US20140019183A1 - Automated Impact Assessment and Updates of Compliance Response Plans Pursuant to Policy Changes - Google Patents
Automated Impact Assessment and Updates of Compliance Response Plans Pursuant to Policy Changes Download PDFInfo
- Publication number
- US20140019183A1 US20140019183A1 US13/546,145 US201213546145A US2014019183A1 US 20140019183 A1 US20140019183 A1 US 20140019183A1 US 201213546145 A US201213546145 A US 201213546145A US 2014019183 A1 US2014019183 A1 US 2014019183A1
- Authority
- US
- United States
- Prior art keywords
- computer system
- surveys
- compliance requirements
- compliance
- workflows
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0639—Performance analysis of employees; Performance analysis of enterprise or organisation operations
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
Definitions
- FIG. 1 is a system level figure of an illustrative embodiment of the present disclosure.
- FIG. 2 illustrate process flows in accordance with embodiments of the present disclosure.
- FIG. 3 illustrates some data flows in accordance with the present disclosure.
- FIG. 4 is a system diagram of a particular instance of a compliance management system according to the present disclosure.
- FIG. 1 shows a compliance management system 100 in a business enterprise 10 in accordance with the present disclosure.
- a change manager 12 may be an administrative employee of the business enterprise 10 who interacts with the compliance management system 100 to administer changes to compliance requirements in accordance with the present disclosure.
- the term “compliance requirements” will be understood as collectively referring to regulations, rules, policies, and so on that are set forth by a regulatory agency, which govern aspects of operations and activities of the business enterprise 10 .
- the regulatory agency is typically separate from the business enterprise 10 , but in some embodiments may be a department or group within the business enterprise.
- the business enterprise 10 may include a data store 122 comprising a collection of the compliance requirements that are applicable to the activities of the business enterprise.
- a set of policies and procedures may be developed to ensure compliance with the applicable compliance requirements.
- a data store 124 may store these policies and procedures, which are specific to the business enterprise 10 , for ensuring compliance with the applicable compliance requirements.
- the data stores 122 and 124 may be embodied in the same storage system, or they may be separate storage systems.
- the data stores 122 and 124 may represent data tables in a data base system. Other configurations of data stores 122 and 124 are contemplated, of course.
- policies and procedures will be understood to refer to the policies that are developed and managed by the business enterprise 10 to ensure compliance with applicable regulations.
- remedial procedures, proactive procedures, responses, controls, test plans, and so on for reporting, monitoring, and responding to matters relating to the business enterprise's compliance of applicable regulations may be collectively referred to as “procedures”.
- the compliance management system 100 may include an interface 102 for receiving compliance requirements 154 from an agency 152 .
- the agency 152 may be a governmental body (e.g., federal government, state government, or some other local civil governing body).
- the agency 152 may be an industrial association that regulates the business practices of the business enterprise 10 . In some embodiments, the agency 152 may even be a group within the business enterprise 10 .
- the compliance requirements 154 may be in the form regulations, policies, goals, and so on set forth by the agency 152 .
- the interface 102 may serve as a portal to provide the agency 152 with access to the compliance management system 100 .
- the interface 102 may be a web-based interface.
- the interface 102 may be based on the simple object access protocol (SOAP), a representational state transfer (REST) data model, and the like.
- SOAP simple object access protocol
- REST representational state transfer
- the interface 102 may actively connect to the agency 152 (e.g., a server running in the agency) and download or otherwise obtain compliance requirements 154 from the agency.
- the interface 102 may be a computer system that any employee of the business enterprise 10 may use to input regulations documents; e.g., in a portable document format (PDF).
- PDF portable document format
- the received compliance requirements 112 may be stored to the data store 122 to update the business enterprise's store of compliance requirements.
- the compliance manager 100 may include an analysis engine 104 , which analyzes the received compliance requirements 112 .
- the analysis engine 104 may access the data store 122 to retrieve earlier versions of the received compliance requirements 112 or related compliance requirements.
- the analysis engine 104 may identify changes to compliance requirements (“compliance changes”) by analyzing the received compliance requirements 112 and earlier or related compliance requirements obtained from the data store 122 .
- An assessment engine 106 may initiate an assessment survey to determine whether changes in compliance requirements necessitate changes in policies and procedures of the business enterprise 10 .
- the assessment engine 106 may compile one or more appropriate surveys 132 and send them to survey participants 134 .
- the surveys may be used to gather information that can be used to decide whether or not the business enterprise's policies and procedures need to be changed to accommodate changes in compliance requirements.
- the assessment engine 106 may also initiate a collaborative effort 136 among meeting participants 136 a, instead of or in addition to sending out surveys 132 , in order to assess the changes in compliance requirements in a collaborative setting.
- a collaborative tool may be used to convene and conduct the collaborative effort 136 .
- the SAP® StreamWorkTM is an enterprise collaboration tool that allows real-time collaboration among its participants. Other tools, of course, may be used such as WebEx.
- the assessment engine 106 may then manage the progress of the assessment survey to its conclusion.
- the assessment engine 106 may initiate a second collaborative effort 142 of decision makers 142 a to decide, based on results of the surveys 134 and/or the first collaborative effort 136 , whether or not changes need to be made to the business enterprise's policies and procedures.
- the collaborative effort 142 may identify the specific policies and procedures that need to be changed to accommodate changes in the compliance requirements.
- the compliance management system 100 may include a workflow engine 108 . Changes to the policies and procedures may be specified as workflows.
- the workflow engine 108 may receive a set of workflows 144 from the collaborative effort 142 . The workflow engine 108 may then initiate and manage one or more workflow activities among workflow participants 146 to accomplish the tasks set out by the workflows 144 .
- responses of the workflow participants 146 may include updates to one or more portions of the policies and procedures.
- the workflow engine 108 may update the data store 124 of the business enterprise's policies and procedures at the conclusion of the workflow activities.
- the compliance management system 100 may include an internal data store 110 to store various information that the other components of the compliance management system may use. Examples of data that may be stored in the internal data store 110 will be described below.
- FIG. 2 depicts process flows in accordance with principles of the present disclosure.
- the design time process flow relates to setting up the compliance management system 100 .
- the execution time process flow relates to execution steps during operation of the compliance management system 100 .
- the compliance management system 100 may include a suitable user interface to allow a user (e.g., the change manager 12 ) to perform design time processing.
- the compliance management system 100 may include a console that the user “logs” onto, the compliance management system may provide a web services based interface, and so on.
- the design time process flow may include processing block 202 for defining categories and keywords.
- the different compliance requirements of the business enterprise 10 may be categorized according to subject areas or operational groups of the business enterprise.
- federal, state, and local regulations may relate to general subject areas such safety in the workplace, sexual harassment, and so on which are not related to any one group.
- a human resources department may manage compliance requirements categorized under these general subject areas.
- Compliance requirements may be directed to specific groups or department in the business enterprise 10 ; e.g., financial regulations may apply to the business enterprise's accounting department, manufacturing regulations may apply to production groups in the business enterprise, and so on.
- the categories may be defined by the change manager 12 .
- each defined category may be defined by, described by, or otherwise associated with keywords that may appear in the documents that comprise the compliance requirements. It will be understood that “keywords” may include word phrases in addition to individual words.
- the categories and their corresponding keywords may be stored in the internal data store 110 of the compliance management system 100 . Referring for a moment to FIG. 3 , for example, the internal data store 110 may implement a database system comprising data tables 302 , 304 , and 306 .
- a category data table 302 may store associations between keywords and categories.
- “stakeholders” may be identified and assigned or associated with the categories defined in processing block 202 .
- a stakeholder refers to a person (e.g., administrative person) or group within the business enterprise 10 who has some role in the administration of a given set of compliance requirements. That role may involve ensuring that the compliance requirements are met (e.g., a manager type), performing the actions to comply, administering compliance documents, and so on.
- a category of compliance requirements may be associated with many people and/or groups within the business enterprise 10 . People and groups within the business enterprise 10 may be associated with several categories of compliance requirements.
- the associations between categories and stakeholders may be stored in the internal data store 110 of the compliance management system 100 . For example, in FIG. 3 a stakeholder data table 304 may store associations between categories and stakeholders.
- assessment surveys may be defined and assigned or otherwise associated with the categories defined in processing block 202 .
- Each category of compliance requirements may have one or more assessment surveys.
- Assessment surveys may be questionnaires, such a multiple choice questions, fill-in-the-blank type questions, essays, and so on.
- the assessment surveys may be designed to elicit input from survey participants which can be subsequently used to make a decision on whether any of the business enterprise's policies and procedures need to be updated.
- the associations between categories and assessment surveys may be stored in the internal data store 110 of the compliance management system 100 .
- a survey data table 306 may store associations between categories and assessment surveys.
- execution time processing may be triggered by the change manager 12 ( FIG. 1 ).
- the change manager 12 may be an administrative person in the business enterprise 10 who has responsibility for managing the business enterprise's policies and procedures for complying with applicable compliance requirements.
- the change manager 12 may be informed or otherwise become aware of new or updated compliance requirements that may require a review/assessment of the business enterprise's current policies and procedures.
- an agency e.g., 152 , FIG. 1
- the compliance management system 100 may then alert the change manager 12 of the new or updated compliance requirements, for example, by sending an email or otherwise contacting the change manager.
- the change manager 12 may trigger execution time processing in the compliance management system 100 .
- the compliance management system 100 may be invoked to assess and effect any changes to relevant policies and procedures of the business enterprise 10 that may be impacted when changes to compliance requirements occur. Likewise, the compliance management system 100 may be invoked when a new set of compliance requirements are made by an agency. Thus, in addition to the business enterprise 10 developing a corresponding new set of policies and procedures for the new compliance requirements, the business enterprise may need to assess the impact of the new compliance requirements on related existing policies and procedures.
- the execution time process flow may include a processing block 212 for receiving new or updated compliance requirements.
- the change manager 12 may submit the received compliance requirements to the compliance management system 100 , or the received compliance requirements may be input from another source (e.g., agency 152 ).
- the compliance management system 100 may upload the received compliance requirements.
- compliance requirements may be received at the interface 102 in any of several data formats, such as textual data, data in a spreadsheet, image data, as PDF document, and so on. It may be practical for the compliance management system 100 to process documents to have a common data format. Accordingly, the process of uploading the received compliance requirements may include reformatting the received data to a suitable data format (e.g., text data). It will be appreciated that other processing may be performed on the documents, for example in order to facilitate the compliance management system 100 in processing the received compliance requirements.
- a suitable data format e.g., text data
- the analysis engine 104 may analyze the received compliance requirements.
- the analysis may be automatically initiated after the new or updated compliance requirements have been received and uploaded per processing blocks 212 and 214 . Or, in some embodiments, the analysis may be explicitly triggered by the change manager 12 .
- the analysis engine 104 may perform a comparison between the received compliance requirements and the current compliance requirements.
- the analysis engine 104 may extract or otherwise identify words and phrases contained in any differences between the received compliance requirements and current compliance requirements (e.g., obtained from data store 122 ).
- the analysis engine 104 may also extract words and phrases from the contents of the received compliance requirements. The words and phrases may then be matched against the keywords defined in processing block 202 and stored in the internal data store 110 for subsequent processing.
- the change manager 12 may guide the analysis. For example, if too many categories have been identified, the analysis engine 104 may alert the change manager 12 who may then intervene to refine the identification of appropriate categories. If the analysis engine 104 did not identify any categories, then the change manager 12 may be alerted to manually identify one or more appropriate categories.
- the figure shows an example of new or updated compliance requirements 312 that have been uploaded to the compliance management system 100 .
- Words and phrases identified from the contents of compliance requirements 312 may be used to identify one or more categories.
- the words and phrases may be used to search the category data table 302 to identify one or more categories.
- the identified categories may then be used to search the stakeholder data table 304 and the survey data table 306 to identify corresponding stakeholders 314 and assessment surveys 312 , respectively.
- the assessment engine 106 may initiate and mange an assessment survey to assess the new or updated compliance requirements.
- the assessment surveys 316 may comprise survey forms that are sent to respective stakeholders 314 (e.g., survey participants 134 , FIG. 1 ).
- the stakeholder data table 304 may include parameters for each stakeholder that informs the assessment engine 106 how assessment surveys 316 can be delivered to them; e.g., an email address, an office location, etc. Parameters in the survey data table 306 may inform the assessment engine 104 which stakeholders 314 should receive which assessment surveys, and so on.
- the change manager 12 may review the list of stakeholders 314 and assessment surveys 316 that the assessment engine 106 had identified, and make revisions if needed. The change manager 12 may then trigger the distribution of assessment surveys 316 to respective stakeholders 314 . In addition to the assessment surveys 316 , additional information may be provided to each stakeholder 314 ; e.g., old and new versions of the compliance requirements, etc.
- the parameters in the data tables 302 - 306 may indicate to the assessment engine 106 that a collaboration among certain stakeholders 314 should be conducted.
- a particular category such as “sexual harassment” may be of special importance that changes in compliance requirements relating to sexual harassment require a meeting of certain stakeholders, for example, department heads.
- the change manager 12 may make a decision to conduct a meeting of stakeholders.
- the assessment engine 106 may invoke a collaboration tool to schedule and coordinate stakeholders 314 to convene a survey meeting to assess the new or updated compliance requirements.
- the assessment engine 106 may monitor the progress of the assessment survey. For example, if surveys forms are sent out to stakeholders, the assessment engine 106 can track which stakeholders have responded to the survey forms. Likewise, if a survey meeting was arranged, the assessment engine 106 can track whether or not minutes of the meeting had been submitted. The assessment engine 106 may report to the change manager 12 which stakeholders have and have not responded to survey forms, the progress of survey meetings, whether meeting minutes have been received from those survey meetings, and so on. The assessment engine 106 may determine that the assessment survey is complete; for example, when it has received responses from every stakeholder. In some embodiments, the change manager 12 may make the determination that the assessment survey has completed. For example, if a stakeholder does not respond to a survey, the assessment engine 106 may never consider the assessment survey to be complete. However, the change manager 12 may step in and designate the assessment survey as nonetheless being complete so that the execution time process flow can proceed.
- the assessment engine 106 may initiate and manage a decision-making collaboration to (1) decide whether or not policies and procedures of the business enterprise 10 need to be updated and (2) identify what those updates should be.
- decision makers e.g., 142 a, FIG. 1
- the decision makers may be identified from among the stakeholders 314 identified in processing block 216 .
- the decision makers may be manually selected by the change manager 12 .
- the assessment engine 106 may coordinate a meeting of the decision makers and supply them (e.g., via email) with materials needed to conduct the meeting, including results the assessment survey, current relevant policies and procedures, and the like.
- the decision makers may decide whether or not any of the relevant policies and procedures need to be updated.
- the decision makers may determine what changes are needed to the relevant policies and procedures and may dictate how those changes are to be implemented.
- a meeting minutes or other report may be produced from the meeting of the decision maker and submitted to the compliance management system 100 .
- the change manager 12 may review the submitted material and define one or more workflows based on the changes specified by the decision makers.
- the workflows may be submitted to the workflow engine 108 .
- the workflows may be automated to some degree.
- the decision makers may make a list of policies and procedures that need to be changed. The list may constitute the workflows.
- the workflow engine 108 may trigger processing of one or more workflows for implementing changes to the business enterprise's policies and procedures as set forth by the decision makers.
- the change manager 12 may interact with the workflow engine 108 to develop and design suitable workflows.
- the workflows may specify workflow recipients and workflow tasks.
- the workflow tasks may be updates to the individual policy documents, test plans, responses, control documents, and the like which constitute the policies and procedures affected by the new or updated compliance requirements.
- the workflow recipients may be personnel in the business enterprise 10 such as department heads, managers, group leaders, and so on.
- the workflow engine 108 may distribute the workflows to the workflow recipients. Each workflow recipient may be given responsibility for ensuring that their assigned workflow task is completed.
- the end result of the workflows represent an update of the policies and procedures that are affected by the compliance requirements received in processing block 212 .
- the updated policies and procedures may then be stored on data store 124 , thus updating the business enterprise's data store of policies and procedures.
- the workflow engine 108 and/or the change manager 12 may conduct review process of the updated policies and procedures before storing them to data store 124 .
- FIG. 4 A particular embodiment of the compliance management system 100 in accordance with the present disclosure is illustrated in FIG. 4 , showing a high level block diagram of a computer system 402 configured to operate in accordance with the present disclosure.
- the computer system 402 may include a central processing unit (CPU) or other similar data processing component.
- the computer system 402 may include various memory components.
- the memory components may include a volatile memory 414 (e.g., random access memory, RAM) and a data storage device 416 .
- a communication interface 418 may be provided to allow the computer system 402 to communicate with an outside agency (e.g., agency 152 ) over a communication network 422 , such as a local area network (LAN), the Internet, and so on.
- An internal bus 420 may interconnect the components comprising the computer system 402 .
- the data storage device 416 may comprise a non-transitory computer readable medium having stored thereon computer executable program code 432 .
- the computer executable program code 432 may be executed by the CPU 412 to cause the CPU to perform steps of the present disclosure.
- the computer executable program code 432 may include code for the design time process flow, and code for the execution time process flow.
- the data storage device 416 may store data structures 434 such as the data tables 302 - 306 .
- the change manager 12 may interact with the computer system 402 using suitable user interface devices 442 . They may include, for example, input devices such as a keyboard, a keypad, a mouse or other pointing device, and output devices such as a display.
- All systems and processes discussed herein may be embodied in program code stored on one or more non-transitory computer-readable media.
- Such media may include, for example, a floppy disk, a CD-ROM, a DVD-ROM, a Flash drive, magnetic tape, and solid state Random Access Memory (RAM) or Read Only Memory (ROM) storage units. It will be appreciated that embodiments are not limited to any specific combination of hardware and software.
- Elements described herein as communicating with one another are directly or indirectly capable of communicating over any number of different systems for transferring data, including but not limited to shared memory communication, a local area network, a wide area network, a telephone network, a cellular network, a fiber-optic network, a satellite network, an infrared network, a radio frequency network, and any other type of network that may be used to transmit information between devices.
- communication between systems may proceed over any one or more transmission protocols that are or become known, such as Asynchronous Transfer Mode (ATM), Internet Protocol (IP), Hypertext Transfer Protocol (HTTP) and Wireless Application Protocol (WAP).
- ATM Asynchronous Transfer Mode
- IP Internet Protocol
- HTTP Hypertext Transfer Protocol
- WAP Wireless Application Protocol
Abstract
Description
- Unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
- Modern businesses are subjected to increasing numbers of regulations from governmental agencies, industry associations, and from within the business enterprise itself. Regulations may cover any aspect of the business enterprise such as employee concerns, product safety, environmental concerns, financial reporting, privacy issues, and so on. Compliance with some regulations may be voluntary, but the majority of regulations require compliance as a matter of law. Non-compliance with legally mandated regulations may incur heavy financial burdens such as fines, loss of business revenue, loss of business opportunity, law suits, and so on. Accordingly, large investments of time, money, and manpower may be expended to develop programs, processes, and infrastructure within the business enterprise to ensure current and ongoing compliance with regulations.
- The management of compliance with regulations is made even more challenging because regulations may change over time. The changes may be incremental and gradual, and at times may be significant. A typical business enterprise may have several thousands of policies, procedures, test plans, monitoring controls throughout the enterprise to monitor compliance and respond to potential and actual occurrences of non-compliance. The additional effort of assessing changes when new or updated regulations are published and then having to update the enterprise's compliance policies and procedures may impose a heavy burden to the enterprise.
-
FIG. 1 is a system level figure of an illustrative embodiment of the present disclosure. -
FIG. 2 illustrate process flows in accordance with embodiments of the present disclosure. -
FIG. 3 illustrates some data flows in accordance with the present disclosure. -
FIG. 4 is a system diagram of a particular instance of a compliance management system according to the present disclosure. - In the following description, for purposes of explanation, numerous examples and specific details are set forth in order to provide a thorough understanding of the present disclosure. It will be evident, however, to one skilled in the art that the present disclosure as defined by the claims may include some or all of the features in these examples alone or in combination with other features described below, and may further include modifications and equivalents of the features and concepts described herein.
-
FIG. 1 shows acompliance management system 100 in abusiness enterprise 10 in accordance with the present disclosure. Achange manager 12 may be an administrative employee of thebusiness enterprise 10 who interacts with thecompliance management system 100 to administer changes to compliance requirements in accordance with the present disclosure. The term “compliance requirements” will be understood as collectively referring to regulations, rules, policies, and so on that are set forth by a regulatory agency, which govern aspects of operations and activities of thebusiness enterprise 10. The regulatory agency is typically separate from thebusiness enterprise 10, but in some embodiments may be a department or group within the business enterprise. - The
business enterprise 10 may include adata store 122 comprising a collection of the compliance requirements that are applicable to the activities of the business enterprise. A set of policies and procedures may be developed to ensure compliance with the applicable compliance requirements. Adata store 124 may store these policies and procedures, which are specific to thebusiness enterprise 10, for ensuring compliance with the applicable compliance requirements. Thedata stores data stores data stores - As used herein, “policies and procedures” will be understood to refer to the policies that are developed and managed by the
business enterprise 10 to ensure compliance with applicable regulations. In addition, remedial procedures, proactive procedures, responses, controls, test plans, and so on for reporting, monitoring, and responding to matters relating to the business enterprise's compliance of applicable regulations may be collectively referred to as “procedures”. - The
compliance management system 100 may include aninterface 102 for receivingcompliance requirements 154 from anagency 152. Theagency 152 may be a governmental body (e.g., federal government, state government, or some other local civil governing body). Theagency 152 may be an industrial association that regulates the business practices of thebusiness enterprise 10. In some embodiments, theagency 152 may even be a group within thebusiness enterprise 10. As explained above, thecompliance requirements 154 may be in the form regulations, policies, goals, and so on set forth by theagency 152. - In some embodiments, the
interface 102 may serve as a portal to provide theagency 152 with access to thecompliance management system 100. Accordingly, theinterface 102 may be a web-based interface. For example, theinterface 102 may be based on the simple object access protocol (SOAP), a representational state transfer (REST) data model, and the like. In some embodiments, theinterface 102 may actively connect to the agency 152 (e.g., a server running in the agency) and download or otherwise obtaincompliance requirements 154 from the agency. In some embodiments, theinterface 102 may be a computer system that any employee of thebusiness enterprise 10 may use to input regulations documents; e.g., in a portable document format (PDF). The receivedcompliance requirements 112 may be stored to thedata store 122 to update the business enterprise's store of compliance requirements. - The
compliance manager 100 may include ananalysis engine 104, which analyzes the receivedcompliance requirements 112. Theanalysis engine 104 may access thedata store 122 to retrieve earlier versions of the receivedcompliance requirements 112 or related compliance requirements. In accordance with the present disclosure, and as will be discussed below, theanalysis engine 104 may identify changes to compliance requirements (“compliance changes”) by analyzing the receivedcompliance requirements 112 and earlier or related compliance requirements obtained from thedata store 122. - An
assessment engine 106 may initiate an assessment survey to determine whether changes in compliance requirements necessitate changes in policies and procedures of thebusiness enterprise 10. Theassessment engine 106 may compile one or moreappropriate surveys 132 and send them to surveyparticipants 134. The surveys may be used to gather information that can be used to decide whether or not the business enterprise's policies and procedures need to be changed to accommodate changes in compliance requirements. Theassessment engine 106 may also initiate acollaborative effort 136 amongmeeting participants 136 a, instead of or in addition to sending outsurveys 132, in order to assess the changes in compliance requirements in a collaborative setting. In some embodiments, a collaborative tool may be used to convene and conduct thecollaborative effort 136. For example, the SAP® StreamWork™ is an enterprise collaboration tool that allows real-time collaboration among its participants. Other tools, of course, may be used such as WebEx. Theassessment engine 106 may then manage the progress of the assessment survey to its conclusion. - The
assessment engine 106 may initiate a secondcollaborative effort 142 ofdecision makers 142 a to decide, based on results of thesurveys 134 and/or the firstcollaborative effort 136, whether or not changes need to be made to the business enterprise's policies and procedures. Thecollaborative effort 142 may identify the specific policies and procedures that need to be changed to accommodate changes in the compliance requirements. - The
compliance management system 100 may include aworkflow engine 108. Changes to the policies and procedures may be specified as workflows. In accordance with the present disclosure, theworkflow engine 108 may receive a set ofworkflows 144 from thecollaborative effort 142. Theworkflow engine 108 may then initiate and manage one or more workflow activities amongworkflow participants 146 to accomplish the tasks set out by theworkflows 144. In some embodiments, responses of theworkflow participants 146 may include updates to one or more portions of the policies and procedures. Theworkflow engine 108 may update thedata store 124 of the business enterprise's policies and procedures at the conclusion of the workflow activities. - The
compliance management system 100 may include aninternal data store 110 to store various information that the other components of the compliance management system may use. Examples of data that may be stored in theinternal data store 110 will be described below. -
FIG. 2 depicts process flows in accordance with principles of the present disclosure. There is a design time process flow and an execution time process flow. The design time process flow relates to setting up thecompliance management system 100. The execution time process flow relates to execution steps during operation of thecompliance management system 100. - The
compliance management system 100 may include a suitable user interface to allow a user (e.g., the change manager 12) to perform design time processing. For example, thecompliance management system 100 may include a console that the user “logs” onto, the compliance management system may provide a web services based interface, and so on. - The design time process flow may include
processing block 202 for defining categories and keywords. In accordance with the present disclosure, the different compliance requirements of thebusiness enterprise 10 may be categorized according to subject areas or operational groups of the business enterprise. For example, federal, state, and local regulations may relate to general subject areas such safety in the workplace, sexual harassment, and so on which are not related to any one group. Accordingly, there may be a category of compliance regulations called “workplace safety”, another category called “sexual harassment”, and so on. A human resources department may manage compliance requirements categorized under these general subject areas. Compliance requirements may be directed to specific groups or department in thebusiness enterprise 10; e.g., financial regulations may apply to the business enterprise's accounting department, manufacturing regulations may apply to production groups in the business enterprise, and so on. The categories may be defined by thechange manager 12. - In some embodiments, each defined category may be defined by, described by, or otherwise associated with keywords that may appear in the documents that comprise the compliance requirements. It will be understood that “keywords” may include word phrases in addition to individual words. The categories and their corresponding keywords may be stored in the
internal data store 110 of thecompliance management system 100. Referring for a moment toFIG. 3 , for example, theinternal data store 110 may implement a database system comprising data tables 302, 304, and 306. A category data table 302, for example, may store associations between keywords and categories. - In a
processing block 204, “stakeholders” may be identified and assigned or associated with the categories defined inprocessing block 202. A stakeholder refers to a person (e.g., administrative person) or group within thebusiness enterprise 10 who has some role in the administration of a given set of compliance requirements. That role may involve ensuring that the compliance requirements are met (e.g., a manager type), performing the actions to comply, administering compliance documents, and so on. A category of compliance requirements may be associated with many people and/or groups within thebusiness enterprise 10. People and groups within thebusiness enterprise 10 may be associated with several categories of compliance requirements. The associations between categories and stakeholders may be stored in theinternal data store 110 of thecompliance management system 100. For example, inFIG. 3 a stakeholder data table 304 may store associations between categories and stakeholders. - In a
processing block 206, assessment surveys (e.g., surveys 132) may be defined and assigned or otherwise associated with the categories defined inprocessing block 202. Each category of compliance requirements may have one or more assessment surveys. Assessment surveys may be questionnaires, such a multiple choice questions, fill-in-the-blank type questions, essays, and so on. In accordance with the present disclosure, the assessment surveys may be designed to elicit input from survey participants which can be subsequently used to make a decision on whether any of the business enterprise's policies and procedures need to be updated. The associations between categories and assessment surveys may be stored in theinternal data store 110 of thecompliance management system 100. For example, inFIG. 3 a survey data table 306 may store associations between categories and assessment surveys. - The discussion will now focus on the execution time process flow, also shown in
FIG. 2 . In a typical usage scenario, execution time processing may be triggered by the change manager 12 (FIG. 1 ). For example, thechange manager 12 may be an administrative person in thebusiness enterprise 10 who has responsibility for managing the business enterprise's policies and procedures for complying with applicable compliance requirements. Thechange manager 12 may be informed or otherwise become aware of new or updated compliance requirements that may require a review/assessment of the business enterprise's current policies and procedures. In another usage scenario, an agency (e.g., 152,FIG. 1 ) may access thecompliance management system 100 viainterface 102 and inform the compliance management system of new or updated compliance requirements. Thecompliance management system 100 may then alert thechange manager 12 of the new or updated compliance requirements, for example, by sending an email or otherwise contacting the change manager. In response, thechange manager 12 may trigger execution time processing in thecompliance management system 100. - In accordance with the present disclosure, the
compliance management system 100 may be invoked to assess and effect any changes to relevant policies and procedures of thebusiness enterprise 10 that may be impacted when changes to compliance requirements occur. Likewise, thecompliance management system 100 may be invoked when a new set of compliance requirements are made by an agency. Thus, in addition to thebusiness enterprise 10 developing a corresponding new set of policies and procedures for the new compliance requirements, the business enterprise may need to assess the impact of the new compliance requirements on related existing policies and procedures. - The execution time process flow may include a
processing block 212 for receiving new or updated compliance requirements. In embodiments, thechange manager 12 may submit the received compliance requirements to thecompliance management system 100, or the received compliance requirements may be input from another source (e.g., agency 152). - In a
processing block 214, thecompliance management system 100 may upload the received compliance requirements. For example, compliance requirements may be received at theinterface 102 in any of several data formats, such as textual data, data in a spreadsheet, image data, as PDF document, and so on. It may be practical for thecompliance management system 100 to process documents to have a common data format. Accordingly, the process of uploading the received compliance requirements may include reformatting the received data to a suitable data format (e.g., text data). It will be appreciated that other processing may be performed on the documents, for example in order to facilitate thecompliance management system 100 in processing the received compliance requirements. - In a
processing block 216, theanalysis engine 104 may analyze the received compliance requirements. The analysis may be automatically initiated after the new or updated compliance requirements have been received and uploaded per processing blocks 212 and 214. Or, in some embodiments, the analysis may be explicitly triggered by thechange manager 12. - In some embodiments, the
analysis engine 104 may perform a comparison between the received compliance requirements and the current compliance requirements. Theanalysis engine 104 may extract or otherwise identify words and phrases contained in any differences between the received compliance requirements and current compliance requirements (e.g., obtained from data store 122). Theanalysis engine 104 may also extract words and phrases from the contents of the received compliance requirements. The words and phrases may then be matched against the keywords defined inprocessing block 202 and stored in theinternal data store 110 for subsequent processing. In some embodiments, thechange manager 12 may guide the analysis. For example, if too many categories have been identified, theanalysis engine 104 may alert thechange manager 12 who may then intervene to refine the identification of appropriate categories. If theanalysis engine 104 did not identify any categories, then thechange manager 12 may be alerted to manually identify one or more appropriate categories. - Referring again to
FIG. 3 , the figure shows an example of new or updatedcompliance requirements 312 that have been uploaded to thecompliance management system 100. Words and phrases identified from the contents ofcompliance requirements 312 may be used to identify one or more categories. For example, the words and phrases may be used to search the category data table 302 to identify one or more categories. AsFIG. 3 further illustrates, the identified categories may then be used to search the stakeholder data table 304 and the survey data table 306 to identify correspondingstakeholders 314 and assessment surveys 312, respectively. - Continuing with
FIGS. 2 and 3 , having identified thestakeholders 314 and assessment surveys 316 that correspond to thecompliance requirements 312, inprocessing block 222 theassessment engine 106 may initiate and mange an assessment survey to assess the new or updated compliance requirements. In some embodiments, the assessment surveys 316 may comprise survey forms that are sent to respective stakeholders 314 (e.g.,survey participants 134,FIG. 1 ). The stakeholder data table 304 may include parameters for each stakeholder that informs theassessment engine 106 how assessment surveys 316 can be delivered to them; e.g., an email address, an office location, etc. Parameters in the survey data table 306 may inform theassessment engine 104 whichstakeholders 314 should receive which assessment surveys, and so on. In some embodiments, thechange manager 12 may review the list ofstakeholders 314 and assessment surveys 316 that theassessment engine 106 had identified, and make revisions if needed. Thechange manager 12 may then trigger the distribution of assessment surveys 316 torespective stakeholders 314. In addition to the assessment surveys 316, additional information may be provided to eachstakeholder 314; e.g., old and new versions of the compliance requirements, etc. - In some embodiments, the parameters in the data tables 302-306 may indicate to the
assessment engine 106 that a collaboration amongcertain stakeholders 314 should be conducted. For example, a particular category, such as “sexual harassment” may be of special importance that changes in compliance requirements relating to sexual harassment require a meeting of certain stakeholders, for example, department heads. Alternatively thechange manager 12 may make a decision to conduct a meeting of stakeholders. Accordingly, theassessment engine 106 may invoke a collaboration tool to schedule and coordinatestakeholders 314 to convene a survey meeting to assess the new or updated compliance requirements. - After initiating the assessment survey activity, such as sending out survey forms and/or arranging survey meetings, the
assessment engine 106 may monitor the progress of the assessment survey. For example, if surveys forms are sent out to stakeholders, theassessment engine 106 can track which stakeholders have responded to the survey forms. Likewise, if a survey meeting was arranged, theassessment engine 106 can track whether or not minutes of the meeting had been submitted. Theassessment engine 106 may report to thechange manager 12 which stakeholders have and have not responded to survey forms, the progress of survey meetings, whether meeting minutes have been received from those survey meetings, and so on. Theassessment engine 106 may determine that the assessment survey is complete; for example, when it has received responses from every stakeholder. In some embodiments, thechange manager 12 may make the determination that the assessment survey has completed. For example, if a stakeholder does not respond to a survey, theassessment engine 106 may never consider the assessment survey to be complete. However, thechange manager 12 may step in and designate the assessment survey as nonetheless being complete so that the execution time process flow can proceed. - In a
processing block 224, theassessment engine 106 may initiate and manage a decision-making collaboration to (1) decide whether or not policies and procedures of thebusiness enterprise 10 need to be updated and (2) identify what those updates should be. For example, in some embodiments, decision makers (e.g., 142 a,FIG. 1 ) may be identified from among thestakeholders 314 identified inprocessing block 216. In other embodiments, the decision makers may be manually selected by thechange manager 12. Theassessment engine 106 may coordinate a meeting of the decision makers and supply them (e.g., via email) with materials needed to conduct the meeting, including results the assessment survey, current relevant policies and procedures, and the like. - The decision makers may decide whether or not any of the relevant policies and procedures need to be updated. The decision makers may determine what changes are needed to the relevant policies and procedures and may dictate how those changes are to be implemented. A meeting minutes or other report may be produced from the meeting of the decision maker and submitted to the
compliance management system 100. Thechange manager 12 may review the submitted material and define one or more workflows based on the changes specified by the decision makers. The workflows may be submitted to theworkflow engine 108. In some embodiments, the workflows may be automated to some degree. Foe example, the decision makers may make a list of policies and procedures that need to be changed. The list may constitute the workflows. - In
processing block 226, theworkflow engine 108 may trigger processing of one or more workflows for implementing changes to the business enterprise's policies and procedures as set forth by the decision makers. In some embodiments, thechange manager 12 may interact with theworkflow engine 108 to develop and design suitable workflows. The workflows may specify workflow recipients and workflow tasks. The workflow tasks may be updates to the individual policy documents, test plans, responses, control documents, and the like which constitute the policies and procedures affected by the new or updated compliance requirements. The workflow recipients may be personnel in thebusiness enterprise 10 such as department heads, managers, group leaders, and so on. - The
workflow engine 108 may distribute the workflows to the workflow recipients. Each workflow recipient may be given responsibility for ensuring that their assigned workflow task is completed. In some embodiments, the end result of the workflows represent an update of the policies and procedures that are affected by the compliance requirements received inprocessing block 212. The updated policies and procedures may then be stored ondata store 124, thus updating the business enterprise's data store of policies and procedures. In some embodiments, theworkflow engine 108 and/or thechange manager 12 may conduct review process of the updated policies and procedures before storing them todata store 124. - A particular embodiment of the
compliance management system 100 in accordance with the present disclosure is illustrated inFIG. 4 , showing a high level block diagram of acomputer system 402 configured to operate in accordance with the present disclosure. Thecomputer system 402 may include a central processing unit (CPU) or other similar data processing component. Thecomputer system 402 may include various memory components. For example, the memory components may include a volatile memory 414 (e.g., random access memory, RAM) and adata storage device 416. Acommunication interface 418 may be provided to allow thecomputer system 402 to communicate with an outside agency (e.g., agency 152) over acommunication network 422, such as a local area network (LAN), the Internet, and so on. Aninternal bus 420 may interconnect the components comprising thecomputer system 402. - The
data storage device 416 may comprise a non-transitory computer readable medium having stored thereon computerexecutable program code 432. The computerexecutable program code 432 may be executed by theCPU 412 to cause the CPU to perform steps of the present disclosure. For example, the computerexecutable program code 432 may include code for the design time process flow, and code for the execution time process flow. Thedata storage device 416 may storedata structures 434 such as the data tables 302-306. Thechange manager 12 may interact with thecomputer system 402 using suitableuser interface devices 442. They may include, for example, input devices such as a keyboard, a keypad, a mouse or other pointing device, and output devices such as a display. - All systems and processes discussed herein may be embodied in program code stored on one or more non-transitory computer-readable media. Such media may include, for example, a floppy disk, a CD-ROM, a DVD-ROM, a Flash drive, magnetic tape, and solid state Random Access Memory (RAM) or Read Only Memory (ROM) storage units. It will be appreciated that embodiments are not limited to any specific combination of hardware and software. Elements described herein as communicating with one another are directly or indirectly capable of communicating over any number of different systems for transferring data, including but not limited to shared memory communication, a local area network, a wide area network, a telephone network, a cellular network, a fiber-optic network, a satellite network, an infrared network, a radio frequency network, and any other type of network that may be used to transmit information between devices. Moreover, communication between systems may proceed over any one or more transmission protocols that are or become known, such as Asynchronous Transfer Mode (ATM), Internet Protocol (IP), Hypertext Transfer Protocol (HTTP) and Wireless Application Protocol (WAP).
- The above description illustrates various embodiments of the present disclosure along with examples of how aspects of the present disclosure may be implemented. The above examples and embodiments should not be deemed to be the only embodiments, and are presented to illustrate the flexibility and advantages of the present disclosure as defined by the following claims. Based on the above disclosure and the following claims, other arrangements, embodiments, implementations and equivalents will be evident to those skilled in the art and may be employed without departing from the spirit and scope of the disclosure as defined by the claims.
Claims (20)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/546,145 US8645180B1 (en) | 2012-07-11 | 2012-07-11 | Automated impact assessment and updates of compliance response plans pursuant to policy changes |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/546,145 US8645180B1 (en) | 2012-07-11 | 2012-07-11 | Automated impact assessment and updates of compliance response plans pursuant to policy changes |
Publications (2)
Publication Number | Publication Date |
---|---|
US20140019183A1 true US20140019183A1 (en) | 2014-01-16 |
US8645180B1 US8645180B1 (en) | 2014-02-04 |
Family
ID=49914744
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/546,145 Active 2032-08-15 US8645180B1 (en) | 2012-07-11 | 2012-07-11 | Automated impact assessment and updates of compliance response plans pursuant to policy changes |
Country Status (1)
Country | Link |
---|---|
US (1) | US8645180B1 (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150347390A1 (en) * | 2014-05-30 | 2015-12-03 | Vavni, Inc. | Compliance Standards Metadata Generation |
US20160092885A1 (en) * | 2014-09-26 | 2016-03-31 | General Electric Company | Product compliance fulfillment portal system and method |
WO2017158542A1 (en) * | 2016-03-15 | 2017-09-21 | Ritchie Stuart | Privacy impact assessment system and associated methods |
US10685025B2 (en) | 2017-08-29 | 2020-06-16 | International Business Machines Corporation | Generating a data structure that maps two files |
US20230177435A1 (en) * | 2021-12-03 | 2023-06-08 | International Business Machines Corporation | Modularized governance of continuous compliance |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160350766A1 (en) * | 2015-05-27 | 2016-12-01 | Ascent Technologies Inc. | System and methods for generating a regulatory alert index using modularized and taxonomy-based classification of regulatory obligations |
US10467717B2 (en) | 2015-10-07 | 2019-11-05 | International Business Machines Corporation | Automatic update detection for regulation compliance |
US10839106B2 (en) | 2017-06-30 | 2020-11-17 | Microsoft Technology Licensing, Llc | Creating workflow instances |
US11545270B1 (en) * | 2019-01-21 | 2023-01-03 | Merck Sharp & Dohme Corp. | Dossier change control management system |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020194014A1 (en) * | 2000-04-19 | 2002-12-19 | Starnes Curt R. | Legal and regulatory compliance program and legal resource database architecture |
US7742998B2 (en) * | 2001-06-25 | 2010-06-22 | International Business Machines Corporation | Method and system for administering compliance with international shipping requirements |
US7676389B2 (en) * | 2001-12-28 | 2010-03-09 | Atmos Energy Corporation | Compliance management system and method |
US8700415B2 (en) * | 2005-06-09 | 2014-04-15 | Bank Of America Corporation | Method and system for determining effectiveness of a compliance program |
WO2008010903A2 (en) * | 2006-07-05 | 2008-01-24 | The Bank Of New York | Compliance management system and method |
US7818083B2 (en) * | 2006-10-31 | 2010-10-19 | Resurgent Health & Medical, Llc | Automated washing system with compliance verification and automated compliance monitoring reporting |
US20090012834A1 (en) * | 2007-07-03 | 2009-01-08 | Brian Fahey | Compliance Management System |
WO2009061689A1 (en) * | 2007-11-05 | 2009-05-14 | Avior Computing Corporation | Monitoring and managing regulatory compliance among organizations |
US20130198094A1 (en) * | 2012-02-01 | 2013-08-01 | Benny Arazy | System and method for regulation compliance |
-
2012
- 2012-07-11 US US13/546,145 patent/US8645180B1/en active Active
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150347390A1 (en) * | 2014-05-30 | 2015-12-03 | Vavni, Inc. | Compliance Standards Metadata Generation |
US20160092885A1 (en) * | 2014-09-26 | 2016-03-31 | General Electric Company | Product compliance fulfillment portal system and method |
US10049367B2 (en) * | 2014-09-26 | 2018-08-14 | General Electric Company | Product compliance fulfillment portal system and method |
WO2017158542A1 (en) * | 2016-03-15 | 2017-09-21 | Ritchie Stuart | Privacy impact assessment system and associated methods |
US10685025B2 (en) | 2017-08-29 | 2020-06-16 | International Business Machines Corporation | Generating a data structure that maps two files |
US10997181B2 (en) | 2017-08-29 | 2021-05-04 | International Business Machines Corporation | Generating a data structure that maps two files |
US20230177435A1 (en) * | 2021-12-03 | 2023-06-08 | International Business Machines Corporation | Modularized governance of continuous compliance |
Also Published As
Publication number | Publication date |
---|---|
US8645180B1 (en) | 2014-02-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8645180B1 (en) | Automated impact assessment and updates of compliance response plans pursuant to policy changes | |
Sari et al. | From ISO 9001: 2008 to ISO 9001: 2015: Significant changes and their impacts to aspiring organizations | |
US20130311222A1 (en) | Social Networking System For Organization Management | |
US8799210B2 (en) | Framework for supporting transition of one or more applications of an organization | |
US20150356477A1 (en) | Method and system for technology risk and control | |
EP2728465A1 (en) | System and method for assessing product maturity | |
Choo et al. | Pragmatic adaptation of the ISO 31000: 2009 enterprise risk management framework in a high-tech organization using Six Sigma | |
Talla et al. | An implementation of ITIL guidelines for IT support process in a service organization | |
Carroll | Identifying risks in the realm of enterprise risk management | |
KR20160082648A (en) | System and method for managing work flow and supporting capacity assessment | |
Shang et al. | The adoption of Toyota Way principles in large Chinese construction firms | |
US20210004766A1 (en) | Determining and maintaining organizational project participant compliance | |
US20170116555A1 (en) | System and Method for Integrating Employee Feedback with an Electronic Time Clock or Computer Login | |
US20160342928A1 (en) | Business activity information management | |
US8504412B1 (en) | Audit automation with survey and test plan | |
de Farias Junior et al. | Communication in distributed software development: a preliminary maturity model | |
US20140172481A1 (en) | Business activity information management | |
Pradana | Analyze the Effectiveness of Service Level Agreement (SLA) Toward Goods Delivery | |
Valverde et al. | DSS based it service support process reengineering using ITIL: A case study | |
Vadhanasin et al. | It project management effectiveness framework: a study in thai firms | |
Indriany et al. | Data Quality Management Maturity: Case Study National Narcotics Board | |
Irizar et al. | Development and Application of a New Maturity Model for Risk Management in the Automotive Industry | |
Vyas et al. | Application of Process Maturity Model: A Case Study in the Services Industry. | |
Barreto et al. | Defining and monitoring strategically aligned software improvement goals | |
Gaitero et al. | The Journal of Systems & Software |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: SAP AG, GERMANY Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:ZENG, YING;REEL/FRAME:028527/0457 Effective date: 20120704 |
|
FEPP | Fee payment procedure |
Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
AS | Assignment |
Owner name: SAP SE, GERMANY Free format text: CHANGE OF NAME;ASSIGNOR:SAP AG;REEL/FRAME:033625/0334 Effective date: 20140707 |
|
FEPP | Fee payment procedure |
Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Free format text: PAYER NUMBER DE-ASSIGNED (ORIGINAL EVENT CODE: RMPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
FPAY | Fee payment |
Year of fee payment: 4 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 8 |