LEGISLATION AWARE SYSTEM
First Claim
Patent Images
1. A method, said method comprising:
- identifying, by one or more processors of a computer system, a set of at least two legal compliance rules associated with a service that uses and/or stores data, wherein the legal compliance rules include a type and format of the data, a physical locality within a legal jurisdiction relevant to security rules for the data, how long the data needs to be kept, whether or not the data needs to be encrypted, and what individuals, organizations or authorities are permitted access to the data and under what circumstances;
identifying, by the one or more processors, a plurality of service providers with associated service provider characteristics, wherein each service provider is a physical computer having a central processing unit (CPU) and is capable of providing the service, and wherein the service provider characteristics associated with each service provider include a location where each service provider performs the service, a region specific to each service provider in which each service provider'"'"'s data for the service is stored, a cost per megabyte (MB) of each service provider'"'"'s data for the service, and a percent utilization of each service provider'"'"'s CPU used for the service;
verifying, by the one or more processors, compliance with the legal compliance rules of the service provider characteristics of each service provider and of a service definition describing attributes of the service, wherein said verifying comprises matching the legal compliance rules against the service provider characteristics and the attributes of the service and confirming that each service provider characteristic and each attribute of the service conforms to the legal compliance rules, wherein the service definition attributes includes a value representing how often the data is backed up, an indicator denoting where disaster recovery of the data is provided, an indicator denoting a type of encryption that is used for the data, and an indicator denoting that long-term storage of the data is available and for how long, and wherein said verifying comprises verifying said compliance for only at least two service providers of the plurality of service providers;
returning, by the one or more processors from a result of said verifying, either said compliance or said non-compliance for each service provider;
determining, by the one or more processors, a priority of each service provider of the at least two service providers who compliance was verified, wherein the priority is based on an availability of the data for each service provider of the at least two service providers; and
selecting, by the one or more processors from the at least two service providers who compliance was verified, a first service provider to provide the service, wherein said selecting the first service provider is based on the first service provider having been determined to have a highest priority from among the priorities determined for each service provider of the at least two service providers, and wherein said verifying compliance for the first service provider provides assurance that the data will be kept and serviced by the first service provider in a compliant manner according to the legal compliance rules.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and associated computer system and computer program product. A set of legal compliance rules associated with a service is identified. A service provider with associated service provider characteristics is identified. The service provider is capable of providing the service. Compliance or non-compliance of the legal compliance rules with the service provider characteristics is verified using service characteristics of a default service. A compliant or non-compliant verification of the service provider for the default service is returned from a result of the verifying compliance or non-compliance.
-
Citations
39 Claims
-
1. A method, said method comprising:
-
identifying, by one or more processors of a computer system, a set of at least two legal compliance rules associated with a service that uses and/or stores data, wherein the legal compliance rules include a type and format of the data, a physical locality within a legal jurisdiction relevant to security rules for the data, how long the data needs to be kept, whether or not the data needs to be encrypted, and what individuals, organizations or authorities are permitted access to the data and under what circumstances; identifying, by the one or more processors, a plurality of service providers with associated service provider characteristics, wherein each service provider is a physical computer having a central processing unit (CPU) and is capable of providing the service, and wherein the service provider characteristics associated with each service provider include a location where each service provider performs the service, a region specific to each service provider in which each service provider'"'"'s data for the service is stored, a cost per megabyte (MB) of each service provider'"'"'s data for the service, and a percent utilization of each service provider'"'"'s CPU used for the service; verifying, by the one or more processors, compliance with the legal compliance rules of the service provider characteristics of each service provider and of a service definition describing attributes of the service, wherein said verifying comprises matching the legal compliance rules against the service provider characteristics and the attributes of the service and confirming that each service provider characteristic and each attribute of the service conforms to the legal compliance rules, wherein the service definition attributes includes a value representing how often the data is backed up, an indicator denoting where disaster recovery of the data is provided, an indicator denoting a type of encryption that is used for the data, and an indicator denoting that long-term storage of the data is available and for how long, and wherein said verifying comprises verifying said compliance for only at least two service providers of the plurality of service providers; returning, by the one or more processors from a result of said verifying, either said compliance or said non-compliance for each service provider; determining, by the one or more processors, a priority of each service provider of the at least two service providers who compliance was verified, wherein the priority is based on an availability of the data for each service provider of the at least two service providers; and selecting, by the one or more processors from the at least two service providers who compliance was verified, a first service provider to provide the service, wherein said selecting the first service provider is based on the first service provider having been determined to have a highest priority from among the priorities determined for each service provider of the at least two service providers, and wherein said verifying compliance for the first service provider provides assurance that the data will be kept and serviced by the first service provider in a compliant manner according to the legal compliance rules. - View Dependent Claims (21, 22, 23, 24, 25, 26)
-
-
2-20. -20. (canceled)
-
27. A computer program product, comprising one or more computer readable hardware storage devices having computer readable program code stored therein, said program code containing instructions executable by one or more processors of a computer system to implement a method, said method comprising:
-
identifying, by the one or more processors, a set of at least two legal compliance rules associated with a service that uses and/or stores data, wherein the legal compliance rules include a type and format of the data, a physical locality within a legal jurisdiction relevant to security rules for the data, how long the data needs to be kept, whether or not the data needs to be encrypted, and what individuals, organizations or authorities are permitted access to the data and under what circumstances; identifying, by the one or more processors, a plurality of service providers with associated service provider characteristics, wherein each service provider is a physical computer having a central processing unit (CPU) and is capable of providing the service, and wherein the service provider characteristics associated with each service provider include a location where each service provider performs the service, a region specific to each service provider in which each service provider'"'"'s data for the service is stored, a cost per megabyte (MB) of each service provider'"'"'s data for the service, and a percent utilization of each service provider'"'"'s CPU used for the service; verifying, by the one or more processors, compliance with the legal compliance rules of the service provider characteristics of each service provider and of a service definition describing attributes of the service, wherein said verifying comprises matching the legal compliance rules against the service provider characteristics and the attributes of the service and confirming that each service provider characteristic and each attribute of the service conforms to the legal compliance rules, wherein the service definition attributes includes a value representing how often the data is backed up, an indicator denoting where disaster recovery of the data is provided, an indicator denoting a type of encryption that is used for the data, and an indicator denoting that long-term storage of the data is available and for how long, and wherein said verifying comprises verifying said compliance for only at least two service providers of the plurality of service providers; returning, by the one or more processors from a result of said verifying, either said compliance or said non-compliance for each service provider; determining, by the one or more processors, a priority of each service provider of the at least two service providers who compliance was verified, wherein the priority is based on an availability of the data for each service provider of the at least two service providers; and selecting, by the one or more processors from the at least two service providers who compliance was verified, a first service provider to provide the service, wherein said selecting the first service provider is based on the first service provider having been determined to have a highest priority from among the priorities determined for each service provider of the at least two service providers, and wherein said verifying compliance for the first service provider provides assurance that the data will be kept and serviced by the first service provider in a compliant manner according to the legal compliance rules. - View Dependent Claims (28, 29, 30, 31, 32, 33)
-
-
34. A computer system, comprising one or more processors, one or more memories, and one or more computer readable hardware storage devices, said one or more hardware storage device containing program code executable by the one or more processors via the one or more memories to implement a method, said method comprising:
-
identifying, by the one or more processors, a set of at least two legal compliance rules associated with a service that uses and/or stores data, wherein the legal compliance rules include a type and format of the data, a physical locality within a legal jurisdiction relevant to security rules for the data, how long the data needs to be kept, whether or not the data needs to be encrypted, and what individuals, organizations or authorities are permitted access to the data and under what circumstances; identifying, by the one or more processors, a plurality of service providers with associated service provider characteristics, wherein each service provider is a physical computer having a central processing unit (CPU) and is capable of providing the service, and wherein the service provider characteristics associated with each service provider include a location where each service provider performs the service, a region specific to each service provider in which each service provider'"'"'s data for the service is stored, a cost per megabyte (MB) of each service provider'"'"'s data for the service, and a percent utilization of each service provider'"'"'s CPU used for the service; verifying, by the one or more processors, compliance with the legal compliance rules of the service provider characteristics of each service provider and of a service definition describing attributes of the service, wherein said verifying comprises matching the legal compliance rules against the service provider characteristics and the attributes of the service and confirming that each service provider characteristic and each attribute of the service conforms to the legal compliance rules, wherein the service definition attributes includes a value representing how often the data is backed up, an indicator denoting where disaster recovery of the data is provided, an indicator denoting a type of encryption that is used for the data, and an indicator denoting that long-term storage of the data is available and for how long, and wherein said verifying comprises verifying said compliance for only at least two service providers of the plurality of service providers; returning, by the one or more processors from a result of said verifying, either said compliance or said non-compliance for each service provider; determining, by the one or more processors, a priority of each service provider of the at least two service providers who compliance was verified, wherein the priority is based on an availability of the data for each service provider of the at least two service providers; and selecting, by the one or more processors from the at least two service providers who compliance was verified, a first service provider to provide the service, wherein said selecting the first service provider is based on the first service provider having been determined to have a highest priority from among the priorities determined for each service provider of the at least two service providers, and wherein said verifying compliance for the first service provider provides assurance that the data will be kept and serviced by the first service provider in a compliant manner according to the legal compliance rules. - View Dependent Claims (35, 36, 37, 38, 39)
-
Specification