MODULARIZED GOVERNANCE OF CONTINUOUS COMPLIANCE

Organization Name

INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor(s)

Anca Sailer of Scarsdale NY (US)

Christopher John Butler of Hawthorne East (AU)

Arun Kumar of Noida (IN)

Malgorzata Steinder of Leonia NJ (US)

MODULARIZED GOVERNANCE OF CONTINUOUS COMPLIANCE - A simplified explanation of the abstract

This abstract first appeared for US patent application 17541344 titled 'MODULARIZED GOVERNANCE OF CONTINUOUS COMPLIANCE

Simplified Explanation

The abstract describes a method, apparatus, and computer program for automated security and regulatory compliance in an enterprise. Here are the key points:

• The invention provides a set of security and compliance controls that work with the enterprise.
• Compliance policies, which are enforced by the controls, are encapsulated in a common data format.
• Customer-specific security and compliance requirements are collected.
• Using modular components called microservices, the customer-specific requirements are transformed into machine-readable representations that conform to the compliance policies.
• The transformed security and compliance requirements are then activated to ensure security and regulatory compliance.

Potential Applications

This technology can be applied in various industries and sectors where security and regulatory compliance are crucial, such as:

• Financial institutions: Ensuring compliance with regulations like the Sarbanes-Oxley Act or the Payment Card Industry Data Security Standard.
• Healthcare organizations: Complying with regulations like the Health Insurance Portability and Accountability Act (HIPAA).
• Government agencies: Meeting security and compliance requirements set by regulatory bodies.
• E-commerce platforms: Protecting customer data and ensuring compliance with privacy regulations.

Problems Solved

The technology addresses several problems related to security and regulatory compliance:

• Manual compliance processes: Automating the compliance process reduces the need for manual intervention, saving time and resources.
• Complexity: The use of a common data format and modular components simplifies the transformation of customer-specific requirements into machine-readable representations.
• Ensuring consistency: The enforcement of compliance policies ensures that security and regulatory requirements are consistently met across the enterprise.

Benefits

The technology offers several benefits to enterprises:

• Efficiency: Automation streamlines the compliance process, reducing the time and effort required to ensure security and regulatory compliance.
• Accuracy: Machine-readable representations eliminate the risk of human error in interpreting and implementing customer-specific requirements.
• Scalability: The use of modular components allows for easy customization and scalability to accommodate changing security and compliance needs.
• Cost savings: By automating compliance processes and reducing the risk of non-compliance, enterprises can avoid costly penalties and fines.

Original Abstract Submitted

A method, apparatus and computer program product for automated security and regulatory compliance in association with an enterprise. A set of security and compliance controls that operate in association with the enterprise are provided. One or more compliance policies that are enforced by the set of security and compliance controls are encapsulated according to a common data format. One or more customer-specific security/compliance requirements associated with the enterprise are collected. Using microservices-based modular components, the customer-specific security/compliance requirements are then transformed into machine-readable representations having the common data format and that conform to the one or more compliance policies being enforced by the set of security and compliance controls. The one or more compliance policies including the one or more transformed security/compliance requirements are then activated to facilitate the security and regulatory compliance.