Patent Issued for Methods, systems and computing platforms for evaluating and implementing regulatory and compliance standards (USPTO 11388185): IronBench L.L.C.
2022 AUG 02 (NewsRx) -- By a
The patent’s assignee for patent number 11388185 is
News editors obtained the following quote from the background information supplied by the inventors: “Businesses want, need and often are required to manage their risk through government mandate, especially in cyber-security and information security areas. Examples of current regulatory and compliance standards include NIST (provides a policy framework of computer security guidance for how private sector organizations in
“However, many businesses do not know they are subject to regulatory and compliance standards. Further, even when these businesses are aware, they may not understand how mature their processes, policies, and procedures are when it comes to meeting these standards.
“Therefore, what is needed is a tool which can determine a business’ maturity with regulatory and compliance standards.
“What is also needed is a tool where a business can answer questions in a guided self-paced environment to determine maturity with regulatory and compliance standards.
“What is also needed is a tool where a business can receive maturity assessments and recommendations for actions in applicable areas of various regulatory and compliance standards.
“What is also needed is a tool where a business can receive a template to guide them in creating, maintaining or updating documentation for processes, policies and procedures relative to their applicable standards.
“What is further needed is a tool which understands relationships between different regulatory and compliance standards in order to simply the process of performing an assessment of compliance with one or more regulatory or compliance standards when assessment of another regulatory or compliance standard has been performed.”
As a supplement to the background information on this patent, NewsRx correspondents also obtained the inventors’ summary information for this patent: “Therefore, it is a primary object, feature, or advantage of the present invention to improve over the state of the art.
“It is another object, feature or advantage of the present invention to provide for managing risk, especially cyber-security risks and information security risks associated with the use of technology.
“It is a further object, feature, or advantage of the present invention to provide organizations whom are subject to regulatory and compliance standards associated with the use of technology an understanding of how mature their processes, policies and procedures are in meeting those standards, especially those associated with the use of technology.
“It is a still further object, feature, or advantage of the present invention to provide an online tool which can provide answers to questions in a guided self-paced environment.
“Another object, feature, or advantage is to provide, through these answers, an analysis which provides a maturity assessment and recommendation for action in applicable areas of various regulatory and compliance standards.”
The claims supplied by the inventors are:
“1. A method for performing an online assessment of compliance with a first standard selected from a set of standards, each of the standards associated with cyber-security risk and information security risk, the method, comprising steps of: cross-mapping answers from the first standard selected from the set of standards with answers from one or more other standards within the set of standards; determining, using a processor executing software instructions, a plurality of assessment questions to ask the user, each of the plurality of assessment questions associated with the first standard and by reducing the plurality of assessment questions associated with the first standard based on the cross-mapping of the answers from the first standard selected from the set of standards with one or more of the other standards within the set of standards wherein answers have already been provided for assessment questions associated with the one or more of the other standards; presenting the plurality of assessment questions to the user through a user interface by executing the assessment module on the processor, each of the plurality of assessment questions associated with the first standard; assessing answers to the plurality of assessment questions using the assessment module executing on the processor to generate results of the online assessment; receiving over a network data points from a software application associated with the assessment, wherein the software application incorporates software code from an automated build pipeline harness which provides the data points and wherein the data points are associated with one or more of the answers to the plurality of assessment questions; and displaying the results of the assessment to the user using a display associated with the user interface.
“2. The method of claim 1 further comprising accessing over a network results of an external testing tool and storing the results from the external testing tool in association with one or more of the answers to the plurality of assessment questions.
“3. The method of claim 2 wherein the accessing is performed using an application program interface (API).
“4. The method of claim 2 wherein the accessing is performed using a webhook.
“5. The method of claim 1 wherein the assessment module is further configured to assess the data points along with the answers to generate the results of the online assessment.
“6. The method of claim 1, wherein the first standard comprises one of a
“7. A system, comprising: a processor executing software instructions defining a compliance navigator for determining compliance with one or more standards associated with cyber-security risk or information security risk; a network operably coupled to the processor capable of connecting to a computing device of a user also on the network; and a memory operably coupled to the processor for storing the compliance navigator software, the compliance navigator software comprising a content management system, at least one assessment module, an access control module, an audit module, and an automated testing module; wherein the processor generates a web-based interface allowing the user to interact with the compliance navigator software; wherein the user is asked a series of questions by the compliance navigator software; wherein the answers to the questions presented are analyzed by the compliance navigator software to determine if the user is following a first compliance standard; wherein the compliance navigator software is adapted to cross map answers given for the first compliance standard to a second compliance standard; wherein the automated testing module provides for interfacing with an external computing system performing testing and updating one or more answers of an assessment with results obtained from the external computing system; wherein the external computing system performing the testing provides for sending over a network data points from a software application associated with the assessment, wherein the software application incorporates software code from an automated build pipeline harness which provides the data points and wherein the data points are associated with one or more of the answers to the plurality of assessment questions to assist in determining if the user is following the first compliance standard and the second compliance standard.
“8. The system of claim 7 wherein the compliance standard comprises at least one of a
“9. A method of performing an online assessment of compliance with cyber-security risk and information security risk standards, comprising the steps of: providing access to a user to a compliance navigator software tool, the compliance navigator software tool comprising a content management system, an assessment module, an access control module, an audit module, and an automated testing module; presenting a plurality of assessment questions to the user by executing the assessment module; assessing answers to the plurality of assessment questions using the assessment module, the assessment module comprising machine-readable instructions stored on the non-transitory machine-readable storage medium; and displaying results of the assessment to the user; cross mapping answers directed to a first information security assessment to a second information security assessment; wherein the automated testing module is configured for accessing results from at least one external computing system and updating one or more answers associated with the questions of the assessment module with the results; wherein the automated testing module provides for obtaining data points from software built with an automated pipeline harness library and using the data points in providing answers to one or more of the assessment questions.
“10. The method of claim 9 wherein the at least one external computing system is accessed via at least one of an application program interface and a webhook.”
For additional information on this patent, see: Christus, Nick. Methods, systems and computing platforms for evaluating and implementing regulatory and compliance standards.
(Our reports deliver fact-based news of research and discoveries from around the world.)
Researchers at Zhengzhou University Report New Data on Flood Risk Management (Comprehensive Performance Evaluation of Stormwater Management Measures for Sponge City Construction: a Case Study In Gui’an New District, China): Risk Management – Flood Risk Management
Patent Application Titled “Compositions And Methods For Treating Ocular Diseases” Published Online (USPTO 20220218643): Patent Application
Advisor News
Annuity News
Health/Employee Benefits News
Life Insurance News