METHODOLOGY FOR DETERMINATION OF THE REGULATORY COMPLIANCE LEVEL

US 20120173443A1
Filed: 12/29/2010
Published: 07/05/2012
Est. Priority Date: 12/29/2010
Status: Abandoned Application

First Claim

Patent Images

1. An article of manufacture including a tangible computer readable storage medium to physically store instructions, which when executed by a computer, cause the computer to:

receive a selection of criteria for compliance level calculation, wherein the criteria include at least one regulation;

determine at least one control applicable for the regulation, the control defined with a required implementation level for the regulation in a requirements matrix;

determine an implementation status of the control for the regulation; and

determine if the implementation status of the control corresponds to the required implementation level for the regulation; and

in response to the determination if the implementation status corresponds to the required implementation level, calculate a first total number of compliant controls, a second total number of non-compliant controls, and a third total number of controls with unknown implementation statuses.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments of systems and methods for determination of the regulatory compliance level are described herein. The method uses a single set of controls as a basis for calculation of compliance to different regulations. Scale based definition of controls, joined with requirements matrix, allows flexible integration of a new regulation without changes on controls itself. The decoupling of requirements from controls and definition of the implementation scale enables independent reporting about control implementation without considering of regulatory requirements. Therefore, one reporting round, which provides status of controls implementation, can be used for calculation of compliance to many regulations.

Citations

20 Claims

1. An article of manufacture including a tangible computer readable storage medium to physically store instructions, which when executed by a computer, cause the computer to:
- receive a selection of criteria for compliance level calculation, wherein the criteria include at least one regulation;
  
  determine at least one control applicable for the regulation, the control defined with a required implementation level for the regulation in a requirements matrix;
  
  determine an implementation status of the control for the regulation; and
  
  determine if the implementation status of the control corresponds to the required implementation level for the regulation; and
  
  in response to the determination if the implementation status corresponds to the required implementation level, calculate a first total number of compliant controls, a second total number of non-compliant controls, and a third total number of controls with unknown implementation statuses.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The article of manufacture of claim 1, wherein the instructions further cause the computer to:
    - increase a value of a first compliance parameter by one count if the implementation status of the control is same or higher than the required implementation level;
      
      increase a value of a second compliance parameter by one count if the implementation status of the control is lower than the required implementation level; and
      
      increase a value of a third compliance parameter by one count if the implementation status of the control is unknown.
  - 3. The article of manufacture of claim 2, wherein the first total number is calculated based on the first compliance parameter, the second total number is calculated on the second compliance parameter, and the third total number is calculated based on the third compliance parameter.
  - 4. The article of manufacture of claim 1, wherein the instructions further cause the computer to:
    - calculate the first total number, the second total number, and the third total number in percentage; and
      
      display the first total number, the second total number, and the third total number in a report.
  - 5. The article of manufacture of claim 1, wherein the instructions further cause the computer to:
    - calculate a first average number of compliant controls for a plurality of regulations;
      
      calculate a second average number of non-compliant controls for the plurality of regulations; and
      
      calculate a third average number of controls with unknown implementation statuses for the plurality of regulations.
  - 6. The article of manufacture of claim 1, wherein the instructions that cause the computer to receive the selection of criteria further cause the computer to:
    - receive a selection of an area of interest;
      
      receive a selection of an organization; and
      
      receive a selection of a time frame.
  - 7. The article of manufacture of claim 1, wherein the implementation status represents an implemented compliance level of the control.

8. A computerized method comprising:
- receiving a selection of criteria for compliance level calculation, wherein the criteria include at least one regulation;
  
  determining at least one control applicable for the regulation, the control defined with a required implementation level for the regulation in a requirements matrix;
  
  determining an implementation status of the control for the regulation; and
  
  determining if the implementation status of the control corresponds to the required implementation level for the regulation; and
  
  in response to determining if the implementation status corresponds to the required implementation level, calculating a first total number of compliant controls, a second total number of non-compliant controls, and a third total number of controls with unknown implementation statuses.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, further comprising:
    - increasing a value of a first compliance parameter by one count if the implementation status of the control is same or higher than the required implementation level;
      
      increasing a value of a second compliance parameter by one count if the implementation status of the control is lower than the required implementation level; and
      
      increasing a value of a third compliance parameter by one count if the implementation status of the control is unknown.
  - 10. The method of claim 9, wherein the first total number is calculated based on the first compliance parameter, the second total number is calculated on the second compliance parameter, and the third total number is calculated based on the third compliance parameter.
  - 11. The method of claim 8, further comprising:
    - calculating the first total number, the second total number, and the third total number in percentage; and
      
      displaying the first total number, the second total number, and the third total number in a report.
  - 12. The method of claim 8, further comprising:
    - calculating a first average number of compliant controls for a plurality of regulations;
      
      calculating a second average number of non-compliant controls for the plurality of regulations; and
      
      calculating a third average number of controls with unknown implementation statuses for the plurality of regulations.
  - 13. The method of claim 8, further comprising:
    - receiving a selection of an area of interest;
      
      receiving a selection of an organization; and
      
      receiving a selection of a time frame.
  - 14. The method of claim 8, wherein the implementation status represents an implemented compliance level of the control.

15. A computing system comprising:
- a memory; and
  
  a processor in communication with the memory, the processor configurable to;
  
  receive a selection of criteria for compliance level calculation, wherein the criteria include at least one regulation;
  
  determine at least one control applicable for the regulation, the control defined with a required implementation level for the regulation in a requirements matrix;
  
  determine an implementation status of the control for the regulation; and
  
  determine if the implementation status of the control corresponds to the required implementation level for the regulation; and
  
  in response to the determination if the implementation status corresponds to the required implementation level, calculate a first total number of compliant controls, a second total number of non-compliant controls, and a third total number of controls with unknown implementation statuses.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computing system of claim 15, further comprising:
    - a first compliance parameter, which value is increased by one count if the implementation status of the control is same or higher than the required implementation level;
      
      a second compliance parameter, which value is increased by one count if the implementation status of the control is lower than the required implementation level; and
      
      a third compliance parameter, which value is increased by one count if the implementation status of the control is unknown.
  - 17. The computing system of claim 15, further comprising a user interface to display the first total number, the second total number, and the third total number in a report.
  - 18. The computing system of claim 16, wherein the first total number is calculated based on the first compliance parameter, the second total number is calculated on the second compliance parameter, and the third total number is calculated based on the third compliance parameter.
  - 19. The computing system of claim 15, further comprising:
    - a first average number of compliant controls calculated for a plurality of regulations;
      
      a second average number of non-compliant controls calculated for the plurality of regulations; and
      
      a third average number of controls with unknown implementation statuses calculated for the plurality of regulations.
  - 20. The computing system of claim 15, wherein the criteria includes at least an area of interest, an organization, and a time frame.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP SE
Inventors
GERASHCHENKO, MAXYM, Mordvinova, Olga

Application Number

US12/980,372
Publication Number

US 20120173443A1
Time in Patent Office

Days
Field of Search
US Class Current

705/317
CPC Class Codes

G06Q 10/10 Office automation; Time man...

G06Q 30/018 Certifying business or prod...

METHODOLOGY FOR DETERMINATION OF THE REGULATORY COMPLIANCE LEVEL

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHODOLOGY FOR DETERMINATION OF THE REGULATORY COMPLIANCE LEVEL

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links