Risk and compliance framework

US 7,523,135 B2
Filed: 10/20/2005
Issued: 04/21/2009
Est. Priority Date: 10/20/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implementable method executed by at least one processor in a computer system, the computer-implementable method comprising:

generating a common data framework that includes multiple data structures derived from different applications that are associated with different data sources within an enterprise, wherein the different data sources contain data from different data categories;

receiving a selection of a regulation that the enterprise is required to comply with, wherein the regulation comprises one or more of a legislative regulation, established standard, codes and business policies;

enabling selective determination of which specific data from among a larger set of data is required for the enterprise to be in compliance with the selected regulation; and

extracting, from the common data framework, needed data that is needed for the enterprise to be in compliance with the selected regulation;

wherein the common data framework includes a layer structure that includes;

a data source layer, wherein the data source layer includes unstructured data, informational data and external data, wherein the unstructured data comprises video files and web logs, wherein the informational data comprises spreadsheets, and wherein the external data comprises web crawling files;

an integration layer, wherein the integration layer includes extraction files, transformation files, integrity files, synchronization files, loading files, integration files and metadata files, wherein the extraction files comprise an extraction engine, file/data capture software, parsing code, mapping code, and pre-defined incremental procedures, wherein the transformation files comprise translation files, calculation files, aggregation files and enrichment files used to manipulate the data taken from the data source layer, wherein the integrity files include code for scrubbing, validating, sampling, profiling, matching/de-duping, balancing and controlling data from the data source layer, wherein the loading files include bulk load and message queues, wherein the integration files include merging and message queues, and wherein the metadata files include business rules and meta-tagging of data from the data source layer;

a data layer that includes data that the integration layer extracted and transformed from the data source layer to obtain data used in an enterprise'"'"'s regulation/standard compliance program;

an analytics layer that utilizes data from the data layer to create the enterprise'"'"'s regulation/standard compliance program; and

an access layer to provide access to the enterprise'"'"'s regulation/standard compliance program.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system and computer-usable medium are presented for coordinating an enterprise'"'"'s resources needed for regulation/standards compliance. The method includes the establishment of a common data framework that includes multiple data structures for multiple applications, selection of a regulation to be complied with by an enterprise, determination of which data is needed by the enterprise to be in compliance with the regulation, and extraction of needed data for compliance from the common data structure

104 Citations

View as Search Results

19 Claims

1. A computer-implementable method executed by at least one processor in a computer system, the computer-implementable method comprising:
- generating a common data framework that includes multiple data structures derived from different applications that are associated with different data sources within an enterprise, wherein the different data sources contain data from different data categories;
  
  receiving a selection of a regulation that the enterprise is required to comply with, wherein the regulation comprises one or more of a legislative regulation, established standard, codes and business policies;
  
  enabling selective determination of which specific data from among a larger set of data is required for the enterprise to be in compliance with the selected regulation; and
  
  extracting, from the common data framework, needed data that is needed for the enterprise to be in compliance with the selected regulation;
  
  wherein the common data framework includes a layer structure that includes;
  
  a data source layer, wherein the data source layer includes unstructured data, informational data and external data, wherein the unstructured data comprises video files and web logs, wherein the informational data comprises spreadsheets, and wherein the external data comprises web crawling files;
  
  an integration layer, wherein the integration layer includes extraction files, transformation files, integrity files, synchronization files, loading files, integration files and metadata files, wherein the extraction files comprise an extraction engine, file/data capture software, parsing code, mapping code, and pre-defined incremental procedures, wherein the transformation files comprise translation files, calculation files, aggregation files and enrichment files used to manipulate the data taken from the data source layer, wherein the integrity files include code for scrubbing, validating, sampling, profiling, matching/de-duping, balancing and controlling data from the data source layer, wherein the loading files include bulk load and message queues, wherein the integration files include merging and message queues, and wherein the metadata files include business rules and meta-tagging of data from the data source layer;
  
  a data layer that includes data that the integration layer extracted and transformed from the data source layer to obtain data used in an enterprise'"'"'s regulation/standard compliance program;
  
  an analytics layer that utilizes data from the data layer to create the enterprise'"'"'s regulation/standard compliance program; and
  
  an access layer to provide access to the enterprise'"'"'s regulation/standard compliance program.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 16, 17)
- - 2. The computer-implementable method of claim 1, wherein the needed data is required by the selected regulation to be kept confidential within the enterprise, and wherein the needed data is certified as being data that is kept confidential within the enterprise in order to be in compliance with the selected regulation.
  - 3. The computer-implementable method of claim 1, wherein the needed data is certified as being data that is required by the enterprise to certify that the enterprise is in compliance with the selected regulation, and wherein data that is certified is in a data format that is required by the selected regulation.
  - 4. The computer-implementable method of claim 1, wherein the needed data is certified as being data that is required by the enterprise to forensically prove the validity of the needed data.
  - 5. The computer-implementable method of claim 4, wherein the validity of the needed data is proven by proving that the needed data has not been altered.
  - 6. The computer-implementable method of claim 1, further comprising:
    - providing a Graphical User Interface (GUI) that graphically depicts which data structures are needed to place the enterprise in compliance with the selected regulation, wherein the data structures that are needed are prioritized as being a primary focus or a secondary focus according to significance of data in the data structures for compliance with the selected regulation; and
      
      visually coding the data structures according to the primary focus and the secondary focus.
  - 7. The computer-implementable method of claim 6, further comprising:
    - providing an on-screen menu for at least one data structure depicted in the GUI, wherein the on-screen menu depicts at least one software application available from a vendor that provides the at least one data structure needed to place the enterprise in compliance with the selected regulation.
  - 16. The method of claim 1, wherein the common data framework is a federated data structure in which data is physically stored in separate files, and wherein the separate files are logically connected through logical connectors.
  - 17. The computer-implementable method of claim 1, wherein the different applications include a first application and a second application, and wherein the first application includes a database storing data/information representing accidents suffered within the enterprise, and wherein the second application includes a database storing employee records of employees of the enterprise.

8. A system comprising:
- a processor;
  
  a data bus coupled to the processor;
  
  a memory coupled to the data bus; and
  
  a computer-usable medium embodying computer program code, the computer program code comprising instructions executable by the processor and configured to;
  
  generate a common data framework that includes multiple data structures derived from separate applications and data sources within an enterprise;
  
  receive a selection of a regulation which the enterprise is to comply with;
  
  automatically determine specific data from among a larger set of data, which specific data is required by the enterprise to be in compliance with the regulation; and
  
  extract needed data for compliance from the common data framework;
  
  wherein the common data structure includes a layer structure that includes;
  
  a data source layer, wherein the data source layer includes unstructured data, informational data and external data, wherein the unstructured data comprises video files and web logs, wherein the informational data comprises spreadsheets, and wherein the external data comprises web crawling files;
  
  an integration layer, wherein the integration layer includes extraction files, transformation files, integrity files, synchronization files, loading files, integration files and metadata files, wherein the extraction files comprise an extraction engine, file/data capture software, parsing code, mapping code, and pre-defined incremental procedures, wherein the transformation files comprise translation files, calculation files, aggregation files and enrichment files used to manipulate the data taken from the data source layer, wherein the integrity files include code for scrubbing, validating, sampling, profiling, matching/de-duping, balancing and controlling data from the data source layer, wherein the loading files include bulk load and message queues, wherein the integration files include merging and message queues, and wherein the metadata files include business rules and meta-tagging of data from the data source layer;
  
  a data layer that includes data that the integration layer extracted and transformed from the data source layer to obtain data used in an enterprise'"'"'s regulation/standard compliance program;
  
  an analytics layer that utilizes data from the data layer to create the enterprise'"'"'s regulation/standard compliance program; and
  
  an access layer to provide access to the enterprise'"'"'s regulation/standard compliance program.
- View Dependent Claims (9, 10)
- - 9. The system of claim 8, wherein the computer program code further comprises instructions executable by the processor and configured to:
    - provide a Graphical User Interface (GUI) that graphically depicts which data structures are needed to place the enterprise in compliance with the regulation.
  - 10. The system of claim 9, wherein the computer program code further comprises instructions executable by the processor and configured to:
    - provide an on-screen menu for at least one data structure depicted in the GUI, wherein the on-screen menu depicts at least one software application available from a vendor that provides the at least one data structure needed to place the enterprise in compliance with the regulation.

11. A tangible computer-usable medium on which is stored computer program code, the computer program code comprising computer executable instructions configured to:
- generate a common data framework that includes multiple data structures for multiple applications;
  
  receive a selection of a regulation to be complied with by an enterprise;
  
  determine which data is needed by the enterprise to be in compliance with the regulation; and
  
  extract needed data for compliance from the common data framework, wherein the common data framework includes a layer structure that includes;
  
  a data source layer, wherein the data source layer includes unstructured data, informational data and external data, wherein the unstructured data comprises video files and web logs, wherein the informational data comprises spreadsheets, and wherein the external data comprises web crawling files;
  
  an integration layer, wherein the integration layer includes extraction files, transformation files, integrity files, synchronization files, loading files, integration files and metadata files, wherein the extraction files comprise an extraction engine, file/data capture software, parsing code, mapping code, and pre-defined incremental procedures, wherein the transformation files comprise translation files, calculation files, aggregation files and enrichment files used to manipulate the data taken from the data source layer, wherein the integrity files include code for scrubbing, validating, sampling, profiling, matching/de-duping, balancing and controlling data from the data source layer, wherein the loading files include bulk load and message queues, wherein the integration files include merging and message queues, and wherein the metadata files include business rules and meta-tagging of data from the data source layer;
  
  a data layer that includes data that the integration layer extracted and transformed from the data source layer to obtain data used in an enterprise'"'"'s regulation/standard compliance program;
  
  an analytics layer that utilizes data from the data layer to create the enterprise'"'"'s regulation/standard compliance program; and
  
  an access layer to provide access to the enterprise'"'"'s regulation/standard compliance program.
- View Dependent Claims (12, 13, 14, 15, 18, 19)
- - 12. The tangible computer-useable medium of claim 11, wherein the computer program code further comprises computer executable instructions configured to:
    - provide a Graphical User Interface (GUI) that graphically depicts which data structures are certified as being needed to place the enterprise in compliance with the regulation.
  - 13. The tangible computer-useable medium of claim 12, wherein the computer program code further comprises computer executable instructions configured to:
    - provide an on-screen menu for at least one data structure depicted in the GUI, wherein the on-screen menu depicts at least one software application available from a vendor that provides the at least one data structure needed to place the enterprise in compliance with the regulation.
  - 14. The tangible computer-usable medium of claim 11, wherein the needed data is data that is required by the enterprise to establish business controls needed to be in compliance with the regulation.
  - 15. The tangible computer-usable medium of claim 11, wherein the needed data is data that is required by the enterprise to certify that the enterprise is in compliance with the regulation.
  - 18. The tangible computer-useable medium of claim 11, wherein the computer program code is deployed to a client computer from a server at a remote location.
  - 19. The tangible computer-useable medium of claim 11, wherein the computer program code is provided by a service provider to a customer on an on-demand basis.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Leahy, Lisa Brucoli, Friedberg, Paul Ronald, Gosselin, Lawrence Warner, Bradford, Teresa Ann, Soendergaard-Jensen, Frederik, Paraszczak, Jurij R., Medina, David
Primary Examiner(s)
Trujillo; James
Assistant Examiner(s)
Casanova; Jorge A

Application Number

US11/254,360
Publication Number

US 20070094284A1
Time in Patent Office

1,279 Days
Field of Search

707/200, 707/104.1, 705/1
US Class Current

1/1
CPC Class Codes

G06Q 10/06   Resources, workflows, human...

Y10S 707/99945   Object-oriented database st...

Y10S 707/99948   Application of database or ...

Risk and compliance framework

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

104 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Risk and compliance framework

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

104 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links