Method and system for multi-echelon auditing of activity of an enterprise
First Claim
1. In an information technology system, a method for documenting compliance information, the compliance information relating to compliance of an enterprise with at least one governmental regulation, the method comprising:
- a) providing a definition of the compliance information in an electronic media to the information technology system;
b) searching data stored within the information technology system for compliance data satisfying the definition of compliance information; and
c) reporting compliance data found within the technology system satisfying the definition of the compliance information via the information technology system.
0 Assignments
0 Petitions
Accused Products
Abstract
A method, system and computer-readable media is provided that enables the synthesis in automated reporting with human generated attestations of compliance or non-compliance with regulations and laws. A first version of the claimed invention provides a method and system for employing an information technology network in an enterprise for evaluating the compliance of the activity of the information technology network with laws and regulations. The method of the first version audits computer systems, user behavior, asset behavior, and manual processes. The first version employs an information technology system to document compliance information, where the compliance information relates to the compliance of an enterprise with at least one governmental regulation
-
Citations
21 Claims
-
1. In an information technology system, a method for documenting compliance information, the compliance information relating to compliance of an enterprise with at least one governmental regulation, the method comprising:
-
a) providing a definition of the compliance information in an electronic media to the information technology system;
b) searching data stored within the information technology system for compliance data satisfying the definition of compliance information; and
c) reporting compliance data found within the technology system satisfying the definition of the compliance information via the information technology system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. In an information technology system of an enterprise, a regulatory compliance system comprising:
-
(a) a receiving computer that receives compliance data from at least one element of the information technology system;
(b) a compliance memory for storing at least one regulatory compliance requirement; and
(c) the compliance memory communicatively coupled with the receiving computer and enabling the receiving computer to determine when the information satisfies the least one regulatory compliance requirement. - View Dependent Claims (10, 11, 12, 13)
-
-
14. In an information technology system, a method for conveying an assessment of the compliance of an enterprise with a regulatory guideline, the method comprising:
-
a. receiving from an element of the information technology system an electronic record authorized by a trusted party, wherein the electronic record comprises an attestation of compliance with at least a first aspect of the regulatory guideline, and the electronic record is associated with an identity of the trusted party;
b. receiving compliance data generated by an automated observation of the information technology system, wherein the compliance data comprises evidence of compliance with at least a second aspect of the regulatory guideline; and
c. reporting the compliance of the enterprise with the first aspect and second aspect of the regulatory guideline via the information technology system. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
-
21. A system having a computer-readable medium and a computer network, wherein the computer-readable medium carrying one or more sequences of one or more instructions for buffering data, wherein the execution of the one or more sequences of the one or more instructions by one or more processors, causes the one or more processors to perform the method comprising:
-
a. receiving from an element of the information technology system an electronic record authorized by a trusted party, wherein the electronic record comprises an attestation of compliance with at least a first aspect of the regulatory guideline, and the electronic record is associated with an identity of the trusted party;
b. receiving data generated by an automated observation of the information technology system, wherein the data comprises evidence of compliance with at least a second aspect of the regulatory guideline; and
c. reporting the compliance of the enterprise with the first aspect and second aspect of the regulatory guideline via the information technology system, whereby the computer-readable medium may provide one or more sequences of one or more instructions supportive of documenting attestations and automated observations related to one or more foci of one or more regulatory guidelines.
-
Specification