What technology area does this patent fall under?

Primary CPC classification G06F21/577. Mapped technology areas include Physics.

When was this patent published?

Publication date Thu Oct 20 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Assessing and managing computational risk involved with integrating third party computing functionality within a computing system

US2022335136A1 · US · A1

Patent metadata
Field	Value
Publication number	US-2022335136-A1
Application number	US-202217722551-A
Country	US
Kind code	A1
Filing date	Apr 18, 2022
Priority date	Apr 16, 2021
Publication date	Oct 20, 2022
Grant date	—

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

In general, various aspects of the present disclosure provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for addressing a modified risk rating identifying a risk to an entity of having computer-implemented functionality provided by a vendor integrated with a computing system of the entity. In accordance various aspects, a method is provided that comprises: receiving a first assessment dataset for computer-implemented functionality; detecting an inconsistency between a value of an attribute for the computer-implemented functionality specified in the first assessment dataset and a corresponding value of the attribute specified in a second assessment dataset for the computer-implemented functionality; modifying a risk rating that identifies a risk to the entity of having the computer-implemented functionality integrated with the computing system to generate a modified risk rating based on the inconsistency; and in response, performing an action with respect to the computing system to address the modified risk rating.

First claim

Opening claim text (preview).

1 . A method comprising: receiving, by computing hardware, a first assessment dataset for computer-implemented functionality provided by a vendor, wherein the computer-implemented functionality is integrated with a computing system of a first entity; accessing, by the computing hardware, a second assessment dataset for the computer-implemented functionality provided by the vendor from a data repository that stores risk assessment data on a plurality of computer-implemented functionality provided by different vendors; detecting, by the computing hardware, an inconsistency between a value of an attribute for the computer-implemented functionality that is specified in the first assessment dataset and a corresponding value of the attribute that is specified in the second assessment dataset; modifying, by the computing hardware, a risk rating to generate a modified risk rating for the vendor based on the inconsistency, wherein the modified risk rating identifies a risk to the first entity of having the computer-implemented functionality integrated with the computing system and the modified risk rating moves the vendor from a first risk tier for the first entity to a second risk tier for the first entity; and responsive to moving the vendor to the second risk tier for the first entity, performing an action with respect to the computing system of the first entity to address the modified risk rating, wherein the action is defined for the second risk tier for the first entity. 2 . The method of claim 1 , wherein the action comprises sending, by the computing hardware, an electronic notification to personnel of the first entity that identifies the inconsistency and the attribute for the computer-implemented functionality. 3 . The method of claim 1 , wherein the action comprises sending, by the computing hardware, an electronic notification to personnel of the vendor that identifies the inconsistency and the attribute for the computer-implemented functionality. 4 . The method of claim 1 , wherein the action comprises causing, by the computing hardware, the computer-implemented functionality to be disabled in the computing system. 5 . The method of claim 4 , wherein: the computer-implemented functionality comprises a service provided by the vendor used by the computing system; integrating the computer-implemented functionality with the computing system comprises installing an application programming interface (API) in the computing system to call the service; and disabling the computer-implemented functionality comprises disabling the API from calling the service. 6 . The method of claim 1 , wherein: the computer-implemented functionality is integrated with a second computing system of a second entity that is different from the first entity; the modified risk rating identifies a risk to the second entity of having the computer-implemented functionality integrated with the second computing system and the modified risk rating moves the vendor from a first risk tier for the second entity to a second risk tier for the second entity; and the method further comprises, responsive to moving the vendor to the second risk tier for the second entity, performing a second action with respect to the second computing system of the second entity to address the modified risk rating, wherein the second action is defined for the second risk tier for the second entity. 1 . hod of claim 1 , wherein: the computer-implemented functionality is integrated with a second computing system of a second entity that is different from the first entity; and the method further comprises: modifying, by the computing hardware, a second risk rating to generate a second modified risk rating for the vendor based on the inconsistency, wherein: the modified risk rating is unique to the first entity, the second modified risk rating is unique to the second entity and identifies a risk to the second entity of having the computer-implemented functionality integrated with the second computing system, and the second modified risk rating moves the vendor from a first risk tier for the second entity to a second risk tier for the second entity; and responsive to moving the vendor to the second risk tier for the second entity, performing a second action with respect to the second computing system of the second entity to address the second modified risk rating, wherein the second action is defined for the second risk tier for the second entity. 8 . The method of claim 1 further comprising: identifying, by the computing hardware, the value for the attribute based on a mapping of a first question/answer pairing provided in the first assessment dataset, wherein the first question/answer pairing comprises a first question provided in a first questionnaire filled out by the vendor and a first answer provided by the vendor to the first question, and the value comprises the first answer; and identifying, by the computing hardware, the corresponding value for the attribute based on a mapping of a second question/answer pairing provided in the second assessment dataset, wherein the second question/answer pairing comprises a second question provided in a second questionnaire filled out by the vendor and a second answer provided by the vendor to the second question, and the corresponding value comprises the second answer. 9 . A system comprising: a non-transitory computer-readable medium storing instructions; and a processing device communicatively coupled to the non-transitory computer-readable medium, wherein, the processing device is configured to execute the instructions and thereby perform operations comprising: accessing a first assessment dataset and a second assessment dataset for computer-implemented functionality provided by a vendor from a data repository that stores risk assessment data on a plurality of computer-implemented functionality provided by different vendors, wherein the computer-implemented functionality is integrated with a computing system of a first entity; detecting an inconsistency between a value of an attribute for the computer-implemented functionality that is specified in the first assessment dataset and a corresponding value of the attribute that is specified in the second assessment dataset; modifying a risk rating to generate a modified risk rating for the vendor based on the inconsistency, wherein the modified risk rating identifies a change in risk to the first entity of having the computer-implemented functionality integrated with the computing system; and responsive to modified risk rating, performing an action with respect to the computing system of the first entity to address the change in risk. 10 . The system of claim 9 , wherein the action comprises sending an electronic notification to personnel of the first entity that identifies the inconsistency and the attribute for the computer-implemented functionality. 11 . The system of claim 9 , wherein the action comprises sending an electronic notification to personnel of the vendor that identifies the inconsistency and the attribute for the computer-implemented functionality. 12 . The system of claim 9 , wherein the action comprises causing the computer-implemented functionality to be disabled in the computing system. 13 . The system of claim 12 , wherein: the computer-implemented functionality comprises a service provided by the vendor used by the computing system; integrating the computer-implemented functionality with the computing system comprises installing an application programming interface (API) in the computing system to call the service; and disabling the computer-implemented functiona

Assignees

Onetrust Llc

Inventors

Classifications

G06F21/577Primary
Assessing vulnerabilities and evaluating computer system security · CPC title
G06F9/547
Remote procedure calls [RPC]; Web services · CPC title
G06Q10/0635
Risk analysis of enterprise or organisation activities · CPC title

Patent family

Related publications grouped by family.

View patent family 83601402

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2022335136A1 cover?: In general, various aspects of the present disclosure provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for addressing a modified risk rating identifying a risk to an entity of having computer-implemented functionality provided by a vendor integrated with a computing system of the entity. In accordance various aspects, a method is provided that compri…
Who is the assignee on this patent?: Onetrust Llc
What technology area does this patent fall under?: Primary CPC classification G06F21/577. Mapped technology areas include Physics.
When was this patent published?: Publication date Thu Oct 20 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).