive personal data) have become more frequent among companies and other organizations of all sizes. Such personal data may include, but is not limited to, personally identifiable information (PII), which may be information that directly (or indirectly) identifies an individual or entity. Examples of PII include names, addresses, dates of birth, social security numbers, and biometric identifiers such as a person’s fingerprints or picture. Other personal data may include, for example, customers’ Internet browsing habits, purchase history, or even their preferences (e.g., likes and dislikes, as provided or obtained through social media).
“Many organizations that obtain, use, and transfer personal data, including sensitive personal data, have begun to address these privacy and security issues. To manage personal data, many companies have attempted to implement operational policies and processes that comply with legal requirements, such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) or the U.S.’s Health Insurance Portability and Accountability Act (HIPPA) protecting a patient’s medical information. Many regulators recommend conducting privacy impact assessments, or data protection risk assessments along with data inventory mapping. For example, the GDPR requires data protection impact assessments. Additionally, the United Kingdom ICO’s office provides guidance around privacy impact assessments. The OPC in
“Many organizations have also begun to track the compliance of their vendors with privacy laws, regulations, and/or standards. This can be expensive and time consuming using traditional methods. Accordingly, there is a need for improved systems and methods for efficiently tracking the compliance of vendors with privacy laws, regulations, and/or standards, and for assessing the risk associated with doing business with a particular vendor.”
In addition to the background information obtained for this patent application, NewsRx journalists also obtained the inventor’s summary information for this patent application: “A method according to various embodiments, may include: executing, by computing hardware, a download of a software application from a computer system associated with a vendor; identifying, by the computing hardware and based on the download of the software application, a plurality of vendor attributes, wherein the plurality of vendor attributes comprises a privacy disclaimer associated with the software application; determining, by the computing hardware, factors for the plurality of vendor attributes, wherein determining the factors for the plurality of vendor attributes comprises determining a privacy disclaimer factor for the privacy disclaimer by: analyzing the privacy disclaimer to determine whether the privacy disclaimer comprises language associated with at least one of a legal requirement or an industry requirement; and determining the privacy disclaimer factor based on whether the privacy disclaimer comprises the language associated with the at least one of the legal requirement or the industry requirement; determining, by the computing hardware, a vendor risk rating based on the factors for the plurality of vendor attributes; generating, by the computing hardware and based on the vendor risk rating, a graphical user interface by configuring a navigation element on the graphical user interface and excluding a display element from the graphical user interface, wherein: the navigation element is configured for initiating a responsive action based on the vendor risk rating, and the display element is configured for presenting the vendor risk rating; transmitting, by the computing hardware, an instruction to a user device to present the graphical user interface on the user device; detecting, by the computing hardware, selection of the navigation element; and responsive to detecting the selection of the navigation element, initiating, by the computing hardware, the responsive action.
“In particular embodiments, the responsive action comprises: generating a second graphical user interface comprising an indication of the vendor risk rating and transmitting a second instruction to a third-party computing device to present the second graphical user interface on the third-party computing device. In particular embodiments, the second graphical user interface further comprises an indication of the software application. In particular embodiments, the responsive action comprises: generating an electronic communication comprising an indication of the vendor risk rating and transmitting the electronic communication to a third-party computing device. In particular embodiments, the factors for the plurality of vendor attributes comprise a security certification factor; and the method further comprises: analyzing computer code associated with the vendor to identify an indication of a security certification associated with the vendor; and determining the security certification factor based on the security certification. In particular embodiments, the factors for the plurality of vendor attributes comprise a security certification factor; and the method further comprises: scanning a website associated with the vendor to identify an image associated with a security certification associated with the vendor; and determining the security certification factor based on the security certification. In particular embodiments, determining the security certification factor based on the security certification comprises: accessing a database of security certifications to determine whether the vendor holds the security certification; and determining the security certification factor based on whether the vendor holds the security certification.
“A system, according to various embodiments, may include: a non-transitory computer-readable medium storing instructions; and a processing device communicatively coupled to the non-transitory computer-readable medium, wherein the processing device is configured to execute the instructions and thereby perform operations comprising: downloading a software application from a computer system associated with a vendor; identifying a privacy disclaimer associated with the software application; determining a privacy disclaimer factor for the privacy disclaimer based on whether the privacy disclaimer comprises language associated with at least one of a legal requirement or an industry requirement; determining a vendor risk rating based on the privacy disclaimer factor; determining that the vendor risk rating meets a threshold risk rating; generating a graphical user interface based on determining that the vendor risk rating meets the threshold risk rating by configuring a first navigation element on the graphical user interface and excluding a second navigation element from the graphical user interface, wherein: the first navigation element is configured for initiating a responsive action based on the vendor risk rating meeting the threshold risk rating, and the second navigation element is configured for navigating to a display element that presents an indication that the vendor risk rating does not meet the threshold risk rating; transmitting an instruction to a user device to present the graphical user interface on the user device; detecting a selection of the first navigation element; and responsive to detecting the selection of the first navigation element, initiating the responsive action.
“In particular embodiments, identifying the privacy disclaimer associated with the software application comprises identifying the privacy disclaimer on a webpage provided by the vendor for downloading the software application. In particular embodiments, the vendor risk rating is further based on a public information factor; and the method further comprises determining the public information factor based on public information associated with the vendor. In particular embodiments, the public information comprises social networking website content. In particular embodiments, the public information comprises at least one of an employee title, an employee role, or an available job post. In particular embodiments, the public information comprises an indication of a contract between the vendor and a government entity. In particular embodiments, the vendor risk rating is further based on a third-party processor factor; and the method further comprises determining the third-party processor factor based on a webpage provided by the vendor for downloading the software application.
“A non-transitory computer-readable medium according to various embodiments, may store computer-executable instructions that, when executed by processing hardware, configure the processing hardware to perform operations comprising: downloading a software application from a computer system associated with a vendor; identifying a privacy disclaimer associated with the software application; determining a privacy disclaimer factor for the privacy disclaimer based on whether the privacy disclaimer comprises language associated with at least one of a legal requirement or an industry requirement; determining a vendor risk rating based on the privacy disclaimer factor; generating a graphical user interface based on determining that the vendor risk rating does not meet a threshold risk rating by configuring a first navigation element on the graphical user interface and excluding a second navigation element from the graphical user interface, wherein: the first navigation element is configured for initiating a responsive action based on the vendor risk rating not meeting the threshold risk rating, and the second navigation element is configured for initiating a second responsive action based on the vendor risk rating meeting the threshold risk rating; transmitting an instruction to a user device to present the graphical user interface on the user device; detecting a selection of the first navigation element; and responsive to detecting the selection of the first navigation element, initiating the first responsive action.
“In particular embodiments, determining the vendor risk rating based on the privacy disclaimer factor comprises a step for determining the vendor risk rating based on a plurality of vendor factors, wherein the plurality of vendor factors comprises the privacy disclaimer factor. In particular embodiments, determining the vendor risk rating based on the plurality of vendor factors comprises a step for applying a respective weighting factor to a respective vendor attribute to determine each of the plurality of vendor factors. In particular embodiments, the first responsive action comprises transferring the vendor risk rating to a current or potential customer of the vendor for use in assessing a risk of doing business with the vendor. In particular embodiments, identifying the privacy disclaimer associated with the software application comprises downloading the privacy disclaimer with the software application. In particular embodiments, identifying the privacy disclaimer associated with the software application comprises identifying the privacy disclaimer on a webpage generated by the vendor in response to downloading the software application.”
There is additional summary information. Please visit full patent to read further.”
The claims supplied by the inventors are:
“1. A method comprising: scanning, by computing hardware, computer code corresponding to a vendor; identifying, by the computing hardware, one or more vendor attributes indicating compliance with one or more industry standards based on the scanning; determining, by the computing hardware, a respective weighting factor for each of the one or more vendor attributes; calculating, by the computing hardware, a weighted sum based on the one or more vendor attributes and the respective weighting factors; setting, by the computing hardware, the weighted sum as a vendor compliance rating; and performing, by the computing hardware, an automated action based on the vendor compliance rating.
“2. The method of claim 1, wherein the automated action comprises transferring the vendor compliance rating to a current or potential client of the vendor for use in assessing doing business with the vendor.
“3. The method of claim 1, wherein the method is reperformed periodically for the vendor based on a period determined by a previously-calculated vendor compliance rating for the vendor.
“4. The method of claim 1, wherein the method is reperformed in response to detecting a change in the computer code.
“5. The method of claim 1, wherein the computer code is hosted on a website of the vendor and comprises at least one of: HTML, code; Java code; or JavaScript code.
“6. The method of claim 1, wherein the computer code comprises an image indicates at least one of: membership in an organization related to the vendor attribute; partnership with a key partner; receipt of an award related to the vendor attribute; or certification related to the vendor attribute.
“7. The method of claim 1, wherein: scanning the computer code comprises: retrieving, by the computing hardware, textual information presented on a website; and identifying one or more vendor attributes comprises: using, by the computing hardware, natural language processing to identify a term associated with the one or more industry standards.
“8. The method of claim 7, wherein the textual information comprises a blog post presented on a website of the vendor.
“9. The method of claim 7, wherein: the website is at least one of: a social media site; or a job listing site; and identifying one or more vendor attributes further comprises: determining, by the computing hardware, an employee title of a vendor employee, the employee title corresponding to implementation of industry standards.
“10. The method of claim 1, wherein: the vendor attribute comprises at least one of: a certification from an organization; or membership in the organization; and the method further comprises: accessing, by the computing hardware, a website of the organization; and confirming, by the computing hardware, that the vendor attribute corresponds to the vendor by locating a name of the vendor on the website.
“11. The method of claim 10, wherein the organization is a governmental entity.
“12. The method of claim 10, wherein confirming that the vendor attribute corresponds to the vendor further comprises: determining, by the computing hardware, that the vendor has participated in or is planning to participate in a conference related to the one or more vendor attributes.
“13. The method of claim 1, wherein the vendor attribute is associated with at least one of: details regarding how the vendor supplies a component or raw material to a client; or a contractor used by the vendor.
“14. The method of claim 1, further comprising: providing, by the computing hardware, a threshold assessment to the vendor; receiving, by the computing hardware, answers from the vendor for threshold assessment; calculating, by the computing hardware, a threshold assessment score; and setting, by the computing hardware, the threshold assessment score as a vendor attribute of the one or more vendor attributes.
“15. The method of claim 14, further comprising: providing, by the computing hardware, an impact assessment in response to determining that the threshold assessment score does not satisfy a pre-determined threshold, wherein the impact assessment comprises more questions than the threshold assessment.
“16. A vendor risk analysis data processing system comprising: computing hardware comprising at least one processor; memory operatively coupled to the at least one computer processor, wherein the memory stores instructions that, when executed by the computing hardware, cause the computing hardware to perform operations comprising: scanning a vendor webpage to identify as association between a vendor and a third party; scanning a second webpage to confirm that an association exists between the vendor and the third party; assigning an association score to the vendor in response to confirming the association; accessing an assessment questionnaire from a server; providing the assessment questionnaire to the vendor; receiving answers to the assessment questionnaire from the vendor; assigning an assessment score to the vendor based on the answers; calculating a vendor compliance score based on a weighted sum of the association score and the assessment score; and providing the vendor compliance score to an entity.
“17. The system of claim 16, wherein the entity is at least one of a current or potential client of the vendor.
“18. The system of claim 16, wherein the assessment questionnaire comprises a question regarding at least one of: details regarding how the vendor supplies a component or raw material to a client; or a contractor used by the vendor.
“19. A non-transitory computer-readable medium storing computer-executable instructions for performing a vendor compliance assessment, the computer-executable instructions comprising instructions for: identifying an association between a vendor and an organization by locating a name of the organization on a vendor website; confirming the association by locating a name of the vendor on an organization website; determining a first score based on the association in response to the vendor name being present on the organization website; identifying a job title associated with the vendor by scanning a job website; determining a second score based on the job title; calculating a vendor compliance score by combining the first score and the second score in response to detecting a compliance statement on the vendor web site, the compliance statement indicating that the vendor complies with an industry standard; and taking an automated action based on the vendor compliance score.
“20. The non-transitory computer-readable medium of claim 19, wherein calculating the vendor compliance score further comprises combining the first score and the second score with a third score, the third score being based on at least one of: a certification related to the industry standard; or participation in a conference related to the industry standard.”
URL and more information on this patent application, see: Brannon,
(Our reports deliver fact-based news of research and discoveries from around the world.)
Patent Issued for Single entry combined functionality (USPTO 11449872): Synchrony Bank
Patent Issued for Virtual teller check system (USPTO 11446949): United Services Automobile Association
Advisor News
- Social cultivation: How to talk with wealthy prospects
- How important is a written financial plan?
- Coalition wants to advise people impacted by policy changes in new administration
- Diagnosing miscommunication in retirement planning
- Election creates an opportunity for advisor/client dialogue
More Advisor NewsAnnuity News
Health/Employee Benefits News
- Medicaid, ACA most likely to be impacted in Trump administration, panel says
- ‘Especially disgusting’: Former workers, patients, level accusations at addiction treatment empire
- Doctor’s bills often come with sticker shock
- Covering weight loss drugs driving Virginia Medicaid costs higher
- Generations
More Health/Employee Benefits NewsLife Insurance News