Abstract: Techniques are disclosed for usage-tracking of various information security (InfoSec) entities for tenants/organization onboarded on an instant multi-tenant security assurance platform. The InfoSec entities include policies, procedures, controls and evidence tasks. A policy or procedure is enforced by implementing one or more controls, and the collection of one or more evidence tasks proves/verifies the implementation of a control. The InfoSec entities are linked to each other across the platform and accrue a number of benefits for the tenants. These include efficiently generating a security questionnaire response (SQR), measuring readiness via a readiness project for an audit project, sharing InfoSec entities across the various products of a tenant organization, risk assessment, automatic collection of evidence tasks, among others.

Abstract: Techniques are disclosed for usage-tracking of various information security (InfoSec) entities for tenants/organization onboarded on an instant multi-tenant security assurance platform. The InfoSec entities include policies, procedures, controls and evidence tasks. A policy or procedure is enforced by implementing one or more controls, and the collection of one or more evidence tasks proves/verifies the implementation of a control. The InfoSec entities are linked to each other across the platform and accrue a number of benefits for the tenants. These include efficiently generating a security questionnaire response (SQR), measuring readiness via a readiness project for an audit project, sharing InfoSec entities across the various products of a tenant organization, risk assessment, automatic collection of evidence tasks, among others.

Abstract: Techniques for automating/streamlining the process of responding to a security/privacy RFI/RFP as well as monitoring the security/privacy/IT compliance of an organization are disclosed. For this purpose, a variety of data sources, internal and external to the organization, are employed. A set of machine learning algorithms are also used that find the most appropriate item in the database of data sources that match any given question/item of the RFP. Based on this matching, the RFP question is answered in an automated or a semi-automated manner. The compliance of the organization against a given policy or set of controls is monitored and any observed security/privacy gaps/risk are identified. Recommendations on overcoming the gaps are further provided to the organization.

Abstract: Techniques for automating/streamlining the process of responding to a security/privacy RFI/RFP as well as monitoring the security/privacy/IT compliance of an organization are disclosed. For this purpose, a variety of data sources, internal and external to the organization, are employed. A set of machine learning algorithms are also used that find the most appropriate item in the database of data sources that match any given question/item of the RFP. Based on this matching, the RFP question is answered in an automated or a semi-automated manner. The compliance of the organization against a given policy or set of controls is monitored and any observed security/privacy gaps/risk are identified. Recommendations on overcoming the gaps are further provided to the organization.