Patent Issued for Methods, systems and computing platforms for evaluating and implementing regulatory and compliance standards (USPTO 11388185): IronBench L.L.C.

2022 AUG 02 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- From Alexandria, Virginia, NewsRx journalists report that a patent by the inventors Christus, Nick (Kansas City, MO, US), Edwards, Matthew D. (Des Moines, IA, US), Gibson, Nathan (New Virginia, IA, US), Hart, Alex (Bozeman, MT, US), Kiefer, Ben (Windsor Heights, IA, US), Ratzlaff, Brandon (Olathe, KS, US), Rothchild, Brenton (Indianola, IA, US), filed on December 31, 2019, was published online on July 12, 2022.

The patent’s assignee for patent number 11388185 is IronBench L.L.C. (Clive, Iowa, United States).

News editors obtained the following quote from the background information supplied by the inventors: “Businesses want, need and often are required to manage their risk through government mandate, especially in cyber-security and information security areas. Examples of current regulatory and compliance standards include NIST (provides a policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber-attacks), PCI (the Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes), HiTRUST (the Health Information Trust Alliance), is a privately held company located in the United States, which in collaboration with healthcare, technology and information security leaders, has established a Common Security Framework (CSF) used by all organizations creating, accessing, storing or exchanging sensitive and/or regulated data), HIPAA (the Health Insurance Portability and Accountability Act of 1996) was created primarily to modernize the flow of healthcare information, stipulate how Personally identifiable Information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage), GDPR (the General Data Protection Regulation) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA) addressing the export of personal data outside the EU and EEA areas, COBIT (Control Objectives for Information and Related Technologies) is a good-practice framework created by international professional association ISACA for information technology (IT) management and IT governance and provides an implementable set of controls over information technology and organizes them around a logical framework of IT-related processes and enablers), ITIL (formerly an acronym for Information Technology Infrastructure Library is a set of detailed practices for IT service management (ITSM) focusing on aligning IT services with the needs of business and underpins ISO/IEC 20000 (previously BS 15000), the International Service Management Standard for IT service management), SOX (the Sarbanes-Oxley Act) is a United States federal law setting new or expanded requirements for all U.S. public company boards, management and public accounting firms), CCPA (the California Consumer Privacy Act) focusing on data privacy.

“However, many businesses do not know they are subject to regulatory and compliance standards. Further, even when these businesses are aware, they may not understand how mature their processes, policies, and procedures are when it comes to meeting these standards.

“Therefore, what is needed is a tool which can determine a business’ maturity with regulatory and compliance standards.

“What is also needed is a tool where a business can answer questions in a guided self-paced environment to determine maturity with regulatory and compliance standards.

“What is also needed is a tool where a business can receive maturity assessments and recommendations for actions in applicable areas of various regulatory and compliance standards.

“What is also needed is a tool where a business can receive a template to guide them in creating, maintaining or updating documentation for processes, policies and procedures relative to their applicable standards.

“What is further needed is a tool which understands relationships between different regulatory and compliance standards in order to simply the process of performing an assessment of compliance with one or more regulatory or compliance standards when assessment of another regulatory or compliance standard has been performed.”

As a supplement to the background information on this patent, NewsRx correspondents also obtained the inventors’ summary information for this patent: “Therefore, it is a primary object, feature, or advantage of the present invention to improve over the state of the art.

“It is another object, feature or advantage of the present invention to provide for managing risk, especially cyber-security risks and information security risks associated with the use of technology.

“It is a further object, feature, or advantage of the present invention to provide organizations whom are subject to regulatory and compliance standards associated with the use of technology an understanding of how mature their processes, policies and procedures are in meeting those standards, especially those associated with the use of technology.

“It is a still further object, feature, or advantage of the present invention to provide an online tool which can provide answers to questions in a guided self-paced environment.

“Another object, feature, or advantage is to provide, through these answers, an analysis which provides a maturity assessment and recommendation for action in applicable areas of various regulatory and compliance standards.”

The claims supplied by the inventors are:

“1. A method for performing an online assessment of compliance with a first standard selected from a set of standards, each of the standards associated with cyber-security risk and information security risk, the method, comprising steps of: cross-mapping answers from the first standard selected from the set of standards with answers from one or more other standards within the set of standards; determining, using a processor executing software instructions, a plurality of assessment questions to ask the user, each of the plurality of assessment questions associated with the first standard and by reducing the plurality of assessment questions associated with the first standard based on the cross-mapping of the answers from the first standard selected from the set of standards with one or more of the other standards within the set of standards wherein answers have already been provided for assessment questions associated with the one or more of the other standards; presenting the plurality of assessment questions to the user through a user interface by executing the assessment module on the processor, each of the plurality of assessment questions associated with the first standard; assessing answers to the plurality of assessment questions using the assessment module executing on the processor to generate results of the online assessment; receiving over a network data points from a software application associated with the assessment, wherein the software application incorporates software code from an automated build pipeline harness which provides the data points and wherein the data points are associated with one or more of the answers to the plurality of assessment questions; and displaying the results of the assessment to the user using a display associated with the user interface.

“2. The method of claim 1 further comprising accessing over a network results of an external testing tool and storing the results from the external testing tool in association with one or more of the answers to the plurality of assessment questions.

“3. The method of claim 2 wherein the accessing is performed using an application program interface (API).

“4. The method of claim 2 wherein the accessing is performed using a webhook.

“5. The method of claim 1 wherein the assessment module is further configured to assess the data points along with the answers to generate the results of the online assessment.

“6. The method of claim 1, wherein the first standard comprises one of a National Institute of Standards and Technology (NIST) standard, a Payment Card Industry (PCI) standard, a Health Information Trust Alliance (HiTRUST) standard, a Health Insurance Portability and Accountability Act (HIPAA) standard, a General Data Protection Regulation (GDPR) standard, a Control Objectives for Information and Related Technology (COBIT) standard, an IT Infrastructure Library (ITIL) standard, and a Sarbanes-Oxley Act (SOX) standard.

“7. A system, comprising: a processor executing software instructions defining a compliance navigator for determining compliance with one or more standards associated with cyber-security risk or information security risk; a network operably coupled to the processor capable of connecting to a computing device of a user also on the network; and a memory operably coupled to the processor for storing the compliance navigator software, the compliance navigator software comprising a content management system, at least one assessment module, an access control module, an audit module, and an automated testing module; wherein the processor generates a web-based interface allowing the user to interact with the compliance navigator software; wherein the user is asked a series of questions by the compliance navigator software; wherein the answers to the questions presented are analyzed by the compliance navigator software to determine if the user is following a first compliance standard; wherein the compliance navigator software is adapted to cross map answers given for the first compliance standard to a second compliance standard; wherein the automated testing module provides for interfacing with an external computing system performing testing and updating one or more answers of an assessment with results obtained from the external computing system; wherein the external computing system performing the testing provides for sending over a network data points from a software application associated with the assessment, wherein the software application incorporates software code from an automated build pipeline harness which provides the data points and wherein the data points are associated with one or more of the answers to the plurality of assessment questions to assist in determining if the user is following the first compliance standard and the second compliance standard.

“8. The system of claim 7 wherein the compliance standard comprises at least one of a National Institute of Standards and Technology (NIST) standard, a Payment Card Industry (PCI) standard, a Health Information Trust Alliance (HiTRUST) standard, a Health Insurance Portability and Accountability Act (HIPAA) standard, a General Data Protection Regulation (GDPR) standard, a Control Objectives for Information and Related Technology (COBIT) standard, an IT Infrastructure Library (ITIL) standard, and a Sarbanes-Oxley Act (SOX) standard.

“9. A method of performing an online assessment of compliance with cyber-security risk and information security risk standards, comprising the steps of: providing access to a user to a compliance navigator software tool, the compliance navigator software tool comprising a content management system, an assessment module, an access control module, an audit module, and an automated testing module; presenting a plurality of assessment questions to the user by executing the assessment module; assessing answers to the plurality of assessment questions using the assessment module, the assessment module comprising machine-readable instructions stored on the non-transitory machine-readable storage medium; and displaying results of the assessment to the user; cross mapping answers directed to a first information security assessment to a second information security assessment; wherein the automated testing module is configured for accessing results from at least one external computing system and updating one or more answers associated with the questions of the assessment module with the results; wherein the automated testing module provides for obtaining data points from software built with an automated pipeline harness library and using the data points in providing answers to one or more of the assessment questions.

“10. The method of claim 9 wherein the at least one external computing system is accessed via at least one of an application program interface and a webhook.”

For additional information on this patent, see: Christus, Nick. Methods, systems and computing platforms for evaluating and implementing regulatory and compliance standards. U.S. Patent Number 11388185, filed December 31, 2019, and published online on July 12, 2022. Patent URL: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.htm&r=1&f=G&l=50&s1=11388185.PN.&OS=PN/11388185RS=PN/11388185

(Our reports deliver fact-based news of research and discoveries from around the world.)