METHODOLOGY FOR DETERMINATION OF THE REGULATORY COMPLIANCE LEVEL
First Claim
1. An article of manufacture including a tangible computer readable storage medium to physically store instructions, which when executed by a computer, cause the computer to:
- receive a selection of criteria for compliance level calculation, wherein the criteria include at least one regulation;
determine at least one control applicable for the regulation, the control defined with a required implementation level for the regulation in a requirements matrix;
determine an implementation status of the control for the regulation; and
determine if the implementation status of the control corresponds to the required implementation level for the regulation; and
in response to the determination if the implementation status corresponds to the required implementation level, calculate a first total number of compliant controls, a second total number of non-compliant controls, and a third total number of controls with unknown implementation statuses.
2 Assignments
0 Petitions
Accused Products
Abstract
Various embodiments of systems and methods for determination of the regulatory compliance level are described herein. The method uses a single set of controls as a basis for calculation of compliance to different regulations. Scale based definition of controls, joined with requirements matrix, allows flexible integration of a new regulation without changes on controls itself. The decoupling of requirements from controls and definition of the implementation scale enables independent reporting about control implementation without considering of regulatory requirements. Therefore, one reporting round, which provides status of controls implementation, can be used for calculation of compliance to many regulations.
-
Citations
20 Claims
-
1. An article of manufacture including a tangible computer readable storage medium to physically store instructions, which when executed by a computer, cause the computer to:
-
receive a selection of criteria for compliance level calculation, wherein the criteria include at least one regulation; determine at least one control applicable for the regulation, the control defined with a required implementation level for the regulation in a requirements matrix; determine an implementation status of the control for the regulation; and determine if the implementation status of the control corresponds to the required implementation level for the regulation; and in response to the determination if the implementation status corresponds to the required implementation level, calculate a first total number of compliant controls, a second total number of non-compliant controls, and a third total number of controls with unknown implementation statuses. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computerized method comprising:
-
receiving a selection of criteria for compliance level calculation, wherein the criteria include at least one regulation; determining at least one control applicable for the regulation, the control defined with a required implementation level for the regulation in a requirements matrix; determining an implementation status of the control for the regulation; and determining if the implementation status of the control corresponds to the required implementation level for the regulation; and in response to determining if the implementation status corresponds to the required implementation level, calculating a first total number of compliant controls, a second total number of non-compliant controls, and a third total number of controls with unknown implementation statuses. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computing system comprising:
-
a memory; and a processor in communication with the memory, the processor configurable to; receive a selection of criteria for compliance level calculation, wherein the criteria include at least one regulation; determine at least one control applicable for the regulation, the control defined with a required implementation level for the regulation in a requirements matrix; determine an implementation status of the control for the regulation; and determine if the implementation status of the control corresponds to the required implementation level for the regulation; and in response to the determination if the implementation status corresponds to the required implementation level, calculate a first total number of compliant controls, a second total number of non-compliant controls, and a third total number of controls with unknown implementation statuses. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification