Methods and systems for assessing and advising on electronic compliance
First Claim
Patent Images
1. A computer system for determining compliance of a computer network, comprising:
- a memory storing an operating framework of various predetermined compliance standards with which to measure against the computer network,the various predetermined compliance standards comprising at least a governmental regulatory standard having requirements for protecting confidentiality of health-related information and a payment card information security program having requirements for destruction of data stored on electronic media beyond reconstruction or prevention of data being stored on electronic media;
a compliance question database, comprising questions relating to whether the computer network complies with requirements of the various predetermined compliance standards answerable by a user to verify compliance with the various predetermined compliance standards, for selecting the governmental regulatory standard of the various predetermined compliance standards specific to the user; and
a processor configured to provide predetermined compliance questions to the user based on the selected governmental regulatory standard of the various predetermined compliance standards, receive the user'"'"'s answer to the predetermined compliance questions, and store the user'"'"'s answer to the predetermined compliance questions in a compliance answer database;
wherein the processor is further configured to scan the computer network, generate a score indicating the degree to which the computer network complies with the selected governmental regulatory standard of the various predetermined compliance standard based on the scan of the computer network and the user'"'"'s answer in the compliance answer database, and generate a report including a result as to whether the computer network complies with the requirements of the selected predetermined compliance standard based on the score, and when the generated score identifies non-compliance of the computer network, including information how to solve the non-compliance with the report.
9 Assignments
0 Petitions
Accused Products
Abstract
A method and system of developing electronic performance support systems implemented in a computer system or in a graphical user interface. A method and system determines electronic compliance with a regulatory scheme, includes a compliance standard and using a question and answer prompt in conjunction with a scanning engine to perform an assessment of a computer network'"'"'s compliance with at least one predetermined standard in addition to a technical assessment of the computer network.
-
Citations
35 Claims
-
1. A computer system for determining compliance of a computer network, comprising:
-
a memory storing an operating framework of various predetermined compliance standards with which to measure against the computer network, the various predetermined compliance standards comprising at least a governmental regulatory standard having requirements for protecting confidentiality of health-related information and a payment card information security program having requirements for destruction of data stored on electronic media beyond reconstruction or prevention of data being stored on electronic media; a compliance question database, comprising questions relating to whether the computer network complies with requirements of the various predetermined compliance standards answerable by a user to verify compliance with the various predetermined compliance standards, for selecting the governmental regulatory standard of the various predetermined compliance standards specific to the user; and a processor configured to provide predetermined compliance questions to the user based on the selected governmental regulatory standard of the various predetermined compliance standards, receive the user'"'"'s answer to the predetermined compliance questions, and store the user'"'"'s answer to the predetermined compliance questions in a compliance answer database; wherein the processor is further configured to scan the computer network, generate a score indicating the degree to which the computer network complies with the selected governmental regulatory standard of the various predetermined compliance standard based on the scan of the computer network and the user'"'"'s answer in the compliance answer database, and generate a report including a result as to whether the computer network complies with the requirements of the selected predetermined compliance standard based on the score, and when the generated score identifies non-compliance of the computer network, including information how to solve the non-compliance with the report. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for determining compliance of a computer network, wherein all steps are performed by a computer, the method comprising:
-
storing in a memory on a computer system an operating framework of various predetermined compliance standards with which to measure against the computer network, the various predetermined compliance standards comprising at least a governmental regulatory standard having requirements for protecting confidentiality of health-related information and a payment card information security program having requirements for destruction of data stored on electronic media beyond reconstruction or prevention of data being stored on electronic media; selecting the a payment card information security program having requirements for destruction of data stored on electronic media beyond reconstruction of the various predetermined compliance standards specific to the user; storing in a compliance question database on a computer system, questions relating to whether the computer network complies with requirements of the various predetermined compliance standard answerable by a user to verify compliance with the selected payment card information security program of the predetermined compliance standards; providing predetermined compliance questions to the user based on the selected payment card information security program of the predetermined compliance standards; receiving the user'"'"'s answer to the predetermined compliance questions; storing the user'"'"'s answer to the predetermined compliance questions in a compliance answer database; scanning the computer network; generating a score indicating the degree to which the computer network complies with the selected payment card information security program of the predetermined compliance standards based on the scan of the computer network and the user'"'"'s answer in the compliance answer database; generating a report including a result as to whether the computer network complies with the requirements of the selected payment card information security program of the predetermined compliance standards based on the score; and including information how to solve non-compliance with the report when the generated score identifies non-compliance of the computer network. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A computer system for determining compliance of a computer network, comprising:
-
a memory storing an operating framework of various predetermined compliance standards with which to measure against the computer network; the various predetermined compliance standards comprising at least a governmental regulatory standard having requirements for protecting confidentiality of health-related information and a payment card information security program having requirements for destruction of data stored on electronic media beyond reconstruction; a compliance question database, comprising questions relating to whether the computer network complies with requirements of the various predetermined compliance standards answerable by a user to verify compliance with the various predetermined compliance standards, for selecting the payment card information security program having requirements for destruction of data stored on electronic media beyond reconstruction of the various predetermined compliance standards specific to the user; a processor configured to provide predetermined compliance questions to the user based on the selected payment card information security program of the predetermined compliance standard standards, receive the user'"'"'s answer to the predetermined compliance questions, and store the user'"'"'s answer to the predetermined compliance questions in a compliance answer database; wherein the processor is further configured to scan the computer network, generate a score indicating the degree to which the computer network complies with the selected payment card information security program of the predetermined compliance standards based on the scan of the computer network and the user'"'"'s answer in the compliance answer database, and generate a report including a result as to whether the computer network complies with the requirements of the selected payment card information security program of the predetermined compliance standards based on the score, and including information how to solve non-compliance with the report when the generated score identifies non-compliance of the computer network. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
Specification