Trust governance framework
First Claim
Patent Images
1. A method for implementing a risk management program, comprising:
- establishing one or more checklist items that measure risk factors and one or more procedures for determining compliance with the checklist items;
wherein trusted parties perform an assessment of each of the entities based on the checklist items using the procedures and, based on the assessment, perform at least one of the following;
(i) dispense a machine-readable trust assertion comprising one or more attributes relating to a result of the assessment and (ii) revoke a previously-issued machine-readable trust assertion comprising one or more attributes relating to a result of a previously-performed assessment.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods for managing business risk include establishing standards and engaging trusted parties to perform due diligence and assessments of business risk against the standards. The results of the assessments are delivered in accordance with a protocol. Trust governance for entities is implemented and trust relationships modeling is performed.
-
Citations
47 Claims
-
1. A method for implementing a risk management program, comprising:
establishing one or more checklist items that measure risk factors and one or more procedures for determining compliance with the checklist items;
wherein trusted parties perform an assessment of each of the entities based on the checklist items using the procedures and, based on the assessment, perform at least one of the following;
(i) dispense a machine-readable trust assertion comprising one or more attributes relating to a result of the assessment and (ii) revoke a previously-issued machine-readable trust assertion comprising one or more attributes relating to a result of a previously-performed assessment.- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
12. A method for conveying an assessment of an entity, comprising:
-
receiving from an entity a machine-readable trust assertion issued by a trusted party resulting from an assessment of the entity, wherein the assessment is based on one or more checklist items that measure risk factors and one or more procedures for determining compliance with the checklist items;
analyzing the trust assertion to determine (1) an identity of the trusted party, (2) checklist items used in the assessment, (3) a score of the assessment, (4) a scope of the assessment; and
(5) a date of the assessment;
comparing the identity of the trusted party, the checklist items used in the assessment, the score, the scope and the date to an acceptable trusted party identity, acceptable checklist items, an acceptable score, an acceptable scope and an acceptable date; and
determining, based on the comparison, trustworthiness of the entity. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A method for implementing trust governance for an entity, comprising:
-
generating one or more templates relating to trustworthiness requirements for the entity, based on at least one of an entity policy, any exceptions to the policy and any rules restricting or enabling variances to the policy; and
a contractual obligation of the entity;
receiving one or more trust assertions in connection with a trust relationship between two or more entities, wherein the trust assertions are issued by a trusted party resulting from an assessment of one of the entities and comprise components of making a trust decision, comprising one or more of an identity of the trusted party;
one or more checklist items that measure risk factors used in the assessment;
a score of the assessment;
a scope of the assessment; and
a date of the assessment;
identifying one or more of the templates to apply to the trust assertion;
comparing the trust assertion to the identified templates; and
determining a result based on the comparison, the result comprising at least one of an acceptance, a rejection and a processing status message. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. A method for modeling trust relationships, comprising:
-
collecting one or more trust assertions for an entity, relating to a trust relationship between the entity and one or more other entities, wherein each of the trust assertions is issued by a trusted party resulting from a risk factor assessment of the entity and comprises components of making a trust decision, comprising one or more of an identity of the trusted party;
checklist items that measure risk factors used in the assessment;
a score of the assessment;
a scope of the assessment; and
a date of the assessment;
storing the trust assertions;
generating one or more templates relating to trustworthiness requirements for the entity, based on at least one of an entity policy, any exceptions to the policy and any rules restricting or enabling variances to the policy; and
a contractual obligation of the entity;
storing the templates;
effectuating a change in at least one of the templates or generating one or more new templates; and
based on a comparison of the stored trust assertions to one or more of (i) the stored templates and (ii) the new templates, determining the impact of the change or the new template on the trust relationship. - View Dependent Claims (40, 41, 42, 43, 44, 45)
-
-
46. A method for modeling trust relationships comprising:
-
collecting one or more trust assertions for one entity relating to a trust relationship with another entity;
storing the trust assertions of the one entity; and
analyzing the trust assertions of the one entity to determine how the trust assertions have changed over time.
-
-
47. A method for modeling trust relationships comprising:
-
collecting one or more trust assertions for at least two first entities relating to a trust relationship with a second entity;
storing the trust assertions of the at least two first entities; and
comparing the trust assertions of at least one of the first entities to at least one other of the first entities.
-
Specification