Patent Issued for Data processing and scanning systems for assessing vendor risk (USPTO 11550897): OneTrust LLC

2023 JAN 27 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- According to news reporting originating from Alexandria, Virginia, by NewsRx journalists, a patent by the inventors Brannon, Jonathan Blake (Smyrna, GA, US), filed on February 11, 2022, was published online on January 10, 2023.

The assignee for this patent, patent number 11550897, is OneTrust LLC (Atlanta, Georgia, United States).

Reporters obtained the following quote from the background information supplied by the inventors: “Over the past years, privacy and security policies, and related operations have become increasingly important. Breaches in security, leading to the unauthorized access of personal data (which may include sensitive personal data) have become more frequent among companies and other organizations of all sizes. Such personal data may include, but is not limited to, personally identifiable information (PII), which may be information that directly (or indirectly) identifies an individual or entity. Examples of PII include names, addresses, dates of birth, social security numbers, and biometric identifiers such as a person’s fingerprints or picture. Other personal data may include, for example, customers’ Internet browsing habits, purchase history, or even their preferences (e.g., likes and dislikes, as provided or obtained through social media).

“Many organizations that obtain, use, and transfer personal data, including sensitive personal data, have begun to address these privacy and security issues. To manage personal data, many companies have attempted to implement operational policies and processes that comply with legal requirements, such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) or the U.S.’s Health Insurance Portability and Accountability Act (HIPPA) protecting a patient’s medical information. Many regulators recommend conducting privacy impact assessments, or data protection risk assessments along with data inventory mapping. For example, the GDPR requires data protection impact assessments. Additionally, the United Kingdom ICO’s office provides guidance around privacy impact assessments. The OPC in Canada recommends certain personal information inventory practices, and the Singapore PDPA specifically mentions personal data inventory mapping.

“Many organizations have also begun to track the compliance of their vendors with privacy laws, regulations, and/or standards. This can be expensive and time consuming using traditional methods. Accordingly, there is a need for improved systems and methods for efficiently tracking the compliance of vendors with privacy laws, regulations, and/or standards, and for assessing the risk associated with doing business with a particular vendor.”

In addition to obtaining background information on this patent, NewsRx editors also obtained the inventors’ summary information for this patent: “A method, according to various aspects, comprises: (1) scanning, by computing hardware, a webpage associated with a vendor; (2) identifying, by the computing hardware, vendor attributes associated with the vendor based on the scanned webpage, wherein the vendor attributes comprise verification data originating from a third-party entity and verifying that the vendor has implemented, with respect to a vendor system, a procedure required by the third-party entity; (3) accessing, by the computing hardware, a public database of third-party verifications to determine whether the vendor has obtained the verification data from the third-party entity; (4) receiving, by the computing hardware a completed template from a centralized repository of completed templates, the completed template comprising question/answer pairings regarding the vendor; (5) receiving, from a user by the computing hardware, a weighting factor that is to be applied to a particular question/answer pairing of the plurality question/answer pairings in the completed template to calculate a vendor risk rating for the vendor; (6) calculating, by the computing hardware, the vendor risk rating based on the vendor attributes, the weighting factor, and content of the particular question/answer pairing; and (7) causing, by the computing hardware, an automated action to be taken based on the vendor risk rating.

“In some aspects, the vendor attributes comprise a certification that the vendor holds. In various aspects, scanning the webpage comprises identifying an image that makes up part of the webpage and that is associated with the verification data. In particular aspects, the method comprises monitoring, by the computing hardware, the webpage for an update; responsive to identifying the update, identifying, by the computing hardware, updated vendor attributes for the vendor attributes; and calculating, by the computing hardware, an updated vendor risk rating based on the updated vendor attributes. In a particular aspect, the automated action comprises generating, by the computing hardware, a graphical user interface comprising an indication of the vendor risk rating, and transmitting, by the computing hardware, an instruction to a third-party computing device to present the graphical user interface on the third-party computing device. In a particular aspect, the automated action comprises generating, by the computing hardware, an electronic communication comprising an indication of the vendor risk rating, and transmitting, by the computing hardware, the electronic communication to a third-party computing device. In other aspects, the automated action comprises transferring the vendor risk rating to a current or potential customer of the vendor for use in assessing a risk of doing business with the vendor.

“A system, in accordance with some aspects, comprises a non-transitory computer-readable medium storing instructions, and a processing device communicatively coupled to the non-transitory computer-readable medium. In various aspects, the processing device is configured to execute the instructions and thereby perform operations comprising: (1) scanning a webpage associated with a vendor; (2) identifying vendor attributes associated with the vendor based on the scanned webpage, wherein the vendor attributes comprise verification data originating from a third-party entity and verifying that the vendor has implemented, with respect to a vendor system, a procedure required by the third-party entity; (3) accessing a public database of third-party verifications to determine whether the vendor has obtained the verification data from the third-party entity; (4) receiving a completed template from a centralized repository of completed templates, the completed template comprising question/answer pairings regarding the vendor; (5) receiving, from a user, a weighting factor that is to be applied to a particular question/answer pairing of the plurality question/answer pairings in the completed template to calculate a vendor risk rating for the vendor; (6) calculating the vendor risk rating based on the vendor attributes, the weighting factor, and content of the particular question/answer pairing; and (7) causing an automated action to be taken based on the vendor risk rating.

“In some aspects, the vendor attributes comprise a certification that the vendor holds. In other aspects, scanning the webpage comprises identifying an image that makes up part of the webpage and that is associated with the verification data. In various aspects, the operations further comprise: (1) monitoring the webpage for an update; (2) responsive to identifying the update, identifying updated vendor attributes for the vendor attributes; and (3) calculating an updated vendor risk rating based on the updated vendor attributes. In some aspects, the automated action comprises generating a graphical user interface comprising an indication of the vendor risk rating, and transmitting an instruction to a third-party computing device to present the graphical user interface on the third-party computing device. In other aspects, the automated action comprises generating an electronic communication comprising an indication of the vendor risk rating, and transmitting the electronic communication to a third-party computing device. In still other aspects, the automated action comprises transferring the vendor risk rating to a current or potential customer of the vendor for use in assessing a risk of doing business with the vendor.

“A non-transitory computer-readable medium, according to some aspects, has program code that is stored thereon, the program code executable by one or more processing devices for performing operations comprising: (1) scanning a webpage associated with a vendor; (2) identifying vendor attributes associated with the vendor based on the scanned webpage, wherein the vendor attributes comprise verification data originating from a third-party entity and verifying that the vendor has implemented, with respect to a vendor system, a procedure required by the third-party entity; (3) accessing a public database of third-party verifications to determine whether the vendor has obtained the verification data from the third-party entity; (4) receiving a completed template from a centralized repository of completed templates, the completed template comprising question/answer pairings regarding the vendor; (5) receiving, from a user, a weighting factor that is to be applied to a particular question/answer pairing of the plurality question/answer pairings in the completed template to calculate a vendor risk rating for the vendor; (6) calculating the vendor risk rating based on the vendor attributes, the weighting factor, and content of the particular question/answer pairing; and (7) causing an automated action to be taken based on the vendor risk rating.”

The claims supplied by the inventors are:

“1. A method comprising: scanning, by computing hardware, a webpage associated with a vendor; identifying, by the computing hardware, vendor attributes associated with the vendor based on the scanned webpage, wherein the vendor attributes comprise verification data originating from a third-party entity and verifying that the vendor has implemented, with respect to a vendor system, a procedure required by the third-party entity; accessing, by the computing hardware, a public database of third-party verifications to determine whether the vendor has obtained the verification data from the third-party entity; calculating, by the computing hardware, a vendor risk rating based on the vendor attributes; generating, by the computing hardware, a graphical user interface comprising a menu for managing a computerized workflow related to the vendor, the menu comprising a navigation element and a display element, wherein: the navigation element is configured for initiating a responsive action based on the vendor risk rating, and the display element is configured for presenting the vendor risk rating; transmitting, by the computing hardware, an instruction to a user computing device to present the graphical user interface on the user computing device; detecting, by the computing hardware, selection of the navigation element; and responsive to detecting the selection of the navigation element, initiating, by the computing hardware, the responsive action, wherein the responsive action comprises at least one of: (i) generating a second graphical user interface comprising an indication of the vendor risk rating and transmitting a second instruction to a third-party computing device to present the second graphical user interface on the third-party computing device, (ii) generating an electronic communication comprising an indication of the vendor risk rating and transmitting the electronic communication to the third-party computing device, or (iii) transferring the vendor risk rating to a current or potential customer of the vendor for use in assessing a risk of doing business with the vendor.

“2. The method of claim 1, wherein the vendor attributes comprise a certification that the vendor holds.

“3. The method of claim 1, wherein scanning the webpage comprises identifying an image that makes up part of the webpage and that is associated with the verification data.

“4. The method of claim 1 further comprising: monitoring, by the computing hardware, the webpage for an update; responsive to identifying the update, identifying, by the computing hardware, updated vendor attributes for the vendor attributes; and calculating, by the computing hardware, an updated vendor risk rating based on the updated vendor attributes.

“5. A system comprising: a non-transitory computer-readable medium storing instructions; and a processing device communicatively coupled to the non-transitory computer-readable medium, wherein, the processing device is configured to execute the instructions and thereby perform operations comprising: scanning a webpage associated with a vendor; identifying vendor attributes associated with the vendor based on the scanned webpage, wherein the vendor attributes comprise verification data originating from a third-party entity and verifying that the vendor has implemented, with respect to a vendor system, a procedure required by the third-party entity; accessing a public database of third-party verifications to determine whether the vendor has obtained the verification data from the third-party entity; calculating the vendor risk rating based on the vendor attributes; and generating a graphical user interface comprising a menu for managing a computerized workflow related to the vendor, the menu comprising a navigation element and a display element, wherein: the navigation element is configured for initiating a responsive action based on the vendor risk rating, and the display element is configured for presenting the vendor risk rating; transmitting an instruction to a user computing device to present the graphical user interface on the user computing device; detecting selection of the navigation element; and responsive to detecting the selection of the navigation element, initiating the responsive action, wherein the responsive action comprises at least one of: (i) generating a second graphical user interface comprising an indication of the vendor risk rating and transmitting a second instruction to a third-party computing device to present the second graphical user interface on the third-party computing device, (ii) generating an electronic communication comprising an indication of the vendor risk rating and transmitting the electronic communication to the third-party computing device, or (iii) transferring the vendor risk rating to a current or potential customer of the vendor for use in assessing a risk of doing business with the vendor.

“6. The system of claim 5, wherein the vendor attributes comprise a certification that the vendor holds.

“7. The system of claim 5, wherein scanning the webpage comprises identifying an image that makes up part of the webpage and that is associated with the verification data.

“8. The system of claim 5, wherein the operations further comprise: monitoring the webpage for an update; responsive to identifying the update, identifying updated vendor attributes for the vendor attributes; and calculating an updated vendor risk rating based on the updated vendor attributes.

“9. A non-transitory computer-readable medium having program code that is stored thereon, the program code executable by one or more processing devices for performing operations comprising: scanning a webpage associated with a vendor; identifying vendor attributes associated with the vendor based on the scanned webpage, wherein the vendor attributes comprise verification data originating from a third-party entity and verifying that the vendor has implemented, with respect to a vendor system, a procedure required by the third-party entity; accessing a public database of third-party verifications to determine whether the vendor has obtained the verification data from the third-party entity; calculating the vendor risk rating based on the vendor attributes; and generating a graphical user interface comprising a menu for managing a computerized workflow related to the vendor, the menu comprising a navigation element, wherein the navigation element is configured for initiating a responsive action based on the vendor risk rating, and transmitting an instruction to a user computing device to present the graphical user interface on the user computing device; detecting selection of the navigation element; and responsive to detecting the selection of the navigation element, initiating the responsive action, wherein the responsive action comprises at least one of: (i) generating a second graphical user interface comprising an indication of the vendor risk rating and transmitting a second instruction to a third-party computing device to present the second graphical user interface on the third-party computing device, (ii) generating an electronic communication comprising an indication of the vendor risk rating and transmitting the electronic communication to the third-party computing device, or (iii) transferring the vendor risk rating to a current or potential customer of the vendor for use in assessing a risk of doing business with the vendor.

“10. The non-transitory computer-readable medium of claim 9, wherein the vendor attributes comprise a certification that the vendor holds.

“11. The non-transitory computer-readable medium of claim 9, wherein scanning the webpage comprises identifying an image that makes up part of the webpage and that is associated with the verification data.

“12. The non-transitory computer-readable medium of claim 9, wherein the operations further comprise: monitoring the webpage for an update; responsive to identifying the update, identifying updated vendor attributes for the vendor attributes; and calculating an updated vendor risk rating based on the updated vendor attributes.”

For more information, see this patent: Brannon, Jonathan Blake. Data processing and scanning systems for assessing vendor risk. U.S. Patent Number 11550897, filed February 11, 2022, and published online on January 10, 2023. Patent URL (for desktop use only): https://ppubs.uspto.gov/pubwebapp/external.html?q=(11550897)&db=USPAT&type=ids

(Our reports deliver fact-based news of research and discoveries from around the world.)