Data processing and scanning systems for assessing vendor risk
First Claim
1. A computer-implemented data processing method for performing a risk assessment for a vendor, the method comprising:
- scanning, by one or more computer processors, one or more webpages associated with the vendor;
identifying, by the one or more computer processors, one or more vendor attributes associated with the vendor based on the scanned one or more webpages, wherein the one or more vendor attributes comprise one or more security certifications that the vendor holds;
accessing, by the one or more computer processors, one or more public databases of security certifications to determine whether the vendor holds the one or more security certifications;
receiving, by the one or more computer processors, a completed privacy template from a centralized repository of completed privacy templates, the completed privacy template comprising a plurality of question/answer pairings regarding the vendor;
receiving, by the one or more computer processors from a user, a weighting factor that is to be applied to at least one of the plurality question/answer pairings in the completed privacy template to calculate the risk rating for the vendor;
calculating, by the one or more computer processors, a vendor risk rating based at least in part on the one or more vendor attributes, the weighting factor, and content of the at least one of the plurality of question/answer pairings in the completed privacy template; and
taking, by the one or more computer processors, one or more automated actions based on the vendor risk rating.
3 Assignments
0 Petitions
Accused Products
Abstract
Data processing systems and methods, according to various embodiments are adapted for efficiently processing data to allow for the streamlined assessment of the risk level associated with particular privacy campaigns. The systems may provide a centralized repository of templates of privacy-related question/answer pairings for various vendors, products (e.g., software products), and services. Different entities may electronically access the templates (which may be periodically updated and centrally audited) and customize the templates for evaluating the risk associated with the entities'"'"' respective business endeavors that involve the relevant vendors, products, or services.
-
Citations
18 Claims
-
1. A computer-implemented data processing method for performing a risk assessment for a vendor, the method comprising:
-
scanning, by one or more computer processors, one or more webpages associated with the vendor; identifying, by the one or more computer processors, one or more vendor attributes associated with the vendor based on the scanned one or more webpages, wherein the one or more vendor attributes comprise one or more security certifications that the vendor holds; accessing, by the one or more computer processors, one or more public databases of security certifications to determine whether the vendor holds the one or more security certifications; receiving, by the one or more computer processors, a completed privacy template from a centralized repository of completed privacy templates, the completed privacy template comprising a plurality of question/answer pairings regarding the vendor; receiving, by the one or more computer processors from a user, a weighting factor that is to be applied to at least one of the plurality question/answer pairings in the completed privacy template to calculate the risk rating for the vendor; calculating, by the one or more computer processors, a vendor risk rating based at least in part on the one or more vendor attributes, the weighting factor, and content of the at least one of the plurality of question/answer pairings in the completed privacy template; and taking, by the one or more computer processors, one or more automated actions based on the vendor risk rating. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented data-processing method for performing a risk assessment for a vendor used as part of a processing activity, the method comprising:
-
receiving, by one or more computer processors, a completed privacy template from a vendor, the completed privacy template comprising a plurality of question/answer pairings regarding a particular product or service provided by the vendor; automatically coordinating, by the one or more computer processors, an audit for the completed privacy template; scanning, by the one or more computer processors, one or more webpages associated with the vendor; identifying, by the one or more computer processors, one or more vendor attributes associated with the vendor based on the scanned one or more webpages, wherein the one or more vendor attributes comprise a privacy policy associated with the one or more webpages; analyzing the privacy policy to identify one or more key terms in the privacy policy related to the particular product or service in the audited privacy template; calculating a vendor risk rating for the vendor based at least in part on the one or more vendor attributes, the one or more key terms, the privacy policy, and the audited privacy template; and taking, by the one or more computer processors, one or more automated actions based on the vendor risk rating. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
Specification