System and method for managing risks associated with outside service providers
First Claim
1. A computer-implemented method for an enterprise to assess risks associated with an outside service provider, the method comprising:
- identifying, via an user interface, outside service provider information that describes the outside service provider;
storing the outside service provider information in a database;
identifying, via the user interface, resource information that describes resources of the enterprise associated with services provided by the outside service provider;
storing the resource information in the database;
assessing, via computer server, a risk on the enterprise from a degradation of the services from the outside service provider, wherein assessing the risk on the enterprise comprises assessing a business risk on the enterprise and assessing a country risk on the enterprise,wherein assessing the business risk on the enterprise further comprises;
assessing an impact on external customers of the enterprise resulting from the degradation of the services from the outside service provider;
assessing an impact on internal customers of the enterprise resulting from the degradation of the services from the outside service provider, wherein the internal customers of the enterprise include at least a customer implementing one or more internal applications of the enterprise;
assessing a financial impact resulting from the degradation of the services from the outside service provider;
assessing an allowable time period that the degradation of the services from the outside service provider can last; and
assessing an impact on regulatory obligations resulting from the degradation of the services from the outside service provider, wherein the impact on regulatory obligation includes a financial penalty;
storing the assessment in the database;
automatically determining, via the server, a criticality of the outside service provider in response to the assessment;
storing the criticality in the database; and
providing, via the user interface, status data from the database, wherein the status data comprises at least one of a status of;
the resource information;
the assessment; and
the criticality.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for assessing the risk associated with Outside Service Providers. A decision engine is provided to assess monitor and manage key issues around the risk management capabilities of the OSP. The system creates a core repository that manages, monitors and measures all OSP assessments across an institution (e.g., a corporation). The system and method employs automated questionnaires that require responses from the user (preferably the manager of the OSP relationship). The responses are tracked in order to evaluate the progress of the assessment and the status of the OSP with respect to compliance with the enterprise'"'"'s requirements for OSPs. Once a questionnaire has been completed, the OSP can be given an overall rating of exposure to various forms of risk. Areas of risk can be acknowledged, prompting a sensitivity rating, such as severe, negligible and so forth. Once risk is acknowledged, a plan for reducing the risk or bringing the OSP into compliance can be formulated, and progress towards compliance can be tracked. Alternatively, an identified exposure to risk can be disclaimed through the system, which requires sign off by various higher level managers and administrators.
-
Citations
28 Claims
-
1. A computer-implemented method for an enterprise to assess risks associated with an outside service provider, the method comprising:
-
identifying, via an user interface, outside service provider information that describes the outside service provider; storing the outside service provider information in a database; identifying, via the user interface, resource information that describes resources of the enterprise associated with services provided by the outside service provider; storing the resource information in the database; assessing, via computer server, a risk on the enterprise from a degradation of the services from the outside service provider, wherein assessing the risk on the enterprise comprises assessing a business risk on the enterprise and assessing a country risk on the enterprise, wherein assessing the business risk on the enterprise further comprises; assessing an impact on external customers of the enterprise resulting from the degradation of the services from the outside service provider; assessing an impact on internal customers of the enterprise resulting from the degradation of the services from the outside service provider, wherein the internal customers of the enterprise include at least a customer implementing one or more internal applications of the enterprise; assessing a financial impact resulting from the degradation of the services from the outside service provider; assessing an allowable time period that the degradation of the services from the outside service provider can last; and assessing an impact on regulatory obligations resulting from the degradation of the services from the outside service provider, wherein the impact on regulatory obligation includes a financial penalty; storing the assessment in the database; automatically determining, via the server, a criticality of the outside service provider in response to the assessment; storing the criticality in the database; and providing, via the user interface, status data from the database, wherein the status data comprises at least one of a status of; the resource information; the assessment; and the criticality. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for an enterprise to assess risks associated with an outside service provider comprising:
-
a user interface for interfacing with users of the system; at least one computer database server and at least one computer application server coupled to the user interface; and at least one database and at least one application respectively coupled to the computer database server and the computer application server; wherein the system is programmed to; accept outside service provider information that describes the outside service provider; store the outside service provider information in a database; accept resource information that describes resources of the enterprise associated with services provided by the outside service provider; store the resource information in the database; assess an impact risk on the enterprise from a degradation of the services from the outside service provider, wherein assess the risk on the enterprise comprises assessing a business risk on the enterprise and assess a country impact risk on the enterprise, wherein assessing the business risk on the enterprise comprises; an assessment of an impact on external customers of the enterprise resulting from the degradation of the services from the outside service provider; an assessment of an impact on internal customers of the enterprise resulting from the degradation of the services from the outside service provider wherein the internal customers of the enterprise include at least a customer implementing one or more internal applications of the enterprise; an assessment of a financial impact resulting from the degradation of the services from the outside service provider; an assessment of an allowable time period that the degradation of the services from the outside service provider can last; and an assessment of an impact on regulatory obligations resulting from the degradation of the services from the outside service provider, wherein the impact on regulatory obligation includes a financial penalty; store the assessment in the database; automatically determine a criticality of the outside service provider in response to the assessment; store the criticality in the database; and provide status data from the database, wherein the status data comprises at least one of a status of the resource information, the assessment, and the criticality. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
Specification