Patent Application Titled “Data Processing And Scanning Systems For Assessing Vendor Risk” Published Online (USPTO 20220164450): OneTrust LLC

2022 JUN 15 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- According to news reporting originating from Washington, D.C., by NewsRx journalists, a patent application by the inventor Brannon, Jonathan Blake (Smyrna, GA, US), filed on February 11, 2022, was made available online on May 26, 2022.

The assignee for this patent application is OneTrust LLC (Atlanta, Georgia, United States).

Reporters obtained the following quote from the background information supplied by the inventors: “Over the past years, privacy and security policies, and related operations have become increasingly important. Breaches in security, leading to the unauthorized access of personal data (which may include sensitive personal data) have become more frequent among companies and other organizations of all sizes. Such personal data may include, but is not limited to, personally identifiable information (PII), which may be information that directly (or indirectly) identifies an individual or entity. Examples of PII include names, addresses, dates of birth, social security numbers, and biometric identifiers such as a person’s fingerprints or picture. Other personal data may include, for example, customers’ Internet browsing habits, purchase history, or even their preferences (e.g., likes and dislikes, as provided or obtained through social media).

“Many organizations that obtain, use, and transfer personal data, including sensitive personal data, have begun to address these privacy and security issues. To manage personal data, many companies have attempted to implement operational policies and processes that comply with legal requirements, such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) or the U.S.’s Health Insurance Portability and Accountability Act (HIPPA) protecting a patient’s medical information. Many regulators recommend conducting privacy impact assessments, or data protection risk assessments along with data inventory mapping. For example, the GDPR requires data protection impact assessments. Additionally, the United Kingdom ICO’s office provides guidance around privacy impact assessments. The OPC in Canada recommends certain personal information inventory practices, and the Singapore PDPA specifically mentions personal data inventory mapping.

“Many organizations have also begun to track the compliance of their vendors with privacy laws, regulations, and/or standards. This can be expensive and time consuming using traditional methods. Accordingly, there is a need for improved systems and methods for efficiently tracking the compliance of vendors with privacy laws, regulations, and/or standards, and for assessing the risk associated with doing business with a particular vendor.”

In addition to obtaining background information on this patent application, NewsRx editors also obtained the inventor’s summary information for this patent application: “A method, according to various aspects, comprises: (1) scanning, by computing hardware, a webpage associated with a vendor; (2) identifying, by the computing hardware, vendor attributes associated with the vendor based on the scanned webpage, wherein the vendor attributes comprise verification data originating from a third-party entity and verifying that the vendor has implemented, with respect to a vendor system, a procedure required by the third-party entity; (3) accessing, by the computing hardware, a public database of third-party verifications to determine whether the vendor has obtained the verification data from the third-party entity; (4) receiving, by the computing hardware a completed template from a centralized repository of completed templates, the completed template comprising question/answer pairings regarding the vendor; (5) receiving, from a user by the computing hardware, a weighting factor that is to be applied to a particular question/answer pairing of the plurality question/answer pairings in the completed template to calculate a vendor risk rating for the vendor; (6) calculating, by the computing hardware, the vendor risk rating based on the vendor attributes, the weighting factor, and content of the particular question/answer pairing; and (7) causing, by the computing hardware, an automated action to be taken based on the vendor risk rating.

“In some aspects, the vendor attributes comprise a certification that the vendor holds. In various aspects, scanning the webpage comprises identifying an image that makes up part of the webpage and that is associated with the verification data. In particular aspects, the method comprises monitoring, by the computing hardware, the webpage for an update; responsive to identifying the update, identifying, by the computing hardware, updated vendor attributes for the vendor attributes; and calculating, by the computing hardware, an updated vendor risk rating based on the updated vendor attributes. In a particular aspect, the automated action comprises generating, by the computing hardware, a graphical user interface comprising an indication of the vendor risk rating, and transmitting, by the computing hardware, an instruction to a third-party computing device to present the graphical user interface on the third-party computing device. In a particular aspect, the automated action comprises generating, by the computing hardware, an electronic communication comprising an indication of the vendor risk rating, and transmitting, by the computing hardware, the electronic communication to a third-party computing device. In other aspects, the automated action comprises transferring the vendor risk rating to a current or potential customer of the vendor for use in assessing a risk of doing business with the vendor.

“A system, in accordance with some aspects, comprises a non-transitory computer-readable medium storing instructions, and a processing device communicatively coupled to the non-transitory computer-readable medium. In various aspects, the processing device is configured to execute the instructions and thereby perform operations comprising: (1) scanning a webpage associated with a vendor; (2) identifying vendor attributes associated with the vendor based on the scanned webpage, wherein the vendor attributes comprise verification data originating from a third-party entity and verifying that the vendor has implemented, with respect to a vendor system, a procedure required by the third-party entity; (3) accessing a public database of third-party verifications to determine whether the vendor has obtained the verification data from the third-party entity; (4) receiving a completed template from a centralized repository of completed templates, the completed template comprising question/answer pairings regarding the vendor; (5) receiving, from a user, a weighting factor that is to be applied to a particular question/answer pairing of the plurality question/answer pairings in the completed template to calculate a vendor risk rating for the vendor; (6) calculating the vendor risk rating based on the vendor attributes, the weighting factor, and content of the particular question/answer pairing; and (7) causing an automated action to be taken based on the vendor risk rating.

“In some aspects, the vendor attributes comprise a certification that the vendor holds. In other aspects, scanning the webpage comprises identifying an image that makes up part of the webpage and that is associated with the verification data. In various aspects, the operations further comprise: (1) monitoring the webpage for an update; (2) responsive to identifying the update, identifying updated vendor attributes for the vendor attributes; and (3) calculating an updated vendor risk rating based on the updated vendor attributes. In some aspects, the automated action comprises generating a graphical user interface comprising an indication of the vendor risk rating, and transmitting an instruction to a third-party computing device to present the graphical user interface on the third-party computing device. In other aspects, the automated action comprises generating an electronic communication comprising an indication of the vendor risk rating, and transmitting the electronic communication to a third-party computing device. In still other aspects, the automated action comprises transferring the vendor risk rating to a current or potential customer of the vendor for use in assessing a risk of doing business with the vendor.

“A non-transitory computer-readable medium, according to some aspects, has program code that is stored thereon, the program code executable by one or more processing devices for performing operations comprising: (1) scanning a webpage associated with a vendor; (2) identifying vendor attributes associated with the vendor based on the scanned webpage, wherein the vendor attributes comprise verification data originating from a third-party entity and verifying that the vendor has implemented, with respect to a vendor system, a procedure required by the third-party entity; (3) accessing a public database of third-party verifications to determine whether the vendor has obtained the verification data from the third-party entity; (4) receiving a completed template from a centralized repository of completed templates, the completed template comprising question/answer pairings regarding the vendor; (5) receiving, from a user, a weighting factor that is to be applied to a particular question/answer pairing of the plurality question/answer pairings in the completed template to calculate a vendor risk rating for the vendor; (6) calculating the vendor risk rating based on the vendor attributes, the weighting factor, and content of the particular question/answer pairing; and (7) causing an automated action to be taken based on the vendor risk rating.

“In some aspects, the vendor attributes comprise a certification that the vendor holds. In various aspects, scanning the webpage comprises identifying an image that makes up part of the webpage and that is associated with the verification data. In particular aspects, the operations further comprise: (1) monitoring the webpage for an update; (2) responsive to identifying the update, identifying updated vendor attributes for the vendor attributes; and (3) calculating an updated vendor risk rating based on the updated vendor attributes. In some aspects, the automated action comprises generating a graphical user interface comprising an indication of the vendor risk rating, and transmitting an instruction to a third-party computing device to present the graphical user interface on the third-party computing device. In other aspect, the automated action comprises generating an electronic communication comprising an indication of the vendor risk rating, and transmitting the electronic communication to a third-party computing device.

“The details of one or more embodiments of the subject matter described in this specification are set forth in the accompanying drawings and the description below. Other features, aspects, and advantages of the subject matter may become apparent from the description, the drawings, and the claims.”

The claims supplied by the inventors are:

“1. A method comprising: scanning, by computing hardware, a webpage associated with a vendor; identifying, by the computing hardware, vendor attributes associated with the vendor based on the scanned webpage, wherein the vendor attributes comprise verification data originating from a third-party entity and verifying that the vendor has implemented, with respect to a vendor system, a procedure required by the third-party entity; accessing, by the computing hardware, a public database of third-party verifications to determine whether the vendor has obtained the verification data from the third-party entity; receiving, by the computing hardware a completed template from a centralized repository of completed templates, the completed template comprising question/answer pairings regarding the vendor; receiving, from a user by the computing hardware, a weighting factor that is to be applied to a particular question/answer pairing of the plurality question/answer pairings in the completed template to calculate a vendor risk rating for the vendor; calculating, by the computing hardware, the vendor risk rating based on the vendor attributes, the weighting factor, and content of the particular question/answer pairing; and causing, by the computing hardware, an automated action to be taken based on the vendor risk rating.

“2. The method of claim 1, wherein the vendor attributes comprise a certification that the vendor holds.

“3. The method of claim 1, wherein scanning the webpage comprises identifying an image that makes up part of the webpage and that is associated with the verification data.

“4. The method of claim 1 further comprising: monitoring, by the computing hardware, the webpage for an update; responsive to identifying the update, identifying, by the computing hardware, updated vendor attributes for the vendor attributes; and calculating, by the computing hardware, an updated vendor risk rating based on the updated vendor attributes.

“5. The method of claim 1, wherein the automated action comprises: generating, by the computing hardware, a graphical user interface comprising an indication of the vendor risk rating, and transmitting, by the computing hardware, an instruction to a third-party computing device to present the graphical user interface on the third-party computing device.

“6. The method of claim 1, wherein the automated action comprises: generating, by the computing hardware, an electronic communication comprising an indication of the vendor risk rating, and transmitting, by the computing hardware, the electronic communication to a third-party computing device.

“7. The method of claim 1, wherein the automated action comprises transferring the vendor risk rating to a current or potential customer of the vendor for use in assessing a risk of doing business with the vendor.

“8. A system comprising: a non-transitory computer-readable medium storing instructions; and a processing device communicatively coupled to the non-transitory computer-readable medium, wherein, the processing device is configured to execute the instructions and thereby perform operations comprising: scanning a webpage associated with a vendor; identifying vendor attributes associated with the vendor based on the scanned webpage, wherein the vendor attributes comprise verification data originating from a third-party entity and verifying that the vendor has implemented, with respect to a vendor system, a procedure required by the third-party entity; accessing a public database of third-party verifications to determine whether the vendor has obtained the verification data from the third-party entity; receiving a completed template from a centralized repository of completed templates, the completed template comprising question/answer pairings regarding the vendor; receiving, from a user, a weighting factor that is to be applied to a particular question/answer pairing of the plurality question/answer pairings in the completed template to calculate a vendor risk rating for the vendor; calculating the vendor risk rating based on the vendor attributes, the weighting factor, and content of the particular question/answer pairing; and causing an automated action to be taken based on the vendor risk rating.

“9. The system of claim 8, wherein the vendor attributes comprise a certification that the vendor holds.

“10. The system of claim 8, wherein scanning the webpage comprises identifying an image that makes up part of the webpage and that is associated with the verification data.

“11. The system of claim 8, wherein the operations further comprise: monitoring the webpage for an update; responsive to identifying the update, identifying updated vendor attributes for the vendor attributes; and calculating an updated vendor risk rating based on the updated vendor attributes.

“12. The system of claim 8, wherein the automated action comprises: generating a graphical user interface comprising an indication of the vendor risk rating, and transmitting an instruction to a third-party computing device to present the graphical user interface on the third-party computing device.

“13. The system of claim 8, wherein the automated action comprises: generating an electronic communication comprising an indication of the vendor risk rating, and transmitting the electronic communication to a third-party computing device.

“14. The system of claim 8, wherein the automated action comprises transferring the vendor risk rating to a current or potential customer of the vendor for use in assessing a risk of doing business with the vendor.

“15. A non-transitory computer-readable medium having program code that is stored thereon, the program code executable by one or more processing devices for performing operations comprising: scanning a webpage associated with a vendor; identifying vendor attributes associated with the vendor based on the scanned webpage, wherein the vendor attributes comprise verification data originating from a third-party entity and verifying that the vendor has implemented, with respect to a vendor system, a procedure required by the third-party entity; accessing a public database of third-party verifications to determine whether the vendor has obtained the verification data from the third-party entity; receiving a completed template from a centralized repository of completed templates, the completed template comprising question/answer pairings regarding the vendor; receiving, from a user, a weighting factor that is to be applied to a particular question/answer pairing of the plurality question/answer pairings in the completed template to calculate a vendor risk rating for the vendor; calculating the vendor risk rating based on the vendor attributes, the weighting factor, and content of the particular question/answer pairing; and causing an automated action to be taken based on the vendor risk rating.

“16. The non-transitory computer-readable medium of claim 15, wherein the vendor attributes comprise a certification that the vendor holds.

“17. The non-transitory computer-readable medium of claim 15, wherein scanning the webpage comprises identifying an image that makes up part of the webpage and that is associated with the verification data.

“18. The non-transitory computer-readable medium of claim 15, wherein the operations further comprise: monitoring the webpage for an update; responsive to identifying the update, identifying updated vendor attributes for the vendor attributes; and calculating an updated vendor risk rating based on the updated vendor attributes.

“19. The non-transitory computer-readable medium of claim 15, wherein the automated action comprises: generating a graphical user interface comprising an indication of the vendor risk rating, and transmitting an instruction to a third-party computing device to present the graphical user interface on the third-party computing device.

“20. The non-transitory computer-readable medium of claim 15, wherein the automated action comprises: generating an electronic communication comprising an indication of the vendor risk rating, and transmitting the electronic communication to a third-party computing device.”

For more information, see this patent application: Brannon, Jonathan Blake. Data Processing And Scanning Systems For Assessing Vendor Risk. Filed February 11, 2022 and posted May 26, 2022. Patent URL: https://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220220164450%22.PGNR.&OS=DN/20220164450&RS=DN/20220164450

(Our reports deliver fact-based news of research and discoveries from around the world.)