Detection method, device, storage medium and electronic device
By obtaining the latest rules from the regulatory rule base and converting them into technical indicators, and then linking them with business function points to generate a compliance comparison table, the problem of lagging compliance testing of information systems has been solved. This has enabled automated and intelligent compliance testing, improved the accuracy and timeliness of testing, and reduced risks.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- CHINA CONSTRUCTION BANK
- Filing Date
- 2025-12-17
- Publication Date
- 2026-06-05
AI Technical Summary
Existing methods for detecting business compliance in information systems lag behind updates to regulatory rules, resulting in long delivery cycles, high risks of compliance vulnerabilities, and a lack of end-to-end risk control mechanisms. These methods fail to meet the dual requirements of rapid iteration and strict regulation in the financial sector.
By obtaining the latest rules from the regulatory rule base, converting them into technical indicators and associating them with business function points, a requirement compliance checklist is generated. Based on this, compliance testing of the information system is carried out. Combined with canary release and rollback mechanisms, automated and intelligent compliance testing is achieved.
It significantly improves the accuracy and timeliness of compliance testing, reduces the risk of rework and operational risks after system launch, and ensures that the information system always meets regulatory requirements during the development process.
Smart Images

Figure CN122153894A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of information security technology, and in particular to a detection method, apparatus, storage medium and electronic device. Background Technology
[0002] With the rapid development of fintech, financial institutions are experiencing increasingly frequent iterations of their information systems, leading to ever-increasing business complexity. Simultaneously, financial regulatory rules are constantly being updated and refined to mitigate risks and protect consumer rights. Against this backdrop, ensuring that information system versions meet the latest business compliance requirements before deployment has become a critical challenge for financial institutions.
[0003] In related technologies, the business compliance detection methods for information systems mainly rely on manual review and automated verification based on static rules in the later stages of development. This method is lagging behind, cannot dynamically adapt to frequently updated regulatory rules, and suffers from long delivery cycles and high compliance vulnerability risks due to the fragmented collaboration between business, technology, and compliance departments. Furthermore, it lacks an effective end-to-end risk control mechanism and cannot meet the dual requirements of rapid iteration and strict regulation in financial business. Summary of the Invention
[0004] In view of this, this application provides a testing method, apparatus, storage medium, and electronic device to improve the accuracy and timeliness of compliance testing.
[0005] Firstly, this application provides a detection method, including: Retrieve regulatory rules from the regulatory rule base; the regulatory rule base is used to store the latest regulatory rules. The regulatory rules are transformed into technical indicators, and these technical indicators are associated with business function points to generate a requirement compliance checklist; the business function points are the functional units in the information system that are related to the regulatory rules. Based on the aforementioned requirement compliance checklist, compliance checks are performed on the business processes of the information system to obtain the check results.
[0006] In some embodiments of this disclosure, the method further includes: Access the latest regulatory rules issued by regulatory agencies through application programming interfaces; Update the regulatory rule base according to the latest regulatory rules.
[0007] In some embodiments of this disclosure, the compliance check of the information system's business processes based on the required compliance checklist includes: Based on the aforementioned requirement compliance checklist, test cases are generated; Based on the test cases, the business processes of the information system are simulated and run to perform compliance checks on the business processes of the information system.
[0008] In some embodiments of this disclosure, the method further includes: If the test result is satisfactory, the new version of the information system file will be released to the pilot device, so that the pilot device can install and run the information system based on the new version file; Monitor the operational status of the information system using the pilot equipment; If the operating status is normal, the new version of the information system file will be released to all devices in the production environment.
[0009] In some embodiments of this disclosure, the method further includes: If the operating status is abnormal, the pilot device will be controlled to switch the information system from the new version to the old version within a preset time.
[0010] In some embodiments of this disclosure, the method further includes: Record the operation log of the testing process; The operation logs are uploaded to the blockchain storage.
[0011] In some embodiments of this disclosure, the method is applied to an integrated collaborative platform, which includes multiple departmental nodes, and the method further includes: Define a serialized detection task flow for multiple department nodes, and configure processing time limits for key tasks in the detection task flow.
[0012] In some embodiments of this disclosure, the method further includes: A test report is generated based on the test results. The test report includes the compliance pass rate, the distribution of high-risk businesses, and the coverage of regulatory rules. The test report is displayed.
[0013] Secondly, this application provides a detection device, comprising: The first processing module is used to retrieve regulatory rules from the regulatory rule base; the regulatory rule base is used to store the latest regulatory rules. The second processing module is used to convert the regulatory rules into technical indicators and associate the technical indicators with business function points to generate a requirement compliance comparison table; the business function points are the functional units in the information system related to the regulatory rules. The third processing module is used to perform compliance checks on the business processes of the information system based on the required compliance checklist, and obtain the check results.
[0014] Thirdly, this application provides an electronic device including at least one processor; and a memory communicatively connected to the at least one processor; wherein the memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to enable the at least one processor to perform the method described in the first aspect.
[0015] Fourthly, this application provides a computer-readable storage medium storing computer instructions for causing the computer to perform the method described in the first aspect.
[0016] Fifthly, this application provides a computer program product, including a computer program that, when executed by a processor, implements the method described in the first aspect.
[0017] Using the above technical solutions, the detection method, apparatus, storage medium, and electronic equipment provided in this application relate to the field of information security technology. The method includes: obtaining regulatory rules from a regulatory rule base; converting the regulatory rules into technical indicators; associating the technical indicators with business function points to generate a requirement compliance checklist; and performing compliance detection on the business processes of the information system based on the requirement compliance checklist to obtain the detection results. The regulatory rule base stores the latest regulatory rules, and the business function points are the functional units in the information system related to the regulatory rules.
[0018] In the technical solution of this application, the latest regulatory rules are stored in a regulatory rule base, and a requirement compliance comparison table is constructed based on the latest regulatory rules for compliance testing. This effectively overcomes the problems of existing technologies where business needs and compliance requirements are disconnected and testing standards are difficult to adapt to dynamically updated regulatory rules. It realizes the accurate and efficient transformation of dynamically changing regulatory rules into automated compliance testing of information system business processes, thereby significantly improving the accuracy and timeliness of compliance testing and reducing the risk of rework due to compliance loopholes and the operational risks after the system goes live.
[0019] The above description is only an overview of the technical solution of this application. In order to better understand the technical means of this application and to implement it in accordance with the contents of the specification, and to make the above and other objects, features and advantages of this application more obvious and understandable, the following are specific embodiments of this application. Attached Figure Description
[0020] The accompanying drawings, which are incorporated in and form part of this specification, illustrate embodiments consistent with this application and, together with the description, serve to explain the principles of this application.
[0021] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, for those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0022] Figure 1 A schematic flowchart of the detection method provided in the embodiments of this disclosure; Figure 2 This is a schematic diagram of the detection process provided in the embodiments of this disclosure; Figure 3 This is a schematic diagram of the structure of the detection device provided in the embodiments of this disclosure; Figure 4 This is a schematic diagram of the structure of an electronic device provided in an embodiment of this disclosure. Detailed Implementation
[0023] The embodiments of this application will now be described in more detail with reference to the accompanying drawings. It should be noted that, unless otherwise specified, the embodiments and features described herein can be combined with each other.
[0024] Embodiments of this disclosure are described in detail below. Examples of these embodiments are illustrated in the accompanying drawings, wherein the same or similar reference numerals denote the same or similar elements or elements having the same or similar functions throughout. The embodiments described below with reference to the accompanying drawings are exemplary and intended to explain this disclosure, and should not be construed as limiting this disclosure.
[0025] This disclosure is not exhaustive, but merely illustrative of some embodiments, and is not intended to limit the scope of protection of this disclosure. Unless otherwise specified, each step in a particular embodiment can be implemented as an independent embodiment, and the steps can be arbitrarily combined. For example, a solution after removing some steps in a particular embodiment can also be implemented as an independent embodiment, and the order of the steps in a particular embodiment can be arbitrarily interchanged. Furthermore, the optional implementation methods in a particular embodiment can be arbitrarily combined; moreover, the embodiments can be arbitrarily combined, for example, some or all steps of different embodiments can be arbitrarily combined, and a particular embodiment can be arbitrarily combined with the optional implementation methods of other embodiments.
[0026] In each of the disclosed embodiments, unless otherwise specified or in case of logical conflict, the terminology and / or descriptions of the embodiments are consistent and can be referenced by each other. Technical features in different embodiments can be combined to form new embodiments based on their inherent logical relationships.
[0027] The terminology used in the embodiments of this disclosure is for the purpose of describing particular embodiments only and is not intended to limit the scope of this disclosure. In this disclosure, unless otherwise stated, elements expressed in the singular form, such as "a," "an," "the," "the," "the," "the," "the," "the," "this," etc., can mean "one and only one," or "one or more," "at least one," etc. For example, when using articles such as "a," "an," "the," etc. in translation, the noun following the article can be understood as either a singular or a plural expression.
[0028] In some embodiments, the terms “in response to…”, “in response to determining…”, “in the case of…”, “when…”, “if…”, “if…”, etc., can be used interchangeably.
[0029] In some embodiments, the terms “greater than,” “greater than or equal to,” “not less than,” “more than,” “more than or equal to,” “not less than,” “higher than,” “higher than or equal to,” “not lower than,” and “above” can be used interchangeably, as can the terms “less than,” “less than or equal to,” “not greater than,” “less than,” “less than or equal to,” “not more than,” “lower than,” “lower than or equal to,” “not higher than,” and “below”.
[0030] The prefixes such as "first" and "second" in the embodiments of this disclosure are only for distinguishing different descriptive objects and do not constitute restrictions on the position, order, priority, number or content of the descriptive objects. For the description of the descriptive objects, please refer to the description in the claims or the context of the embodiments. The use of prefixes should not constitute unnecessary restrictions.
[0031] In the embodiments disclosed herein, "multiple" refers to two or more.
[0032] In the embodiments disclosed herein, terms such as “import”, “input”, and “read in” can be used interchangeably.
[0033] In some embodiments, devices, etc., can be interpreted as physical or virtual, and their names are not limited to the names recorded in the embodiments. Terms such as “device”, “equipment”, “circuit”, “network element”, “node”, “function”, “unit”, “section”, “system”, “network”, “chip”, “chip system”, “entity”, and “subject” can be used interchangeably.
[0034] In some embodiments, the terms "terminal", "terminal device", "user equipment (UE)", "user terminal", "mobile station (MS)", "mobile terminal (MT)", subscriber station, mobile unit, subscriber unit, wireless unit, remote unit, mobile device, wireless device, wireless communication device, remote device, mobile subscriberstation, access terminal, mobile terminal, wireless terminal, remote terminal, handset, user agent, mobile client, and client can be used interchangeably.
[0035] The relevant terms in the embodiments of this application are explained below.
[0036] Regulatory compliance verification: Before delivery, check whether the information system version complies with the latest financial regulatory requirements and ensure that functions, data management, and risk control meet regulatory rules.
[0037] Change management: Implement full-process control over information system version changes, including change application, risk assessment, approval, implementation, and rollback contingency plan, to avoid system failures caused by disorderly changes.
[0038] Audit trail: Throughout the entire version delivery process, record the responsible persons, time, and content of all key operations to form a traceable log and meet financial audit compliance requirements.
[0039] Information systems in the financial sector are complex systems comprised of hardware, software, data, networks, and processes, used to support all daily operations and business activities of financial institutions. Business compliance testing of information systems refers to examining whether the functions, processes, and data processing methods of information systems comply with regulatory rules formulated and issued by regulatory authorities when conducting business. Regulatory rules refer to the laws, regulations, rules, guidelines, and technical standards that must be followed when conducting business.
[0040] Currently, compliance testing of information systems in the financial sector faces multiple challenges: Firstly, there is a disconnect between business needs and compliance requirements. Regulatory rules are not embedded in business function design during the early stages of information system development, leading to compliance vulnerabilities only being discovered during the testing phase, resulting in extensive rework and extended delivery cycles. Secondly, systems struggle to dynamically adapt to frequently updated regulatory rules. Regulatory rules issued by the central bank and other regulatory agencies are frequently updated, or certain clauses are vaguely worded, making it difficult for companies to promptly translate new regulations into executable test cases, posing a risk of delays. Thirdly, cross-departmental collaboration is inefficient, with information from business, technology, compliance, and testing departments not synchronized. Delayed communication and repeated reviews further slow down delivery. Finally, due to the lack of risk control mechanisms such as gray-scale verification, if problems arise after full system deployment, system shutdown and rollback are necessary, directly impacting the continuity of financial services and fund security.
[0041] In related technologies, the business compliance testing method for information systems is based on full-process control and manual review. The inspection is carried out by establishing a full-process control system. However, the compliance testing process is highly dependent on manual operation, and regulatory rules need to be manually imported and interpreted regularly. Manual compliance testing is carried out in the later stages of development or testing.
[0042] In addition, relevant technical tools can be introduced: rule engine technology can be used to transform specific regulatory rules into executable code logic or Structured Query Language (SQL) to automatically verify business data. For example, a rule engine can set thresholds for transaction amount, transaction frequency, etc., and automatically trigger an alert when business data exceeds the threshold; distributed computing and big data processing technologies can be used to collect, clean, integrate and analyze business data in real time to provide data support for compliance testing; and security and traceability technologies can be adopted, using blockchain notarization to ensure the immutability of business data, and combining vulnerability scanning and complete audit logs to record key operations, together to retain credible evidence for compliance verification and regulatory traceability.
[0043] In the above implementation methods, the compliance testing process lags behind the testing process, requiring retrospective modifications and retesting after problems are discovered, thus extending the version delivery cycle. Traditional tools struggle to dynamically adapt to dynamically updated regulatory rules, necessitating manual re-auditing when new regulations are released, which carries the risk of response delays and omissions. Information asynchrony between business, technology, and compliance departments, coupled with the lack of a unified business compliance testing mechanism, leads to compliance vulnerabilities and security risks in the deployed versions. For complex business scenarios such as open banking and cross-border business, traditional tools cannot achieve end-to-end, penetrating risk tracking, making it easy to cross regulatory red lines.
[0044] To address the aforementioned problems, embodiments of this application provide a detection method, such as... Figure 1 The diagram shown is a flowchart of the detection method provided in this application embodiment, including the following steps: S101: Obtain regulatory rules from the regulatory rule base.
[0045] The regulatory rule base is used to store the latest regulatory rules.
[0046] S102: Translate regulatory rules into technical indicators.
[0047] Technical indicators are identifiable, quantifiable, and executable parameters or standards corresponding to regulatory rules.
[0048] S103: Link technical indicators with business function points to generate a requirement compliance checklist.
[0049] Among them, business function points are functional units in the information system that are related to regulatory rules and are used to implement business functions. The requirement compliance checklist records the business function points and their associated technical indicators, and uses the technical indicators to indicate the compliance requirements that the business function points must follow, so as to ensure that the business function points meet regulatory, security, performance and other requirements.
[0050] S104: Based on the requirements compliance checklist, conduct compliance checks on the business processes of the information system and obtain the check results.
[0051] Compliance testing of business processes includes testing the compliance of individual business functions within a process and testing the compliance of a chain of business processes consisting of multiple business functions. Compliance testing refers to examining whether the behavior and data of a business process in actual operation conform to the quantifiable technical indicators corresponding to each regulatory rule in the compliance checklist.
[0052] In this embodiment, the latest regulatory rules are stored in a regulatory rule base, and a requirement compliance comparison table is constructed based on the latest regulatory rules for compliance testing. This effectively overcomes the problems of existing technologies where business needs and compliance requirements are disconnected and testing standards are difficult to adapt to dynamically updated regulatory rules. It realizes the accurate and efficient transformation of dynamically changing regulatory rules into automated compliance testing of information system business processes, thereby significantly improving the accuracy and timeliness of compliance testing and reducing the risk of rework due to compliance loopholes and the operational risks after the system goes live.
[0053] The following is based on Figure 2 The following is a detailed explanation of the testing methods provided in the application, using the testing process for the delivery of a new version of the information system as an example.
[0054] During the requirements phase of a new version of an information system, business functions and compliance requirements are clearly defined. By constructing a two-way mapping system between business and compliance, the link between business requirements and compliance requirements is established. This allows for the centralization of business departments, compliance departments, and technical departments, forming a cross-departmental task force. Regulatory rules are broken down during the requirements phase of the information system version, transforming them into technical indicators. These technical indicators are then linked to business function points to generate a requirements-compliance comparison table. This clarifies the relationship between business functions and compliance requirements, thereby resolving the disconnect between business requirements and compliance requirements.
[0055] For example, if a business function includes a customer account query interface and regulatory rules include the "Technical Specification for the Protection of Personal Financial Information," which instructs that security measures such as encryption should be taken to transmit sensitive customer information, then the transformed technical indicator is that the transmission of sensitive customer information must be encrypted using a national cryptographic algorithm (such as the SM4 algorithm), and this technical indicator is associated with the business function.
[0056] In some embodiments, a regulatory rule base can be built to store and manage all relevant regulatory rules, and to obtain the latest regulatory rules in real time. The regulatory rule base can be updated according to the latest regulatory rules, thereby synchronizing changes in regulatory rules in real time, dynamically updating security baselines, test cases and process specifications, ensuring that the standards for compliance testing are always synchronized with the latest regulatory requirements, realizing dynamic management of compliance baselines, and solving the problem that the system is difficult to dynamically adapt to compliance requirements.
[0057] Regulatory rules can also be categorized based on business scenarios, including anti-money laundering, data security, transaction compliance, customer access, and cross-border transactions, enabling efficient management of regulatory rules. For example, when developing or updating a cross-border payment system, regulatory rules under categories such as anti-money laundering and cross-border transactions can be quickly and accurately selected from the regulatory rule library, without needing to focus on irrelevant regulatory rules such as customer access.
[0058] In some embodiments, the system can automatically connect to the official release channels of regulatory agencies such as the People's Bank of China and the State Financial Regulatory Commission through an Application Programming Interface (API) to obtain the latest regulatory rules issued by regulatory agencies in real time or periodically. This changes the traditional method of manual downloading and email delivery, enabling real-time acquisition of regulatory rule information and ensuring no omissions.
[0059] In some embodiments, for ambiguities in regulatory rules, such as the specific setting of thresholds for identifying suspicious transactions in anti-money laundering, compliance technology alignment meetings can be triggered at preset intervals (such as quarterly) for compliance experts to interpret and form unified implementation standards.
[0060] In some embodiments, unit testing and integration testing can be performed on the business function points in the information system to detect the availability of the business functions. If the test results of unit testing and integration testing are passed, that is, the business functions are normal, the subsequent compliance testing process is carried out. If the test results of unit testing and integration testing are failed, that is, the business functions are abnormal, targeted defect repair can be carried out according to the test results. After the repair is completed, unit testing and integration testing are carried out again until the requirements are met, ensuring that the functions and performance of the information system meet the design goals.
[0061] Business function points include multiple testable units, such as a function, a method, or a class. Unit testing refers to testing the functional correctness of a single testable unit, that is, testing the testable unit to check whether it works normally according to the design goals. Integration testing refers to testing the interaction compatibility between multiple testable units, that is, combining multiple units that have passed unit tests together to test whether the units can interact and transfer data correctly.
[0062] Simultaneously, compliance checks can be embedded during the testing process. Based on the compliance checklist, the business processes of the information system can be checked for compliance with the latest regulatory rules.
[0063] To address this, and to achieve intelligent compliance testing, test cases can be generated based on a requirements compliance checklist. These test cases can then be used to simulate the operation of the information system's business processes, thereby conducting compliance testing on these processes.
[0064] For example, test cases can be generated for the entries in the compliance checklist regarding the customer account query interface and SM4 algorithm encryption: the test objective is to verify whether the data packet returned by the customer account query interface is encrypted by the SM4 algorithm; the test steps are to call the customer account query interface and capture the data packet returned by the customer account query interface; the expected result is that the customer sensitive information (such as ID card number and mobile phone number) in the data packet is ciphertext encrypted by the SM4 algorithm.
[0065] In some embodiments, before performing compliance testing, test cases can be pre-audited according to a compliance checklist to check whether the test cases are correct and comprehensive. If the pre-audit result is passed, subsequent compliance testing is performed to ensure that the test cases fully cover the latest regulatory requirements and avoid test omissions.
[0066] In some embodiments, to achieve automated and intelligent testing, regulatory rules can be converted into executable code (such as SQL query statements, rule engines, etc.). During test case execution, the executable code is called to check whether each business process step complies with the regulatory rules, ultimately outputting a pass or fail result. If the test result is pass, subsequent delivery preparations can be performed, such as developing a canary release plan and pre-configuring rollback solutions. If the test result is fail, the business process is adjusted or test cases are supplemented, and compliance testing is re-performed until it passes.
[0067] For example, SQL queries can be used to check whether the actual business data in the database meets the parameter requirements of the technical indicators in the compliance checklist, and to check whether the business logic and regulatory rules are consistent. Business process simulation tools can be used to simulate business processes, such as user account opening, trading, and settlement, and automatically check whether each process step meets the operational specifications of the technical indicators in the compliance checklist.
[0068] In some embodiments, during the delivery phase, a canary release mode and a rollback mechanism can be adopted to release the new version of the information system to pilot devices, so that the pilot devices can install and run the information system based on the new version of the file, monitor the running status of the information system on the pilot nodes, and release the new version of the information system to all devices in the production environment if the running status is normal. If the running status is abnormal, control the pilot devices to switch the information system from the new version to the old version within a preset time.
[0069] The operational status includes transaction success rate, data consistency, and compliance risk warnings. For example, a new version of the information system can be released to 10% of pilot devices in the production environment. Simultaneously, the system's operational status is monitored. If business interruptions, data errors, or compliance risks are detected, a pre-built rollback plan is immediately executed, switching back to the old version within one minute to prevent further impact, ensure the continuity of financial services, and conduct targeted compliance adjustments and supplementary testing based on the operational status. If all indicators are normal during the pilot period, with no compliance risks or business failures, a full rollout is initiated, gradually covering all devices and business scenarios with the new version.
[0070] After full deployment, the operational status of the information system can be continuously monitored (e.g., for 72 hours) to promptly identify potential problems and respond quickly to prevent compliance risks from escalating.
[0071] After full deployment, the business, technology, compliance, and testing departments can jointly conduct delivery acceptance to confirm that the system meets business needs and compliance requirements. Simultaneously, a complete process traceability and archiving should be completed, including test documents, compliance testing records, defect repair reports, canary release monitoring data, audit logs, etc., to output a delivery acceptance report, clearly defining the acceptance conclusions and archiving list, providing traceable evidence for subsequent regulatory verification.
[0072] In some embodiments, for the entire process of the detection method, operation logs of the detection process can be recorded and uploaded to blockchain storage to build a fully traceable compliance delivery closed loop, ensuring that the audit trajectory is tamper-proof and traceable.
[0073] In some embodiments, a compliance status visualization and automated audit report generation service can be provided. This service can generate a report based on the test results, including compliance pass rate, distribution of high-risk businesses, and regulatory rule coverage. The report displays key indicators such as compliance pass rate, distribution of high-risk businesses, and regulatory rule coverage in real time, providing a clear overview of the entire compliance process. Simultaneously, a compliance audit report can be automatically generated according to a preset cycle (e.g., weekly, monthly), clearly identifying violations, related business scenarios, and rectification progress, providing precise and robust support for transparent regulatory management and compliance decision-making.
[0074] In some embodiments, to achieve transparency and efficiency in the testing process, an integrated collaborative platform can be created. This platform integrates all relevant functions such as requirement submission, test execution, compliance testing, and deployment application. All departmental nodes can synchronize progress in real time through the integrated collaborative platform. For example, after the testing team uploads a defect report through the corresponding departmental node device, the compliance department node can directly mark online whether the defect involves compliance risks. Simultaneously, the platform sets up a node timeout reminder mechanism, providing automatic warnings for critical task stages (such as compliance testing requiring completion within 2 working days) to ensure efficient progress at each stage. Through the integrated collaborative platform and standardized processes, barriers between business, technology, compliance, and testing departments are broken down, enabling real-time information synchronization and efficient collaboration, and resolving issues of delayed cross-departmental communication and information asynchrony.
[0075] In other words, the detection method provided in this application embodiment is applied to an integrated collaborative platform, which includes multiple departmental nodes, such as business department nodes, technical department nodes, compliance department nodes, and testing department nodes. Through the integrated collaborative platform, a serialized detection task flow is defined for multiple departmental nodes, and a processing time limit is configured for key tasks in the detection task flow. The integrated collaborative platform can automatically activate the next detection task and notify the corresponding departmental node in response to the completion of the previous detection task. At the same time, for key tasks, a timer is started when the key task is activated, and the processing time of the key task is monitored. When the processing time exceeds the processing time limit, an early warning message is automatically generated and sent to the corresponding departmental node.
[0076] In the above embodiments, compliance testing is transformed from a passive, post-event remedial model to a proactive, intelligent, and fully embedded management model that includes pre-event prevention, in-event control, and post-event traceability. This addresses issues such as the disconnect between business and compliance, delayed response to compliance requirements, inefficient departmental collaboration, and high launch risks in information system development. It constructs a closed loop of compliance testing from requirements to launch, achieving multiple objectives such as improving delivery efficiency, reducing compliance risks, ensuring business continuity, and meeting audit requirements.
[0077] In this embodiment, a compliance and testing fusion engine is used. By constructing a compliance knowledge graph, dynamically updated regulatory rules are injected into the testing engine in real time. A dual-node mechanism of pre-compliance verification and dynamic verification during testing is designed. Compliance test cases are automatically generated during the code submission stage. During test execution, the operation trajectory is compared with compliance requirements in real time. If deviations are found, the test is immediately interrupted and corrective suggestions are provided. By strengthening compliance management, compliance mapping begins from the requirement decomposition stage, integrating compliance requirements into every step to ensure that the system always complies with regulatory rules throughout the development process. Dedicated compliance testing is conducted during the testing phase, and compliance review is performed before delivery. This enables timely detection and resolution of compliance issues, reduces compliance risks, and completely solves the rework and delay problems caused by the traditional "test first, compliance later" approach.
[0078] Building upon this foundation, we will strengthen cross-departmental collaboration, clarify the responsibilities and workflows of each department in the version testing and compliance delivery process, and promote information sharing and collaborative work among business, technology, compliance, and testing departments. Furthermore, by establishing standardized collaboration processes, we will clarify the responsible parties and deliverables for each stage, establish weekly meetings and a rapid response mechanism for anomalies, and enable cross-departmental consultations to be initiated within a pre-set timeframe (e.g., 1 hour) for collaboration conflicts (such as temporary change requests), ensuring rapid problem resolution and improving inter-departmental collaboration efficiency and information sharing levels.
[0079] Furthermore, a canary release mode is introduced, initially piloted on a small scale while monitoring core metrics such as transaction success rate and data consistency. Full deployment only proceeds after ensuring no anomalies are detected. Simultaneously, a pre-built rollback mechanism is implemented, integrating rapid rollback capabilities. If compliance or performance issues are detected, a rollback is triggered promptly, completing version switching within a preset time (e.g., 1 minute), minimizing impact on the production environment and ensuring business continuity. A full-process recording and archiving mechanism is also in place, recording and monitoring each step, including test documents, compliance testing records, and delivery plans. These records serve as the basis for delivery acceptance and facilitate traceability and troubleshooting in case of problems, improving the transparency and controllability of the delivery process and achieving end-to-end traceability from test documents and compliance testing to delivery plans.
[0080] According to embodiments of this disclosure, a detection device is also provided. For example... Figure 3 The diagram shown is a schematic representation of the detection device provided in a disclosed embodiment. The device includes: The first processing module 301 is used to obtain regulatory rules from the regulatory rule base, which is used to store the latest regulatory rules.
[0081] The second processing module 302 is used to convert regulatory rules into technical indicators and associate the technical indicators with business function points to generate a requirement compliance comparison table.
[0082] Among them, business function points are the functional units in the information system that are related to regulatory rules.
[0083] The third processing module 303 is used to perform compliance checks on the business processes of the information system based on the requirement compliance checklist and obtain the check results.
[0084] In some embodiments, the first processing module 301 is configured to obtain the latest regulatory rules issued by the regulatory agency through an application programming interface (API) and update the regulatory rule base according to the latest regulatory rules.
[0085] In some embodiments, the third processing module 303 is used to generate test cases based on a requirement compliance checklist, and based on the test cases, simulate the operation of the information system's business processes to perform compliance checks on the information system's business processes.
[0086] In some embodiments, a fourth processing module 304 is further included, configured to publish the new version file of the information system to the pilot device if the detection result is satisfactory, so that the pilot device can install and run the information system based on the new version file. The module also monitors the operating status of the information system on the pilot device, and if the operating status is normal, publishes the new version file of the information system to all devices in the production environment.
[0087] In some embodiments, the fourth processing module 304 is used to control the pilot device to switch the information system from the new version to the old version within a preset time when the operating state is abnormal.
[0088] In some embodiments, a fifth processing module 305 is also included, which is used to record the operation log of the detection process and upload the operation log to the blockchain storage.
[0089] In some embodiments, the third processing module 303 is used to generate a test report based on the test results and display the test report, which includes compliance pass rate, distribution of high-risk businesses, and coverage of regulatory rules.
[0090] According to embodiments of this disclosure, this disclosure also provides an electronic device, a readable storage medium, and a computer program product.
[0091] Figure 4A schematic block diagram of an example electronic device 400 that can be used to implement embodiments of the present disclosure is shown. The electronic device is intended to represent various forms of digital computers, such as laptop computers, desktop computers, workstations, personal digital assistants, servers, blade servers, mainframe computers, and other suitable computers. The electronic device may also represent various forms of mobile devices, such as personal digital assistants, cellular phones, smartphones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions are merely illustrative and are not intended to limit the implementation of the present disclosure described and / or claimed herein.
[0092] like Figure 4 As shown, the electronic device 400 includes a computing unit 401, which can perform various appropriate actions and processes based on a computer program stored in ROM (Read-Only Memory) 402 or a computer program loaded from storage unit 408 into RAM (Random Access Memory) 403. The RAM 403 can also store various programs and data required for the operation of the electronic device 400. The computing unit 401, ROM 402, and RAM 403 are interconnected via a bus 404. An I / O (Input / Output) interface 405 is also connected to the bus 404.
[0093] Multiple components in electronic device 400 are connected to I / O interface 405, including: input unit 406, such as keyboard, mouse, etc.; output unit 407, such as various types of displays, speakers, etc.; storage unit 408, such as disk, optical disk, etc.; and communication unit 409, such as network card, modem, wireless transceiver, etc. Communication unit 409 allows electronic device 400 to exchange information / data with other devices through computer networks such as the Internet and / or various telecommunications networks.
[0094] The computing unit 401 can be a variety of general-purpose and / or special-purpose processing components with processing and computing capabilities. Some examples of the computing unit 401 include, but are not limited to, CPUs (Central Processing Units), GPUs (Graphics Processing Units), various special-purpose AI (Artificial Intelligence) computing chips, various computing units running machine learning model algorithms, DSPs (Digital Signal Processors), and any suitable processor, controller, microcontroller, etc. The computing unit 401 performs the various methods and processes described above, such as detection methods. For example, in some embodiments, the detection method may be implemented as a computer software program tangibly contained in a machine-readable medium, such as storage unit 408. In some embodiments, part or all of the computer program may be loaded and / or installed on the electronic device 400 via ROM 402 and / or communication unit 409. When the computer program is loaded into RAM 403 and executed by the computing unit 401, one or more steps of the methods described above may be performed. Alternatively, in other embodiments, the computing unit 401 may be configured to perform the aforementioned detection method by any other suitable means (e.g., by means of firmware).
[0095] Various implementations of the systems and techniques described above herein can be implemented in digital electronic circuit systems, integrated circuit systems, FPGAs (Field Programmable Gate Arrays), ASICs (Application-Specific Integrated Circuits), ASSPs (Application-Specific Standard Products), System-on-Chips (SOCs), CPLDs (Complex Programmable Logic Devices), computer hardware, firmware, software, and / or combinations thereof. These various implementations may include implementations in one or more computer programs that can be executed and / or interpreted on a programmable system including at least one programmable processor, which may be a dedicated or general-purpose programmable processor, capable of receiving data and instructions from a storage system, at least one input device, and at least one output device, and transmitting data and instructions to the storage system, the at least one input device, and the at least one output device.
[0096] The program code used to implement the methods of this disclosure may be written in any combination of one or more programming languages. This program code may be provided to a processor or controller of a general-purpose computer, special-purpose computer, or other programmable data processing apparatus, such that when executed by the processor or controller, the program code causes the functions / operations specified in the flowcharts and / or block diagrams to be implemented. The program code may be executed entirely on a machine, partially on a machine, as a standalone software package partially on a machine and partially on a remote machine, or entirely on a remote machine or server.
[0097] In the context of this disclosure, a machine-readable medium can be a tangible medium that may contain or store a program for use by or in conjunction with an instruction execution system, apparatus, or device. A machine-readable medium can be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium can be, but is not limited to, electronic, magnetic, optical, electromagnetic, infrared, or semiconductor systems, apparatus, or devices, or any suitable combination of the foregoing. More specific examples of machine-readable storage media include electrical connections based on one or more wires, portable computer disks, hard disks, RAM, ROM, EPROM (Erasable Programmable Read-Only Memory) or flash memory, optical fiber, CD-ROM (Compact Disc Read-Only Memory), optical storage devices, magnetic storage devices, or any suitable combination of the foregoing.
[0098] To provide interaction with a user, the systems and techniques described herein can be implemented on a computer having: a display device for displaying information to the user (e.g., a CRT (Cathode-Ray Tube) or LCD (Liquid Crystal Display) monitor); and a keyboard and pointing device (e.g., a mouse or trackball) through which the user provides input to the computer. Other types of devices can also be used to provide interaction with the user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user can be received in any form (including sound input, voice input, or tactile input).
[0099] The systems and technologies described herein can be implemented in computing systems that include backend components (e.g., as data servers), or computing systems that include middleware components (e.g., application servers), or computing systems that include frontend components (e.g., user computers with graphical user interfaces or web browsers through which users can interact with implementations of the systems and technologies described herein), or any combination of such backend, middleware, or frontend components. The components of the system can be interconnected via digital data communication of any form or medium (e.g., communication networks). Examples of communication networks include LANs (Local Area Networks), WANs (Wide Area Networks), the Internet, and blockchain networks.
[0100] Computer systems can include clients and servers. Clients and servers are generally geographically separated and typically interact via communication networks. The client-server relationship is created by computer programs running on the respective computers and having a client-server relationship with each other. A server can be a cloud server, also known as a cloud computing server or cloud host, a hosting product within the cloud computing service system that addresses the shortcomings of traditional physical hosts and VPS (Virtual Private Server) services, such as high management difficulty and weak business scalability. Servers can also be servers for distributed systems or servers incorporating blockchain technology.
[0101] It's important to note that artificial intelligence (AI) is the study of enabling computers to simulate certain human thought processes and intelligent behaviors (such as learning, reasoning, thinking, and planning). It encompasses both hardware and software technologies. AI hardware technologies generally include sensors, dedicated AI chips, cloud computing, distributed storage, and big data processing. AI software technologies primarily include computer vision, speech recognition, natural language processing, machine learning / deep learning, big data processing, and knowledge graph technologies.
[0102] It should be understood that the various forms of processes shown above can be used to rearrange, add, or delete steps. For example, the steps described in this disclosure can be executed in parallel, sequentially, or in different orders, as long as the desired result of the technical solution disclosed in this disclosure can be achieved, and this is not limited herein.
[0103] The specific embodiments described above do not constitute a limitation on the scope of protection of this disclosure. Those skilled in the art should understand that various modifications, combinations, sub-combinations, and substitutions can be made according to design requirements and other factors. Any modifications, equivalent substitutions, and improvements made within the spirit and principles of this disclosure should be included within the scope of protection of this disclosure.
Claims
1. A detection method, characterized in that, include: Obtain regulatory rules from the regulatory rule base; The regulatory rule base is used to store the latest regulatory rules; The regulatory rules are transformed into technical indicators, and these technical indicators are associated with business function points to generate a requirement compliance checklist; the business function points are the functional units in the information system that are related to the regulatory rules. Based on the aforementioned requirement compliance checklist, compliance checks are performed on the business processes of the information system to obtain the check results.
2. The method according to claim 1, characterized in that, The method further includes: Access the latest regulatory rules issued by regulatory agencies through application programming interfaces; Update the regulatory rule base according to the latest regulatory rules.
3. The method according to claim 1, characterized in that, The compliance check of the information system's business processes based on the aforementioned requirement compliance checklist includes: Based on the aforementioned requirement compliance checklist, test cases are generated; Based on the test cases, the business processes of the information system are simulated and run to perform compliance checks on the business processes of the information system.
4. The method according to claim 1, characterized in that, The method further includes: If the test result is satisfactory, the new version of the information system file will be released to the pilot device, so that the pilot device can install and run the information system based on the new version file; Monitor the operational status of the information system using the pilot equipment; If the operating status is normal, the new version of the information system file will be released to all devices in the production environment.
5. The method according to claim 4, characterized in that, The method further includes: If the operating status is abnormal, the pilot device will be controlled to switch the information system from the new version to the old version within a preset time.
6. The method according to claim 1, characterized in that, The method further includes: Record the operation log of the testing process; The operation logs are uploaded to the blockchain storage.
7. The method according to claim 1, characterized in that, The method is applied to an integrated collaborative platform, which includes multiple departmental nodes, and the method further includes: Define a serialized detection task flow for multiple department nodes, and configure processing time limits for key tasks in the detection task flow.
8. The method according to claim 1, characterized in that, The method further includes: A test report is generated based on the test results. The test report includes the compliance pass rate, the distribution of high-risk businesses, and the coverage of regulatory rules. The test report is displayed.
9. A detection device, characterized in that, include: The first processing module is used to retrieve regulatory rules from the regulatory rule base; the regulatory rule base is used to store the latest regulatory rules. The second processing module is used to convert the regulatory rules into technical indicators and associate the technical indicators with business function points to generate a requirement compliance comparison table; the business function points are the functional units in the information system related to the regulatory rules. The third processing module is used to perform compliance checks on the business processes of the information system based on the required compliance checklist, and obtain the check results.
10. An electronic device, characterized in that, include: At least one processor; and a memory communicatively connected to the at least one processor; The memory stores instructions that can be executed by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-8.
11. A computer-readable storage medium storing computer instructions, characterized in that, The computer instructions are used to cause the computer to perform the method according to any one of claims 1-8.
12. A computer program product, characterized in that, Includes a computer program that, when executed by a processor, implements the method according to any one of claims 1-8.