Automation for GRC Management in Microsoft´s New Patent

In this post, I would like to discuss a recently published patent related to GRC. This patented was filled by Microsoft (US Patent # 2011/0112973 A1). It claims a computer-implemented method for compliance management of regulations for entities. The method comprises operations for receiving a set of control objectives and entities to generate test results.

This patent covers a process hierarchy from business objectives and policies to get compliance reports on test results. In the middle, there is a “compliance master framework” to organize control objectives in regulations and IT terms, along with an “abstraction library” and a “configuration management database CMDB” to map compliance programs to entities. The CMDB concept was previously patented by a related team on 2006 (Anthony Baron et al). Some of the terms in this patent seem to be widely defined, for instance, the “abstraction library may support mapping the detailed reality of the real world into abstract layers" (sic).

Microsoft offers GRC management solutions, which incorporate compliance software and risk management software. These solutions are designed to help organizations comply with current regulations, manage their risk, and facilitate required corporate disclosures. This patent shows Microsoft´s interest in continuing developing these solutions.

You can view or download this patent from my Box.net service:
http://www.box.net/shared/uu58jmzqbbv2ap3stdht
. It is interesting to read.

The inventor is Ashvinkumar J. Sanghvi. He has been filling patents related to automation of policies and procedures for information technology management since a decade ago. He already claimed 44 patents in the USPTO.

Software patenting has a role in GRC to address the automation of controls and tests, and hopeful, to reduce errors and human intervention.