Data processing and scanning systems for assessing vendor risk
First Claim
1. A computer-implemented data processing method for performing a risk assessment for a vendor, the method comprising:
- scanning, by one or more computer processors, one or more webpages associated with the vendor to identify one or more vendor attributes, wherein the one or more vendor attributes comprise one or more security certifications that the vendor claims to hold,wherein each of the one or more security certifications is associated with a respective certifying authority; and
wherein each of the one or more security certifications indicates that the vendor is in compliance with security certification requirements of the respective certifying authority;
accessing, by one or more computer processors, one or more databases of security certifications to determine whether the vendor holds the one or more security certifications;
accessing, by one or more computer processors, a completed privacy template, the completed privacy template comprising a plurality of question/answer pairings regarding the vendor;
calculating, by one or more computer processors, a vendor risk rating based at least in part on;
(a) the one or more security certifications;
(b) the one or more vendor attributes; and
(c) content of the at least one of the plurality of question/answer pairings in the completed privacy template; and
taking, by one or more computer processors, one or more automated actions based on the vendor risk rating.
2 Assignments
0 Petitions
Accused Products
Abstract
Data processing systems and methods, according to various embodiments, are adapted for efficiently processing data to allow for the streamlined assessment of risk ratings for one or more vendors. In various embodiments, the systems/methods may use one or more particular vendor attributes (e.g., as determined from scanning one or more webpages associated with the particular vendor) and the contents of one or more completed privacy templates for the vendor to determine a vendor risk rating for the particular vendor. As a particular example, the system may scan a website associated with the vendor to automatically determine one or more security certifications associated with the vendor and use that information, along with information from a completed privacy template for the vendor, to calculate a vendor risk rating that indicates the risk of doing business with the vendor.
1022 Citations
30 Claims
-
1. A computer-implemented data processing method for performing a risk assessment for a vendor, the method comprising:
-
scanning, by one or more computer processors, one or more webpages associated with the vendor to identify one or more vendor attributes, wherein the one or more vendor attributes comprise one or more security certifications that the vendor claims to hold, wherein each of the one or more security certifications is associated with a respective certifying authority; and wherein each of the one or more security certifications indicates that the vendor is in compliance with security certification requirements of the respective certifying authority; accessing, by one or more computer processors, one or more databases of security certifications to determine whether the vendor holds the one or more security certifications; accessing, by one or more computer processors, a completed privacy template, the completed privacy template comprising a plurality of question/answer pairings regarding the vendor; calculating, by one or more computer processors, a vendor risk rating based at least in part on; (a) the one or more security certifications; (b) the one or more vendor attributes; and (c) content of the at least one of the plurality of question/answer pairings in the completed privacy template; and taking, by one or more computer processors, one or more automated actions based on the vendor risk rating. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-implemented data processing method for performing a risk assessment for a vendor, the method comprising:
-
scanning, by one or more computer processors, one or more webpages associated with the vendor to identify one or more vendor attributes, wherein the one or more vendor attributes comprise one or more security policies implemented by the vendor and one or more security certifications that the vendor claims to hold, wherein each of the one or more security certifications is associated with a respective certifying authority; and wherein each of the one or more security certifications indicates that the vendor is in compliance with security certification requirements of the respective certifying authority; accessing, by one or more computer processors, one or more databases of security certifications to determine whether the vendor holds the one or more security certifications; accessing, by one or more computer processors, a completed privacy template, the completed privacy template comprising a plurality of question/answer pairings regarding the vendor; calculating, by one or more computer processors, a vendor risk rating based at least in part on; (a) the one or more security policies implemented by the vendor; (b) the one or more security certifications; and (c) content of the at least one of the plurality of question/answer pairings in the completed privacy template; and taking, by one or more computer processors, one or more automated actions based on the vendor risk rating. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A computer-implemented data processing method for performing a risk assessment for a vendor used as part of a processing activity, the method comprising:
-
receiving, by one or more computer processors, a completed privacy template from a vendor, the completed privacy template comprising a plurality of question/answer pairings regarding a particular product or service provided by the vendor; scanning, by one or more computer processors, one or more webpages associated with the vendor to identify one or more vendor attributes, wherein the one or more vendor attributes comprise a privacy policy associated with the one or more webpages; analyzing, by one or more computer processors, the privacy policy to identify one or more key terms in the privacy policy related to the particular product or service that is the subject of at least one question within the privacy template; analyzing, by one or more computer processors, content of the at least one of the plurality of question/answer pairings in the completed privacy template to identify one or more security certifications that the vendor holds, wherein each of the one or more security certifications is associated with a respective certifying authority; and wherein each of the one or more security certifications indicates that the vendor is in compliance with security certification requirements of the respective certifying authority; calculating, by one or more computer processors, a vendor risk rating for the vendor based at least in part on; (a) the one or more security certifications; (b) the one or more key terms in the privacy policy; and (c) the one or more question/answer pairings from the privacy template; and taking, by one or more computer processors, one or more automated actions based on the calculated vendor risk rating. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification