No-code compliance management system and method
The no-code compliance management system addresses the inefficiencies of manual coding by enabling flexible compliance management and check adaptations through a server-client structure, reducing maintenance costs and ensuring compliance with regulatory changes.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Patents
- Current Assignee / Owner
- LIVEAPPLICATION INC
- Filing Date
- 2024-03-29
- Publication Date
- 2026-06-29
AI Technical Summary
Existing compliance management systems require manual coding and significant maintenance efforts to adapt to frequent changes in laws and regulations, leading to high costs and inefficiencies.
A no-code compliance management system and method that utilizes a server-client structure to enable administrators to manage compliance without coding, allowing flexible adaptation to changes through a hierarchical classification of unit policies and automatic sequential number assignment.
Enables compliance management and checks without coding, reducing maintenance costs and efficiently adapting to regulatory changes by managing compliance separately by unit policy and automatically assigning sequential numbers.
Smart Images

Figure 0007881202000001 
Figure 0007881202000002 
Figure 0007881202000003
Abstract
Description
Technical Field
[0001] The present invention relates to a compliance management system and method, and more particularly, to a no-code compliance management system and method that can flexibly respond to changes in compliance without coding based on a server-client structure.
Background Art
[0002] In financial institutions, medical institutions, public institutions, general enterprises, etc., it is necessary to ensure the transparency of operations in accordance with various laws, regulations, policies, etc. required in the relevant field. The regulatory processes that each institution or enterprise should comply with are referred to as compliance (policies such as compliance with laws, compliance monitoring, internal control, etc.). Each institution or enterprise needs to comply with various compliances required by supervisory authorities, certification authorities, etc., and submit proof materials that can prove the fact of compliance to the relevant supervisory authorities or certification authorities as a report. If they fail to comply with compliance or neglect to submit a report, they may be subject to disqualification, sanctions, and restrictions on corporate activities. Therefore, enterprises and institutions entrust compliance management specialized companies to manage their compliance history.
[0003] While general companies and institutions are typically required to comply with one or more compliance requirements, financial institutions are required to comply with a greater number of compliance requirements compared to other industries. Compliance requirements that financial institutions must adhere to in order to provide financial services include anti-money laundering (AML) compliance, Know Your Customer (KYC) compliance, transaction record keeping compliance, and regional regulatory compliance. Furthermore, compliance requirements that financial institutions must adhere to in order to provide online (IT) financial services include compliance with personal information protection, compliance with security vulnerability assessments of online financial infrastructure, compliance with online financial transaction laws, information security management system (ISMS) compliance, compliance with ISMS-P certification based on ISO / IEC 27001 standards, compliance with ongoing financial information protection assessments, compliance with technical vulnerability assessments of major information and communication infrastructure, and compliance with certification and verification by the Financial Supervisory Service.
[0004] Compliance with security vulnerability assessments for online financial infrastructure is categorized into 3 sections, 11 control areas, and 43 control categories, based on the Financial Services Agency's Compliance Guide for Financial IT Security (October 2017). This results in 681 assessment items. The 3 sections include managerial security, technical security, and physical security. The 11 control areas include information protection policy, information protection organization, human security, business continuity management, external order security, operational management, access control, IT implementation, development, and maintenance management, online financial transaction security, security incident response, and physical / environmental security. Each of the 681 assessment items is categorized into 3 sections, 11 control areas, and 43 control categories, and is defined based on the Online Financial Transactions Act, the Enforcement Order of the Online Financial Transactions Act, the Online Financial Supervision Regulations, the Enforcement Regulations of the Online Financial Supervision Regulations, and the Vulnerability Assessment Criteria for Major Information and Communication Infrastructure. Each assessment item is assigned a unique assessment item identification ID.
[0005] The compliance assessment for ongoing financial information protection includes 143 evaluation items, categorized into 9 major categories and 31 subcategories, concerning measures related to personal information protection and information security. Each evaluation item is assigned a serial number that includes information on the major and subcategories it is categorized under. The major categories include: "1. Principles and methods of consent for personal credit information," "2. Collection of personal credit information," "3. Provision of personal credit information," "4. Retention and deletion of personal credit information," "5. Guarantee of the rights of credit information subjects," "6. Outsourcing of processing of personal credit information," "7. Administrative protection measures for personal credit information," "8. Technical protection measures for personal credit information," and "9. Protection measures against pseudonymized information." The major category "1. Principles and methods of consent for personal credit information" includes three subcategories: "1.1. Mandatory disclosure items when consenting to the use of information," "1.2. Mandatory and optional consent methods when consenting to the use of information," and "1.3. Summary principles and consent levels for disclosure items when consenting to the use of information." Section 1.1 contains four evaluation items, each assigned a sequential number: 1.1.1, 1.1.2, 1.1.3, and 1.1.4. Section 1.2 contains three evaluation items, each assigned a sequential number: 1.2.1, 1.2.2, and 1.2.3. Section 1.3 contains three evaluation items, each assigned a sequential number: 1.3.1, 1.3.2, and 1.3.3.
[0006] Furthermore, ISMS-P certification compliance consists of three main areas: 1. Development and operation of the management system, 2. Protection requirements, and 3. Requirements for each stage of personal data processing. The main area "1. Development and operation of the management system" includes 4 sub-areas, 14 minor areas, and 42 evaluation items; the main area "2. Protection requirements" includes 12 sub-areas, 64 minor areas, and 192 evaluation items; and the main area "3. Requirements for each stage of personal data processing" includes 5 sub-areas, 22 minor areas, and 91 evaluation items. Each evaluation item is assigned a sequential number that includes information from the main area, sub-area, and minor area.
[0007] Compliance assigns sequential numbers to major, medium, and minor areas, as well as evaluation items, using either Arabic numerals or letters. However, when preparing compliance reports, compliance checks and report creation must be performed according to the predetermined order of the sequential numbers or identification IDs for each evaluation item as defined in each compliance.
[0008] As described above, there are a great many types of compliance that organizations and companies must adhere to, and the number of evaluation items for each type of compliance is also very large. Therefore, it is extremely difficult for people to manually check compliance and create handwritten compliance reports.
[0009] Therefore, companies currently generate compliance routine programs for checking compliance and creating reports. These routine programs are executed at specific points in time to check compliance, and compliance reports are created based on the results of these checks.
[0010] For any compliance requirement, you will define the major, medium, and minor categories of each evaluation item defined in that compliance requirement, as well as the items for the detailed evaluation items. You will then code and generate a compliance routine program, run the compliance routine program to check for compliance, evaluate whether compliance is being achieved, and create a report to submit to the supervisory authority. If the supervisory authority requests any supplementary information, you will need to make the necessary corrections and resubmit the report.
[0011] In recent years, the integration of new technologies such as IoT, artificial intelligence, metaverse, and big data has occurred in all industrial sectors, leading to frequent enactment or amendment of laws and regulations (laws, enforcement ordinances, regulations, and bylaws). Furthermore, in some laws and regulations, provisions based on technologies no longer in use may be deleted. When laws and regulations are newly enacted, amended, or deleted in this way, compliance with those laws and regulations must also be changed and revised. Generally, each compliance is changed and revised annually.
[0012] When compliance changes in this way, the compliance routine program from before the change cannot be used, and a new compliance routine program must be coded based on the changed compliance.
[0013] In particular, when new evaluation items are added to an evaluation category, when the major, medium, or minor categories of any evaluation item are changed, when the order of at least two evaluation items within a minor category is rearranged, or when major, medium, or minor categories are deleted, added, or their order is changed, at least one or more sequential numbers for evaluation items will be newly assigned or changed. In this case, it is extremely difficult to modify the program code in an existing compliance routine program to change the placement of the evaluation items and to assign sequential numbers that reflect the changed placement order of the evaluation items.
[0014] Therefore, if there are any changes in compliance, the compliance routine program from before the change must be discarded, and a new compliance routine program must be coded and generated based on the changed compliance. Therefore, there is a problem in that high maintenance costs are incurred every year for checking compliance. [Overview of the Initiative] [Problems that the invention aims to solve]
[0015] The present invention was devised to solve the above-mentioned problems, and the object of the present invention is to provide a no-code compliance management system and method that enables administrators and multiple checkers to access a compliance management server based on a server-client structure and perform no-code compliance management and compliance checks.
[0016] Another object of the present invention is to provide a no-code compliance management system and method that enables no-code compliance management by managing compliance separately by unit policies, arranging multiple unit policies according to a hierarchical classification of compliance.
[0017] Another object of the present invention is to provide a no-code compliance management system and method that automatically assigns sequential numbers based on the classification definitions and placement locations of multiple unit policies.
[0018] Another object of the present invention is to provide a no-code compliance management system and method that ensures that when there are changes to the details of a unit policy, all compliance, including that unit policy, reflects those changes in the details of the unit policy.
[0019] Another object of the present invention is to provide a no-code compliance management system and method that allows for flexible adaptation to changes in compliance without requiring coding. [Means for solving the problem]
[0020] The present invention can be implemented in various ways, including an apparatus (system), a method, a computer program stored on a computer-readable medium, or a computer-readable medium on which a computer program is stored.
[0021] A no-code compliance management system according to one embodiment of the present invention includes a compliance management server that processes requests from compliance management clients and provides no-code compliance management functions.
[0022] The compliance management server includes a unit policy management module that, in response to a request from a compliance management client, categorizes at least one or more evaluation items included in compliance by unit policy and stores and manages them individually in a unit policy repository; a compliance classification item management module that, in response to a request from a compliance management client, stores and manages at least one or more hierarchical classification items of compliance in a compliance repository; a compliance evaluation item management module that, in response to a request from a compliance management client, generates a hierarchical structure of compliance such that at least one or more unit policies stored in the unit policy repository are placed in subcategories of the hierarchical classification items of compliance stored in the compliance repository and stores them in the compliance repository; and a compliance check project management module that, in response to a request from a compliance management client, generates a compliance check project based on the hierarchical structure of compliance, stores it in a compliance check compliance repository, and manages it so that compliance checks can be performed based on the compliance check project.
[0023] Preferably, the request from the compliance management client is a query request, the compliance management client requests the query request from the compliance management server using a RESTful API (Representational State Transfer API), the compliance management server calls the Repository function for the query item, retrieves the query item data from the data repository using the already configured Entity Manager and JPAQueryFactory, inputs the query item data into the already configured Data Transfer Object (DTO), purifies it using internal data cleansing logic, and then transmits the query item data, including the query item data, to the compliance management client via the RESTful API.
[0024] Preferably, the request from the compliance management client is a change request, the compliance management client transmits form data corresponding to the change request to the compliance management server using a RESTful API, the compliance management server inputs the form data corresponding to the change request into a pre-configured data transfer object (DTO), purifies it using internal data cleansing logic, then calls a repository function and modifies the data repository in response to the change request using a pre-configured entity manager and JPAQueryFactory.
[0025] Preferably, the unit policy management module receives user input based on the unit policy management screen displayed on the compliance management client and manages unit policies individually.
[0026] More preferably, the unit policy management screen includes a dashboard display area where a menu list is displayed, a unit policy source compliance list display area where a unit policy source compliance list is displayed when a unit policy management menu is selected in the dashboard display area, a unit policy list display area where a unit policy list stored in the unit policy repository is briefly displayed, and a unit policy detail display area where detailed information of one unit policy selected from the unit policy list is displayed.
[0027] More preferably, the detailed information of the unit policy includes the unique code of the unit policy, name (item), classification information (field) in the source compliance of the unit policy, status, person in charge, relevant laws and regulations, tags, related policies, attached materials, certificate mapping, and detailed guide.
[0028] More preferably, the unit policy management module provides an environment where the details of the unit policy stored in the unit policy repository can be modified. When the details of the unit policy are modified, the detailed information of the unit policy stored in the compliance repository is updated to the modified information.
[0029] Preferably, the compliance classification item management module receives input from the user based on the compliance management screen displayed on the compliance management client and manages the hierarchical classification items of compliance.
[0030] More preferably, the compliance evaluation item management module receives input from the user based on the compliance management screen, assigns at least one or more unit policies to the sub-classifications of the hierarchical classification items of compliance, and stores and manages them in the compliance repository.
[0031] More preferably, a serial number is assigned to the unit policies assigned to the sub-classifications of the hierarchical classification items of compliance according to the hierarchical classification items of compliance and the placement position within the sub-classifications.
[0032] A compliance management server that processes requests from a compliance management client and provides a no-code compliance management function according to one embodiment of the present invention, the no-code compliance management method implemented by at least one processor includes: a unit policy management step in which the compliance management server, in response to a request from a compliance management client, categorizes evaluation items included in at least one compliance by unit policy, stores them in a unit policy repository and manages them individually; a compliance classification item management step in which the compliance management server, in response to a request from a compliance management client, stores and manages at least one hierarchical classification item of compliance in a compliance repository; a compliance evaluation item management step in which the compliance management server, in response to a request from a compliance management client, generates a hierarchical structure of compliance such that at least one unit policy stored in the unit policy repository is placed in a subcategory of the hierarchical classification item of compliance stored in the compliance repository, and stores it in the compliance repository; and a compliance check project management step in which the compliance management server, in response to a request from a compliance management client, generates a compliance check project based on the hierarchical structure of compliance, stores it in a compliance check compliance repository, and manages it so that compliance checks can be performed based on the compliance check project.
[0033] Preferably, the request from the compliance management client is a query request, the compliance management client requests the query request from the compliance management server using a RESTful API, the compliance management server calls the Repository function for the query item, retrieves the query item data from the data repository using the already configured entity manager and JPAQueryFactory, inputs the query item data into the already configured data transfer object (DTO), purifies it using internal data cleansing logic, and then transmits the query item data, including the query item data, to the compliance management client via the RESTful API.
[0034] Preferably, the request from the compliance management client is a change request, the compliance management client transmits form data corresponding to the change request to the compliance management server using a RESTful API, the compliance management server inputs the form data corresponding to the change request into a pre-configured data transfer object (DTO), purifies it using internal data cleansing logic, then calls a repository function and modifies the data repository in response to the change request using a pre-configured entity manager and JPAQueryFactory.
[0035] Preferably, the unit policy management step receives input from the user based on the unit policy management screen displayed on the compliance management client and manages unit policies individually.
[0036] More preferably, the unit policy management screen includes a dashboard display area where a menu list is displayed, a unit policy source compliance list display area where a list of unit policies is displayed when the unit policy management menu is selected in the dashboard display area, a unit policy list display area where a simplified list of unit policies stored in the unit policy repository is displayed, and a unit policy details display area where detailed information of one unit policy selected from the unit policy list is displayed.
[0037] More preferably, detailed information about a unit policy includes the unit policy's unique code, name (item), classification information (field) in source compliance for the unit policy, status, responsible person, relevant laws and regulations, tags, related policies, attachments, certificate mapping, and detailed guide.
[0038] More preferably, the unit policy management step provides an environment in which the details of unit policies stored in the unit policy repository can be modified, and when the details of unit policies are modified, the unit policy details stored in the compliance repository are updated with the modified information.
[0039] Preferably, the compliance classification item management step receives input from the user based on the compliance management screen displayed on the compliance management client and manages the hierarchical classification items of compliance.
[0040] More preferably, the compliance evaluation item management step receives input from the user based on the compliance management screen, assigns at least one unit policy to each subcategory of the hierarchical classification items of compliance, and stores and manages them in the compliance repository.
[0041] More preferably, unit policies assigned to subcategories of hierarchical compliance classification items are stored in the compliance repository and assigned a serial number based on their location within the hierarchical compliance classification item and subcategories. [Effects of the Invention]
[0042] According to the present invention, the following effects can be obtained. According to the present invention, based on a server-client structure, administrators and multiple checkers can access the compliance management server and perform compliance management and compliance checks without coding.
[0043] According to the present invention, compliance can be managed separately by unit policy, multiple unit policies can be arranged based on a hierarchical classification definition of compliance, and compliance management can be performed without coding.
[0044] According to the present invention, if there are changes to the classification definitions and placement locations of multiple unit policies, a sequential number will be automatically assigned based on the changed classification definitions and placement locations.
[0045] According to the present invention, changes in compliance can be flexibly handled without coding, thus reducing the high maintenance costs associated with compliance checks.
[0046] Furthermore, the effects of the present invention are not limited to those described above, and other effects not mentioned can be clearly understood by a person with ordinary skill in the art to which the present invention pertains ("ordinary skill") from the description of the claims. [Brief explanation of the drawing]
[0047] Embodiments of the present invention will be described with reference to the accompanying drawings, and similar elements are denoted by the same reference numerals, but are not limited thereto. [Figure 1]This figure shows an example of an environment in which the no-code compliance management system of the present invention can operate. [Figure 2] This is a block diagram showing the no-code compliance management system of the present invention. [Figure 3] This figure shows the layout of the unit policy management screen displayed on a compliance management client according to one embodiment of the present invention. [Figure 4] This figure shows an example of a unit policy registration screen displayed in a compliance management client according to one embodiment of the present invention. [Figure 5] This figure shows the layout of the compliance management screen displayed on a compliance management client according to one embodiment of the present invention. [Figure 6] This is an operational flowchart illustrating a no-code compliance management method according to one embodiment of the present invention. [Modes for carrying out the invention]
[0048] The specific details for implementing the present invention will be described below with reference to the attached drawings. However, in the following description, specific explanations of well-known functions and configurations will be omitted if there is a risk of unnecessarily obscuring the gist of the present invention.
[0049] In the attached drawings, identical or corresponding components are denoted by the same reference numeral. Furthermore, in the following description of the embodiments, redundant descriptions of identical or corresponding components have been omitted. However, the omission of descriptions of components does not imply that such components are excluded from the embodiments.
[0050] The advantages and features of the embodiments disclosed herein, as well as methods for achieving them, will become apparent from the embodiments described below with reference to the accompanying drawings. However, the present invention is not limited to the embodiments described below and can be implemented in various modified forms, and the embodiments described below are provided only to enable a person of the ordinary skill to fully understand the scope of the invention.
[0051] Unless otherwise specified, all terms used herein (including technical and scientific terms) shall have the meaning generally understood by a person of ordinary skill in the art to which this invention pertains. Furthermore, terms defined in commonly used dictionaries shall not be interpreted ideally or excessively unless otherwise specified.
[0052] For example, the term “technology” may refer to a system, method, computer-readable instruction, module, algorithm, hardware logic and / or operation throughout the specification, as permitted in the context described above.
[0053] This specification provides a brief explanation of the terms used herein and a detailed description of the disclosed embodiments. The terms used herein are, to the greatest extent possible, widely used and general terms, taking into account the function of this disclosure, although these may change depending on the intent of the articulates in the relevant field, case law, the emergence of novel technologies, etc. In certain cases, the applicant has arbitrarily selected terms, in which case their meaning is detailed in the description of the relevant invention. Therefore, the terms used in this disclosure should be defined not merely as names, but based on the meaning of the term and the overall content of this disclosure.
[0054] In this specification, singular expressions include plural expressions unless the context clearly identifies them as singular. Conversely, plural expressions include singular expressions unless the context clearly identifies them as plural. When a part of the specification as a whole includes a component, this means, unless otherwise stated, that it may include other components rather than excluding them.
[0055] In the present invention, terms such as “includes” and “contains” mean that features, stages, actions, elements and / or components exist, but such terms do not preclude the addition of one or more other functions, stages, actions, elements and / or combinations thereof.
[0056] In the present invention, when a particular component is referred to as “combining,” “linking,” “associating,” or “reacting” with any other component, the particular component may, but is not limited to, directly combine, combine, link, and / or associate with or react with the other component. For example, there may be one or more intermediate components between the particular component and the other component. Also, in the present invention, “and / or” may include each of the one or more items listed or a combination of at least some of the one or more items listed.
[0057] In this invention, terms such as "first," "second," etc., are used to distinguish certain components from other components, and such terms do not limit the components described above. For example, the "first" component may be used to refer to an element that is identical or similar in form to the "second" component.
[0058] In this invention, "compliance" refers to regulations or rules that an organization or company must adhere to, and which are issued in written form by a compliance supervisory body or certification body. Each organization or company is required to submit a compliance report regarding the compliance required in its industry to the compliance supervisory body or certification body. The compliance supervisory body or certification body may change the compliance annually and provide the organization or company with a document. In this case, the changes to the compliance will be provided as a table that includes a comparison of the items before and after the change.
[0059] In this invention, "standard compliance" refers to compliance established by compliance supervisory bodies or certification bodies in accordance with laws and regulations. As mentioned above, examples of standard compliance include compliance with anti-money laundering (AML) requirements for financial institutions, compliance with Know Your Customer (KYC) requirements, compliance with transaction record keeping requirements, compliance with regional regulations, compliance with personal information protection requirements, compliance with security vulnerability assessments for online financial infrastructure, compliance with online financial transaction laws, compliance with information security management systems (ISMS), compliance with ISMS-P certification based on ISO / IEC 27001 standards, compliance with ongoing assessments of financial information protection, compliance with technical vulnerability assessments for major information and communication infrastructure, and compliance with certification and verification by the Financial Supervisory Service. In standard compliance, the compliance supervisory body or certification body may organize and provide hierarchical classification rules, evaluation items belonging to each classification, evaluation methods, and compliance certification documents. In this invention, "non-standard compliance" refers to compliance managed voluntarily by a company. A company can voluntarily define classification rules, evaluation items, evaluation methods, and compliance certification documents, and can also integrate multiple standard compliances and manage them as a single non-standard compliance.
[0060] In this invention, the "hierarchical structure of compliance" consists of hierarchical classification items and evaluation items defined in compliance. The classification items may be classification information for each evaluation item. The classification items consist of major classifications, medium classifications, and minor classifications, and may be named as categories, major items (major fields), medium items (medium fields), minor items (minor fields), etc., depending on the standards compliance. In this invention, major items (major fields) are named major classifications, medium items (medium fields) are named medium classifications, and minor items (minor fields) are named minor classifications. Depending on compliance, the classification system may consist of two levels from major classifications, medium classifications, and minor classifications, or it may consist of four levels by adding one level of classification system.
[0061] In this invention, "unit policy" may be an individual evaluation item or individual policy item included in each compliance. Typically, compliance consists of multiple evaluation items, and each evaluation item includes classification information (major category, medium category, minor category). In this invention, the individual evaluation items included in each compliance are referred to as unit policies. The no-code compliance management system of this invention can individually store and manage each unit policy, combine multiple unit policies to generate a hierarchical compliance structure, and generate compliance check projects based on the hierarchical compliance structure thus generated.
[0062] Administrators can connect to the no-code compliance management system of the present invention and generate a hierarchical structure of compliance based on hierarchical classification definitions and evaluation criteria for compliance. The hierarchical structure of compliance may be generated based on standards compliance or based on non-standard compliance managed voluntarily by the company. Based on the hierarchical structure of compliance, the no-code compliance management system of the present invention can generate compliance check projects for compliance checks.
[0063] The no-code compliance management system described later does not constitute a single embodiment or attempt to limit the scope of claims to any one specific operating environment. It can be used in other environments without departing from the technical idea and scope of the gist of the claims.
[0064] Figure 1 shows an example of an environment 100 in which the no-code compliance management system of the present invention can operate. In some examples, the various devices and / or components of environment 100 may include distributed computing resources 102 that can communicate with each other and with external devices via one or more networks 104.
[0065] Network 104 may be a shared network such as the Internet, a personal network such as an institutional and / or personal intranet, or a combination of personal and shared networks. Examples of Network 104 include, but are not limited to, local area networks (LANs), wide area networks (WANs), satellite networks, cable networks, Wi-Fi networks, and WiMAX networks; it may also be any type of wired and / or wireless network, or a mobile communication network (e.g., 3G, 4G, 5G, etc.) or any combination thereof. Network 104 may use communication protocols including packet-based and / or datagram-based protocols such as Internet Protocol (IP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), or other types of protocols. Furthermore, Network 104 may include a number of devices that facilitate network communication or form a hardware base for the network, such as switches, routers, gateways, access points, firewalls, base stations, repeaters, and backbone equipment.
[0066] Network 104 may further include devices that enable connection to a wireless network, such as a wireless access point (WAP). In embodiments of the present invention, connectivity via a WAP that transmits and receives data over various electromagnetic frequencies (e.g., radio frequencies) can be supported, including a WAP that supports the IEEE (Institute of Electrical and Electronics Engineers) 802.11 standard (e.g., 802.11g, 802.11n, etc.).
[0067] The distributed computing resource 102 may include devices 106(1) to 106(N). Embodiments of the present invention can support scenarios in which device 106 operates in a cluster or other grouped configuration to share resources, distribute the load, enhance performance, or include one or more computer devices for other purposes. Device 106 may be a compliance management server 106.
[0068] The compliance management server 106 may include any type of computer device having one or more processing units 108 operably connected to a computer-readable media (CRM) 110 via a bus 112. The bus 112 may include a system bus, data bus, address bus, PCI bus, miniPCI bus, and various local buses, peripherals, and / or independent buses.
[0069] The executable instructions stored in CRM110 may include, for example, the operating system 114, a part of the compliance management system 116 according to the present invention, and other modules, programs, or applications that can be loaded and executed by the processing unit 108. Furthermore, anything functionally described herein can be performed at least partially by one or more hardware logic components, such as an accelerator. Examples of usable hardware logic components include FPGAs (Field-Programmable Gate Arrays), ASICs (Application-Specific Integrated Circuits), APSs (Application-Specific Standard Products), System-on-a-Chip (SOC) systems, and complex-programmable logic devices (CPLDs).
[0070] The compliance management server 106 includes one or more input / output (I / O) interfaces 118, enabling it to communicate with peripheral input devices (e.g., keyboards, mice, pens, game controllers, voice input devices, touch input devices, gesture-sensing input devices, etc.) and / or peripheral output devices (e.g., displays, printers, touchscreens, etc.). For convenience, other components of the compliance management server 106 are omitted.
[0071] The compliance management server 106 may include one or more input / output (I / O) network interfaces 120. The input / output (I / O) network interfaces 120 may include one or more network interface controllers (NICs) or other types of transceiver devices for sending and receiving communications over the network 104.
[0072] In the present invention, other devices related to compliance management may include a plurality of compliance management clients 126(1) to 127(7). The plurality of compliance management clients 126 may include an administrator client used by a compliance administrator and a checker client used by a compliance checker. The administrator client and the checker client are not physically defined devices, but may be computer devices used by the administrator and the checker, respectively, to access the compliance management server 106.
[0073] The compliance management client 126 may belong to various categories such as desktop computer devices, mobile devices, special-purpose devices, embedded devices, and / or wearable devices. The compliance management client 126 may have fewer computing resources than the compliance management server 106 and may be of various types.
[0074] The compliance management client 126 may include, but is not limited to, devices such as a desktop computer 126(1), a satellite-based navigation system device including a global positioning system (GPS) device 126(2), a tablet computer or tablet hybrid computer 126(3), a smartphone, mobile phone, mobile phone-tablet hybrid device or other communication device 126(4), a camera or portable video recorder (PVR) 126(5), an automotive computer or vehicle safety system such as a vehicle control system 126(6), or a mechanical robot device 126(7).
[0075] The compliance management client 126 may be any type of computer device having one or more processing units 128 operably connected to a computer-readable medium (CRM) 130 via buses that may include more system buses, data buses, address buses, PCI buses, mini-PCI buses, and various local devices, peripheral devices, and / or independent buses.
[0076] The CRM110, 130 described herein may include computer recording media and / or communication media. Examples of computer recording media include storage units such as volatile memory, non-volatile memory, and / or other permanent and / or auxiliary storage devices, removable and non-removable computer recording media, which can be implemented by any method or technique for storing information such as computer-readable instructions, data structures, program modules, or other data.
[0077] Computer recording media include RAM, static RAM (SRAM), dynamic RAM (DRAM), phase-change memory (PRAM), read-only memory (ROM), erasable and programmable ROM (EPROM), electrically erasable and programmable ROM (EEPROM), flash memory, DVDs, optical recording media, magnetic cassettes, magnetic tapes, and solid-state drives (SSDs).
[0078] The executable instructions stored in the CRM 130 included in the compliance management client 126 may include modules, programs, or applications that can be loaded and executed by the operating system 134 and the processing unit 128. The compliance management client 126 may include at least a part of the compliance management system according to the present invention.
[0079] Additionally or alternatively, the functionally described herein can be performed at least partially by one or more hardware logic components, such as accelerators. Examples of usable hardware logic components include FPGAs (Field-Programmable Gate Arrays), ASICs (Application-Specific Integrated Circuits), ASSPs (Application-Specific Standard Products), System-on-a-Chip (SOC) systems, and Complex Programmable Logic Devices (CPLDs).
[0080] The compliance management client 126 also includes one or more network interfaces 136 and one or more input / output (I / O) interfaces, including a user interface 138, and is capable of communicating with the compliance management server 106 via the network 104. Such network interfaces 136 may include one or more network interface controllers (NICs) or other types of transceiver devices for sending and receiving communications over the network.
[0081] The compliance management client 126 also includes a user interface 138 that can receive input from administrators or checkers.
[0082] Figure 2 is a block diagram showing the no-code compliance management system according to the present invention. The no-code compliance management system of the present invention can consist of a compliance management server 210, a compliance management client 220, and a data repository 230. The compliance management server 210 and the compliance management client 220 each have a network interface and can communicate with each other via a network. The compliance management server 210 can be the compliance management server 106 in Figure 1, and the compliance management client 220 can be the compliance management client 126 in Figure 1.
[0083] The compliance management server 210 may include a unit policy management module 211 that stores and manages unit policies individually in a unit policy repository 231; a compliance classification item management module 212 that manages hierarchical classification items of compliance; a compliance evaluation item management module 213 that manages unit policies assigned to subcategories of hierarchical classification items of compliance; a compliance check project management module 214 that generates compliance check projects for compliance checks based on the hierarchical structure of compliance and manages the compliance check process; and a personnel management module 215 that manages compliance managers and checkers for each compliance check item. The unit policy management module 211, the compliance classification item management module 212, the compliance evaluation item management module 213, the compliance check project management module 214, and the personnel management module may be combined to be executed by fewer modules and / or APIs, or they may be divided and executed by more modules and / or APIs.
[0084] The compliance management client 220 may include a user interface 221 that receives input from a user via an input / output device 240 and displays a response from the compliance management server 210 on the input / output device 240; a request generation module 222 that generates a request in response to the user input received via the user interface 221 and sends it to the compliance management server 210; and a response processing module 223 that receives a response to the request from the compliance management server 210 and outputs it to the input / output device 240 via the user interface 221. User input can be performed by character key input using a keyboard device, function key input using a keyboard device, drag and drop input using a mouse device, or click input of virtual function keys using a mouse device. The compliance management client 220 may be a computer system used by a compliance administrator to access the compliance management server 210.
[0085] The compliance management server 210 provides the compliance management client 220 with a standardized HTML-based form. When the user provides input via character keys, function keys, drag-and-drop, or virtual function key clicks, the request generation module 222 of the compliance management client 220 transmits form data corresponding to the user input to the compliance management server 210 using a RESTful API, and the compliance management server 210 operates with the function corresponding to the called RESTful API.
[0086] [Inquiry Request Processing Process] The request may be a query request such as a compliance list query request, a hierarchical classification item list query request, a unit policy list query request, or a unit policy details query request. In response to user input, the request generation module 222 sends the query request to the compliance management server 210 using a RESTful API. The compliance management server 210 calls a Repository function corresponding to the item to be queried, retrieves the query target item data from the data repository 230 using the already configured entity manager and JPAQueryFactory, inputs the query target item data retrieved from the data repository 230 into the already configured data transfer object (DTO), purifies it using internal data cleansing logic, and then transmits the query target item data, including the query target item data, to the compliance management client 220 via the RESTful API. The response processing module 223 of the compliance management client 220 uses a library (element plus) to display the query target item data on the input / output device 240 in response to the user input request.
[0087] [Change Request Processing Process] The request may be a change request, such as a request to add, modify, or delete hierarchical compliance classification items, a request to add, modify, or delete unit policies, or a request to add, modify, or delete evaluation items included in subcategories of hierarchical classification items. The request generation module 222 sends change requests, such as adding, modifying, or deleting hierarchical classification items, unit policies, or evaluation items, to the compliance management server 210 in response to user input. The compliance management client 220 transmits form data corresponding to the change request to the compliance management server 210 using a RESTful API. The compliance management server 210 inputs the form data corresponding to the change request into a pre-configured data transfer object (DTO), purifies it using internal data cleansing logic, then calls a repository function suitable for the function, and uses a pre-configured entity manager and JPAQueryFactory to make changes to the data repository 230 in response to user input. In other words, changes such as additions, modifications, and deletions are made to the data in the data repository 230 in response to user input. When the changes to the data repository 230 are successfully made in response to user input, a change success message is sent to the compliance management client 220 as a response to the request. Once the changes to the data repository 230 in response to user input are complete, the changes made by the request will be displayed on the input / output device.
[0088] The data repository 230 includes a unit policy repository 231 that stores information about unit policies, a compliance repository 232 that stores information about compliance, a personnel information repository 233 that stores information about personnel, and a compliance check project repository 234 that stores information about compliance check projects.
[0089] The Unit Policy Management Module 211 stores and manages individual assessment items included in any compliance as unit policies. The information about unit policies managed by the Unit Policy Management Module 211 includes the compliance information that is the source of the unit policy, the policy code of the unit policy (unique code or custom-assigned code), the name of the unit policy, the publication date of the unit policy, classification item information (field) in the source compliance of the unit policy, tags, information on matters that should be checked in particular in the unit policy, performance and compliance guides, supporting document information, certificate mapping information, relevant legal information, and related policy information. Such information about unit policies may be stored in the Unit Policy Repository 231. Here, related policy information may be stored by linking it with other unit policy information of compliance that is similar or identical to the unit policy in question.
[0090] The request generation module 222 of the compliance management client 220 receives input from the user via the user interface 221, thereby requesting a query for the detailed contents of a unit policy. The unit policy management module 211 transmits the detailed contents data of the unit policy stored in the unit policy repository 231 to the compliance management client 220. The response processing module 223 of the compliance management client 220 can then display the detailed contents of the unit policy on an input / output device.
[0091] Furthermore, the compliance management client 220 transmits change requests to the compliance management server 210 to modify the details of unit policies or to add or delete unit policies in response to user input. The unit policy management module 211 can then add, modify, or delete unit policies in the unit policy repository 231 in response to such change requests and send a response to the change request to the compliance management client 220. The response processing module 223 displays the response from the compliance management server 210 on the input / output device 240 via the user interface 221. At this time, the unit policy management module 211 can also manage the registration and modification history of unit policies.
[0092] The processing processes for inquiry requests and modification requests regarding the details of unit policies between the compliance management server 210 and the compliance management client 220 are substantially the same as the [Inquiry Request Processing Process] and [Modification Request Processing Process] described above, respectively.
[0093] The Compliance Classification Item Management Module 212 manages the hierarchical classification items of compliance. Compliance includes information on major / medium / minor classifications according to the hierarchical classification system, and each minor classification within the major / medium / minor classifications can include at least one evaluation item. The Compliance Classification Item Management Module 212 stores and manages classification item information based on the hierarchical classification system defined for standards compliance or non-standard compliance.
[0094] The request generation module 222 of the compliance management client 220 receives input from the user via the user interface 221, thereby transmitting a query request for hierarchical compliance classification items to the compliance management server 210. The compliance classification item management module 212 reads the relevant hierarchical compliance classification item stored in the compliance repository 232 and transmits it to the compliance management client 220, and the response processing module 223 of the compliance management client 220 displays the list of hierarchical compliance classification items on the input / output device 240.
[0095] Furthermore, the compliance management client 220 can transmit change requests to the compliance management server 210 to add, modify, or delete hierarchical compliance classification items in response to user input, and the compliance classification item management module 212 can add, modify, or delete hierarchical compliance classification items stored in the compliance repository 232 in response to such change requests and send a response to the change request to the compliance management client 220.
[0096] The response processing module 223 displays the response from the compliance management server 210 on the input / output device 240 via the user interface 221. When compliance is changed to a new version, the user requests a change request for the hierarchical classification items to reflect the changed compliance. The compliance classification item management module 212 responds to such a request by changing the hierarchical classification items of compliance stored in the compliance repository 232 and displays the changed hierarchical classification items on the input / output device 240 in response to the compliance management client 220.
[0097] The processing processes for inquiry requests and change requests regarding hierarchical compliance classification items between the compliance management server 210 and the compliance management client 220 are substantially the same as the [inquiry request processing process] and [change request processing process] described above, respectively.
[0098] The Compliance Assessment Item Management Module 213 manages unit policies belonging to subcategories of hierarchical compliance classification items. The Compliance Assessment Item Management Module 213 allows querying a list of unit policies contained within subcategories divided in the hierarchical classification system, and allows adding, modifying, or deleting at least one unit policy within such subcategories. Operations such as querying the unit policy list, adding, modifying, and deleting unit policies are performed at the request of the Compliance Management Client 220. Multiple unit policies placed in a single subcategory may have their placement changed, and may also be moved to subcategories of other major or medium categories. The Compliance Assessment Item Management Module 213 can assign a sequential number to each unit policy, specifying its classification item and placement within the subcategory. For example, a unit policy with classification items for the 3rd major category / 2nd medium category / 1st subcategory, and located in the 2nd position within that subcategory, would be assigned the sequential number 3.2.1.2. Furthermore, if the placement of the unit policy is moved to the first placement position of the classification item for the third major category / second medium category / first minor category, the unit policy will be newly assigned the serial number 3.2.1.1.
[0099] When a user requests a change in the placement location for any unit policy, the compliance evaluation item management module 213 of the compliance management server 210 ensures that the request for the change in the placement location for that unit policy is reflected in the compliance repository 232. Based on the classification definition and placement location in the compliance repository 232 where the changes have been reflected, each unit policy is automatically assigned a sequential number.
[0100] The request generation module 222 of the compliance management client 220 receives input from the user via the user interface 221, thereby transmitting a query request for the unit policy list contained within the compliance subcategory to the compliance management server 210. The compliance evaluation item management module 213 reads the unit policy list contained within the compliance subcategory stored in the compliance repository 232 and transmits it to the compliance management client 220, and the response processing module 223 of the compliance management client 220 displays the compliance unit policy list on the input / output device 240.
[0101] Furthermore, the compliance management client 220 transmits change requests to the compliance management server 210 to add, modify the placement of, or delete unit policies included in compliance subcategories, in response to user input. The compliance evaluation item management module 213 can then add, modify the placement of, or delete unit policies included in compliance subcategories stored in the compliance repository 232 in response to such change requests, and send a response to the change request to the compliance management client 220.
[0102] If the user input is for the addition of a unit policy, the location information of the added unit policy is also sent, and the compliance evaluation item management module 213 adds the requested unit policy to the location of the existing unit policy list in the compliance repository 232, and assigns a new serial number based on the location of the existing unit policy list and the requested unit policy.
[0103] If the user input is for the deletion of a unit policy, the deleted unit policy information is sent, and the compliance evaluation item management module 213 deletes the unit policy that was requested to be deleted from the existing unit policy list in the compliance repository 232, and assigns a new serial number to the unit policy list to reflect the deleted unit policy.
[0104] If the user input is a modification of the placement location of a unit policy, the placement location information of the unit policy with the changed location is sent along with the input, and the compliance evaluation item management module 213 changes the placement location of the existing unit policy list in the compliance repository 232 and assigns a new serial number to the unit policy list based on the changed placement location.
[0105] The response processing module 223 displays the response from the compliance management server 210 on the input / output device 240 via the user interface 221. In other words, the unit policies included in the subcategory are displayed with sequential numbers assigned to them based on their placement location.
[0106] The processing processes for query requests regarding unit policy lists included in compliance subcategories and for change requests regarding unit policies included in compliance subcategories between the compliance management server 210 and the compliance management client 220 are substantially the same as the [query request processing process] and [change request processing process] described above, respectively.
[0107] In this way, compliance evaluation items are managed separately for each unit policy, and a new serial number can be assigned based on the classification items and placement location of each unit policy. As a result, users can easily adapt to changes in compliance without coding.
[0108] The operation of the compliance classification item management module 212 and the compliance evaluation item management module 213 enables the formation of a hierarchical compliance structure. This hierarchical compliance structure is comprised of multiple unit policies assigned according to a hierarchical compliance classification system.
[0109] The compliance check project management module 214 can generate compliance check projects for compliance checks based on the hierarchical structure of compliance and manage the compliance check process. The compliance check project management module 214 can be driven by user input and can generate compliance check projects based on the hierarchical structure of compliance generated by the compliance classification item management module 212 and the compliance evaluation item management module 213. A compliance check project consists of multiple compliance check items, each of which corresponds to a unit policy included in the hierarchical structure of compliance.
[0110] The compliance check project management module 214 can store compliance check projects in the compliance check project repository 234, and can receive input of checker information for each compliance check item that constitutes the compliance check project via the compliance management client 220, and store it in the compliance check project repository 234.
[0111] Subsequently, when each checker accesses the compliance management server 210 using a compliance management client, the compliance check management module 132 maps the supporting documents according to the evaluation items assigned to each checker, enabling them to perform compliance checks. The compliance check project management module 214 can also generate compliance reports based on the compliance check results.
[0112] The personnel management module 215 can manage compliance manager information and information on checkers for each compliance check item in compliance check projects. The personnel management module 215 can obtain manager information and checker information from the compliance management client 220. The personnel management module 215 can obtain information such as each person's identification ID, company name, business area, compliance area, unit policy, area of responsibility, contact information, and email address, and store it in the personnel information repository 234.
[0113] Figure 3 shows the layout of the unit policy management screen 300 displayed on a compliance management client according to one embodiment of the present invention, and Figure 4 shows an example of the unit policy registration screen 400 displayed on a compliance management client according to one embodiment of the present invention.
[0114] The compliance management client 220 receives input from the user via an interface based on the unit policy management screen 300, transmits the user's input requests to the compliance management server 210, and the compliance management server 210 assists in managing unit policies individually in response to the user's input requests.
[0115] The unit policy management screen 300 includes a dashboard display area 302 that displays a menu list provided in the no-code compliance management system of the present invention, a unit policy source compliance list display area 304 that displays a unit policy source compliance list when the unit policy management menu is selected in the dashboard display area 302, a unit policy list display area 306 that displays a simplified view of the unit policy list stored in the unit policy repository 231 of the compliance management server 210, and a unit policy details display area 308 that displays detailed information of one unit policy selected from the unit policy list.
[0116] To display the unit policy source compliance list and unit policy list on the unit policy management screen 300, the request generation module 222 of the compliance management client 220 sends a unit policy source compliance list inquiry request and a unit policy list inquiry request to the compliance management server 210. The unit policy management module 211 of the compliance management server 210 calls a repository function based on the unit policy source compliance list and unit policy list to be queried, retrieves the relevant query target item data from the unit policy repository 231 using the already configured entity manager and JPAQueryFactory, inputs it into the already configured data transfer object (DTO), purifies it using internal data cleansing logic, and then transmits it to the compliance management client 220 using a RESTful API. The response processing module 223 of the compliance management client 220 uses a library (Element Plus) to display the unit policy source compliance list and unit policy list on the input / output device 240 according to the user input.
[0117] Generally, compliance includes multiple evaluation items, but in this invention, each evaluation item included in compliance is managed separately for each unit policy. The compliance from which individual unit policies are derived is called the unit policy source compliance. As shown in Figure 3, the unit policy source compliance list display area 304 of the unit policy management screen 300 displays the unit policy source compliance list, and the number of unit policies extracted for each unit policy source compliance may be displayed. In addition, the unit policy list display area 306 may display the unit policy list stored in the unit policy repository 222 along with simplified information. All unit policy lists may be displayed at once, or when any unit policy source compliance is selected from the unit policy source compliance list, only the unit policies derived from that compliance may be collected and displayed.
[0118] The unit policy details display area 308 displays detailed information about the unit policy, including the unit policy's unique code, name (item), classification information (field) in source compliance for the unit policy, status, responsible person, relevant laws and regulations, tags, related policies, attachments, certificate mapping, and detailed guide.
[0119] Detailed information about such unit policies is received from the unit policy registration screen 400 in Figure 4 and stored in the unit policy repository 231. Here, related policy information may be stored by linking it with other compliance unit policy information that is similar or identical to the unit policy in question. Tags may be additional information assigned by the user to classify and search for similar unit policies.
[0120] The unit policy management module 211 can receive, store, and manage unit policy information from the compliance management client 220 via the unit policy registration screen 400 in Figure 4, and can also receive information via the network from the computer system of a specialized compliance management company and store and manage it in the unit policy repository 231. The unit policy management module 211 can modify the details of unit policies and manage the registration and modification history of unit policies.
[0121] The unit policy management module 211 provides an environment in which the detailed unit policy information in the unit policy details display area 308 can be modified. This allows users to retrieve and modify the stored detailed unit policy information when compliance changes occur. When a user inputs a request to make changes such as adding, modifying, or deleting detailed unit policy information, the request generation module sends a request to modify the detailed unit policy information to the compliance management server 210. The compliance management client transmits form data corresponding to the user input to the compliance management server using a RESTful API. The compliance management server inputs the form data into a pre-configured data transfer object (DTO), purifies it using internal data cleansing logic, and then calls a repository function that suits the function. The unit policy management module 211 uses a pre-configured entity manager and JPAQueryFactory to make changes to the unit policy repository 231 in response to the user input. That is, it performs operations such as adding, modifying, and deleting unit policies in response to the user input. The unit policy management module 211 modifies the data in the unit policy repository 231 in response to user input and sends a change success message to the compliance management client 220 as a response to the request. At this time, the input / output device 240 can display a detailed screen of the unit policy that reflects the changes made by the inquiry request.
[0122] Figure 5 shows the layout of the compliance management screen 500 displayed on a compliance management client according to one embodiment of the present invention.
[0123] The compliance management client 220 receives input from the user via an interface based on the compliance management screen 500, transmits the user input requests to the compliance management server 210, and the compliance management server 210 assists in managing the hierarchical classification items of compliance based on the user input requests.
[0124] The compliance management screen 500 includes a dashboard display area 502 that displays a menu list provided in the no-code compliance management system of the present invention, a compliance list display area 504 that displays a compliance list when a compliance management menu is selected in the dashboard display area 502, and a compliance hierarchical classification item display area 506 that displays hierarchical classification system information of compliance selected from the compliance list.
[0125] To display the compliance list and the unit policy lists belonging to subcategories on the compliance management screen 500, the request generation module 222 of the compliance management client 220 sends a request to query the compliance list and a request to query the unit policy lists belonging to subcategories to the compliance management server 210. The compliance classification item management module 212 and the compliance evaluation item management module 213 of the compliance management server 210 call a repository function based on the compliance list and the unit policy lists belonging to subcategories to be queried, retrieve the query target item data from the compliance repository 232 using the already configured entity manager and JPAQueryFactory, input it into the already configured data transfer object (DTO), purify it using internal data cleansing logic, and then transmit it to the compliance management client 220 using a RESTful API. The response processing module 223 of the compliance management client 220 uses a library (Element Plus) to cause the input / output device 240 to display the compliance list and the unit policy lists belonging to subcategories according to the user input.
[0126] The hierarchical classification items for compliance displayed in the compliance hierarchical classification item display area 506 may include at least one of the following: major classification, medium classification, and minor classification. For example, a hierarchical classification item may consist of two, three, or four levels. Each major classification included in a single compliance may have a different number of levels. For example, some major classifications may consist of three levels, and some major classifications may consist of four levels.
[0127] For example, the hierarchical classification of compliance for ongoing financial information protection assessments may consist of two levels (major and minor classifications). The major classification may include "Principles and methods of consent for personal credit information," "Collection of personal credit information," "Provision of personal credit information," "Retention and deletion of personal credit information," "Guarantee of the rights of credit information subjects," etc. For example, the minor classification of the third major classification item, "Provision of personal credit information," may include "Provision of personal credit information" and "Conclusion of security agreements regarding the provision of personal credit information." The number of unit policies included in each major and minor classification may be indicated in the hierarchical classification item of compliance.
[0128] The compliance classification item management module 212 can store and manage classification item information based on a hierarchical classification system defined for standards compliance or non-standard compliance. The compliance classification item management module 212 can receive, store, and manage hierarchical compliance classification item information from the compliance management client 220, and can also receive, store, and manage information via a network from the computer system of a specialized compliance management company. The compliance classification item management module 212 can provide an environment where arbitrary compliance hierarchical classification items can be added, deleted, and modified. This allows for changes to hierarchical classification items to reflect the updated compliance when compliance is changed to a new version.
[0129] The compliance classification item management module 212 can receive hierarchical compliance classification items via the compliance management screen 500 in Figure 5, and store and manage them in the compliance repository 232.
[0130] When a user requests to make changes to a hierarchical compliance classification item on the compliance management screen 500, such as adding, modifying, or deleting it, the request generation module 222 sends a change request for the corresponding hierarchical classification item to the compliance management server 210. The compliance management client transmits the form data corresponding to the user's input to the compliance management server using a RESTful API. The compliance management server inputs the form data into a pre-configured data transfer object (DTO), purifies it using internal data cleansing logic, and then calls a repository function that suits the function. The compliance classification item management module 212 uses a pre-configured entity manager and JPAQueryFactory to make changes to the compliance repository 232 in response to the user's input. That is, it performs operations such as adding, modifying, or deleting the hierarchical compliance classification item in response to the user's input. The compliance classification item management module 212 modifies the data in the compliance repository 231 in response to the user's input and sends a change success message to the compliance management client 220 as a response to the request. At this time, the compliance management screen reflecting the changes made by the query request can be displayed on the input / output device 240. The compliance management client 220 receives input from the user via an interface based on the compliance management screen 500, transmits the user's input request to the compliance management server 210, and assists the compliance management server 210 in managing information about unit policies assigned to subcategories of hierarchical compliance classification items based on the user's input request.
[0131] The compliance management screen 500 may further include a unit policy list display area 508 that displays a list of unit policies assigned to a subcategory in the hierarchical classification system of compliance, and a unit policy details display area 510 that displays detailed information of a unit policy selected from the unit policy list belonging to the subcategory.
[0132] The compliance evaluation item management module 213 can input unit policy assignment information into the subcategories of hierarchical compliance classification items based on the compliance management screen 500, and store and manage it in the compliance repository 232. The detailed information of the unit policies stored in the compliance repository 232 can also be modified by the unit policy management module 211 to reflect any changes made to the unit policy repository 231.
[0133] The compliance evaluation item management module 213 allows for the addition, modification, and deletion of at least one unit policy within a subcategory divided by a hierarchical classification system. These actions, such as adding, modifying, and deleting unit policies, are performed by the user. Multiple unit policies assigned to a single subcategory may have their placement changed, and may also be moved to subcategories of other major or medium classifications. The compliance evaluation item management module 213 can assign a sequential number to each unit policy, specifying its classification item and placement within the subcategory.
[0134] The compliance management client 220 transmits change requests to the compliance management server 210, in response to user input, such as adding, modifying the placement of, or deleting unit policies included in compliance subcategories. The compliance evaluation item management module 213 can then add, modify the placement of, or delete unit policies included in compliance subcategories stored in the compliance repository 232 in response to these change requests, and send a response to the change request to the compliance management client 220.
[0135] When a user requests changes to a subcategory, such as adding, modifying, or deleting a unit policy, on the compliance management screen 500, the request generation module 222 sends a change request for the unit policy belonging to the relevant subcategory to the compliance management server 210. The compliance management client transmits the form data corresponding to the user's input to the compliance management server using a RESTful API. The compliance management server inputs the form data into a pre-configured data transfer object (DTO), purifies it using internal data cleansing logic, and then calls a repository function that suits the function. The compliance evaluation item management module 213 uses a pre-configured entity manager and JPAQueryFactory to make changes to the compliance repository 232 in response to the user's input. That is, it performs actions such as adding, modifying, or deleting unit policies belonging to a subcategory in response to the user's input. The compliance evaluation item management module 213 assigns a new serial number to each unit policy belonging to a subcategory based on its modified placement and sends it to the compliance management client 220.
[0136] If the user input is for the addition of a unit policy belonging to a subcategory, the location information of the requested unit policy is sent along with it, and the compliance evaluation item management module 213 adds and stores the requested unit policy in the location of the existing unit policy list in the compliance repository 232. Based on the existing unit policy list belonging to the subcategory and the location of the requested unit policy, a new serial number is assigned to the unit policies belonging to each subcategory.
[0137] If the user input is for the deletion of a unit policy belonging to a subcategory, the unit policy information for which deletion was requested is sent, and the compliance evaluation item management module 213 deletes the unit policy for which deletion was requested from the existing unit policy list in the compliance repository 232, and the other unit policies belonging to the subcategory are assigned a new serial number.
[0138] If the user input is a modification of the placement location of a unit policy belonging to a subcategory, the placement location information of the unit policy whose position has been changed is sent along with it. For example, if the placement order of the second and third unit policies in the unit policy list belonging to a subcategory is swapped, the changed placement location information is sent along with it. The compliance evaluation item management module 213 changes the placement locations of two unit policies in the existing unit policy list in the compliance repository 232 and assigns a new serial number to the unit policy belonging to the subcategory based on the changed placement locations.
[0139] Compliance unit policies may change in classification categories and placement. While compliance supervisory bodies and certification bodies revise the details of unit policies annually, they may change hierarchical classification categories, place unit policies within existing categories and other categories, or change the placement of multiple unit policies within the same category. Traditionally, changes in the classification categories or placement of compliance unit policies have resulted in the need to recode compliance routine programs.
[0140] However, according to the present invention, when a user changes the classification items and placement location of a unit policy, the unit policy information belonging to the subcategory stored in the compliance repository can be changed in response to the user's input, and a new serial number can be assigned to each unit policy based on the unit policy information belonging to the changed subcategory.
[0141] For example, in a hierarchical classification of compliance items, the major category "Provision of Personal Credit Information" and the minor category "Provision of Personal Credit Information" may include two unit policies ("Consent when providing personal credit information" and "Prior notification of the fact and reasons for providing personal credit information if it is provided or received without consent"). The compliance repository 232 sequentially stores the unit policies belonging to the relevant hierarchical classification items and minor categories, and a sequential number can be assigned to the unit policies belonging to each minor category based on the stored information.
[0142] According to the present invention, when the classification items or placement location of unit policies belonging to a subcategory are changed in response to user input, the compliance evaluation item management module can change the storage order of unit policies belonging to the subcategory in the compliance repository 232 in response to user input, and can assign a new serial number to each unit policy belonging to the subcategory based on the changed storage order.
[0143] The operation of the compliance classification item management module 212 and the compliance evaluation item management module 213 enables the formation of a hierarchical compliance structure. This hierarchical compliance structure is composed of multiple unit policies assigned according to the hierarchical compliance classification system and stored in the compliance repository 232.
[0144] The compliance check project management module 214 can generate compliance check projects for compliance checks based on the hierarchical structure of compliance stored in the compliance repository 232 and store them in the compliance check project repository 232. Such compliance check projects correspond to conventional compliance routine programs and can be generated without coding. The compliance check project management module 214 is driven according to instructions from the user. Compliance check projects can be generated based on the hierarchical structure of compliance generated by the compliance classification item management module 212 and the compliance evaluation item management module 213. A compliance check project consists of multiple compliance check items, and each compliance check item corresponds to each unit policy included in the hierarchical structure of compliance. It is preferable that even if the detailed information of a unit policy is changed by the unit policy management module 211, this is not reflected in the compliance check items of the compliance check project generated based on the unit policy, and that compliance checks are performed based on the details of the unit policy before the change.
[0145] The compliance check project management module 214 stores compliance check projects in the compliance check project repository 234, and the compliance management client 220 allows the information of the person responsible for checking each compliance check item that makes up the compliance check project to be entered and stored in the compliance check project repository 234.
[0146] Subsequently, when each checker accesses the compliance management server 210 using a compliance management client, the compliance check management module 132 maps the supporting documents according to the evaluation items assigned to each checker, enabling them to perform compliance checks. The compliance check project management module 214 can also generate compliance reports based on the compliance check results.
[0147] Figure 6 is an operational flowchart illustrating a no-code compliance management method according to one embodiment of the present invention.
[0148] Exemplary process behavior is shown in individual blocks, and such blocks are used for explanation. A process is presented as a logical flow of blocks, each block representing one or more actions that can be implemented in hardware, software, or a combination thereof. In software, an action, when executed by one or more processors, represents one or more computer-executable instructions stored in one or more computer-readable media that enable one or more processors to perform the cited action. Generally, computer-executable instructions include routines, programs, objects, modules, components, data structures, executions of specific functions, and implementations of specific abstract data types. The order in which actions are described should not be interpreted restrictively, and the number of actions described can be subdivided into many sub-actions in any order, or they can be executed in parallel. The compliance management server stores unit policies in the unit policy repository 231 and manages them individually (S602).
[0149] The compliance management server stores and manages hierarchical compliance classification items in the compliance repository 232 (S604).
[0150] The compliance management server generates a hierarchical compliance structure such that at least one unit policy stored in the unit policy repository 231 is placed in each subcategory of the hierarchical compliance classification items stored in the compliance repository 232, and then stores and manages it in the compliance repository 232 (S606).
[0151] The compliance management server generates compliance check projects based on the hierarchical structure of compliance and stores and manages them in the compliance check project repository 234 (S608).
[0152] The compliance management server manages compliance checks to be performed based on compliance check projects stored in the compliance check project repository 234 (S610).
[0153] All of the methods and processes described above are embodied in software code modules executed by one or more general-purpose computers or processors and can be fully automated. The code modules may be stored in any type of computer-readable recording medium or other computer recording device. Some or all of the methods may be implemented in specialized computer hardware.
[0154] In flowcharts described herein and / or in accompanying drawings, general descriptions, elements, or blocks should be understood to potentially represent code, modules, segments, or portions containing one or more executable instructions for realizing a particular logical function or element. Alternative examples are included within the scope of the examples described herein, and elements or functions may be removed or executed in substantially synchronous or reverse order depending on the function understood herein, or in the order shown or described.
[0155] The embodiments described above are subject to numerous modifications and alterations, and their elements should be understood as just one of many other acceptable examples. These modifications and alterations are all within the scope of this disclosure and are intended to be protected by the appended claims. Furthermore, the embodiments of the present invention described above may be implemented in the form of program instructions performed by a variety of computer components and recorded on a computer-readable recording medium. A computer-readable recording medium may include program instructions, data files, data structures, etc., individually or in combination. The program instructions recorded on the computer-readable recording medium may be specifically designed and configured for the present invention or may be known to those skilled in the art of computer software. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks, and magnetic tapes; optical recording media such as CD-ROMs and DVDs; magneto-optical media such as floptical disks; and hardware devices specifically configured to store and execute program instructions, such as ROMs, RAMs, and flash memory. Examples of program instructions include not only machine code generated by a compiler, but also high-level language code executed by a computer using an interpreter or the like. The hardware device described above may be configured to operate as one or more software modules in order to perform the processing according to the present invention, and vice versa.
[0156] The present invention has been described above based on specific details such as concrete components, as well as limited embodiments and drawings. However, these are provided only to aid in understanding the present invention, and the present invention is not limited to the embodiments described above. Anyone with ordinary skill in the art to which the present invention belongs can implement the invention by making various modifications and variations from the above description.
[0157] Therefore, the concept of the present invention should not be limited to the embodiments described above, and it can be said that any modification equivalent to or equivalent to the claims attached thereto falls within the scope of the present invention. [Explanation of Symbols]
[0158] 210: Compliance management server, 211: Unit policy management module, 212: Compliance classification item management module, 213: Compliance evaluation item management module, 214: Compliance check project management module, 215: Person in charge management module, 220: Compliance management client, 221: User interface, 222: Request generation module, 223: Response processing module, 230: Data repository, 231: Unit policy repository, 232: Compliance repository, 233: Person in charge information repository, 234: Compliance check project repository, 240: Input / output device.
Claims
1. Includes a compliance management server that processes requests from compliance management clients and provides no-code compliance management functionality, The above compliance management server is In response to a request from the above compliance management client, a unit policy management module separates at least one or more evaluation items included in compliance into unit policies, stores them in a unit policy repository, and manages them individually. A compliance classification item management module that, in response to a request from the compliance management client mentioned above, stores and manages at least one hierarchical compliance classification item in the compliance repository. In response to a request from the compliance management client, a compliance evaluation item management module generates a hierarchical compliance structure such that at least one unit policy stored in the unit policy repository is placed in each subcategory of the hierarchical compliance classification items stored in the compliance repository, and stores this structure in the compliance repository. It includes a compliance check project management module that, in response to a request from the compliance management client, generates compliance check projects based on the hierarchical structure of compliance, stores them in the compliance check compliance repository, and manages them so that compliance checks can be performed based on the compliance check projects. The compliance management client uses the RESTful API to transmit the above request to the compliance management server. The compliance management server processes data using Data Transfer Objects (DTOs) and internal data cleansing logic, calls Repository functions, and queries or modifies data from the data repository using the already configured Entity Manager and JPAQueryFactory. A no-code compliance management system.
2. The above request from the compliance management client is an inquiry request. The compliance management client requests the above query request from the compliance management server using the RESTful API, the compliance management server calls the Repository function for the query target item, retrieves the query target item data from the data repository using the already configured Entity Manager and JPAQueryFactory, inputs the query target item data obtained from the data repository into the already configured Data Transfer Object (DTO), purifies it using internal data cleansing logic, and then transmits the query target item data, including the query target item data, to the compliance management client via the RESTful API, as described in claim 1.
3. The request from the above compliance management client is a change request. The compliance management client uses the RESTful API to transmit form data corresponding to the change request to the compliance management server. The compliance management server, as described above, inputs form data corresponding to the change request into a pre-configured data transfer object (DTO), purifies it using internal data cleansing logic, then calls a repository function to modify the data repository in response to the change request using a pre-configured entity manager and JPAQueryFactory, as described in claim 1.
4. The above-mentioned unit policy management module receives input from the user based on the unit policy management screen displayed on the compliance management client and manages the above-mentioned unit policies individually, as described in claim 1, a no-code compliance management system.
5. The no-code compliance management system according to claim 4, wherein the above-mentioned unit policy management screen includes a dashboard display area where a menu list is displayed, a unit policy source compliance list display area where a list of unit policy source compliances is displayed when the unit policy management menu is selected in the dashboard display area, a unit policy list display area where a simplified list of unit policies stored in the unit policy repository is displayed, and a unit policy details display area where detailed information of one unit policy selected from the unit policy list is displayed.
6. The no-code compliance management system according to claim 5, wherein the detailed information of the above-mentioned unit policy includes the unique code, name (item), classification information (field) in the source compliance of the above-mentioned unit policy, status, responsible person, relevant laws and regulations, tags, related policies, attachments, certificate mapping, and detailed guide for the above-mentioned unit policy.
7. The no-code compliance management system according to claim 4, wherein the above-mentioned unit policy management module provides an environment in which the details of unit policies stored in the above-mentioned unit policy repository can be modified, and when the details of the above-mentioned unit policy are modified, the unit policy details stored in the above-mentioned compliance repository are updated with the modified information.
8. The compliance classification item management module described above receives input from the user based on the compliance management screen displayed on the compliance management client and manages hierarchical classification items of compliance, as described in claim 1.
9. The compliance evaluation item management module described above receives input from the user based on the compliance management screen described above, assigns at least one unit policy to the subcategory of the hierarchical classification item of compliance described above, and stores and manages it in the compliance repository described above, a no-code compliance management system according to claim 8.
10. The no-code compliance management system according to claim 9, wherein the unit policies assigned to the subcategories of the above-mentioned hierarchical compliance classification items are assigned a sequential number based on the above-mentioned hierarchical compliance classification items and their position within the subcategories.
11. A compliance management server that processes requests from compliance management clients and provides no-code compliance management functionality, wherein a no-code compliance management method is implemented by at least one processor, The compliance management server, in response to a request from the compliance management client, divides at least one or more evaluation items included in compliance into unit policies, stores them in the unit policy repository, and manages them individually in a unit policy management step. Compliance classification item management step, in which the compliance management server, in response to a request from the compliance management client, stores and manages at least one hierarchical compliance classification item in the compliance repository. The compliance management server generates a hierarchical compliance structure in response to a request from the compliance management client, such that at least one unit policy stored in the unit policy repository is placed in each subcategory of the hierarchical compliance classification items stored in the compliance repository, and stores this structure in the compliance repository. The compliance management server includes a compliance check project management step in which, in response to a request from the compliance management client, a compliance check project is generated based on the hierarchical structure of compliance, stored in the compliance check compliance repository, and managed so that compliance checks can be performed based on the compliance check project. The compliance management client uses the RESTful API to transmit the above request to the compliance management server. The compliance management server processes data using Data Transfer Objects (DTOs) and internal data cleansing logic, calls Repository functions, and queries or modifies data from the data repository using the already configured Entity Manager and JPAQueryFactory. No-code compliance management methods.
12. The above request from the compliance management client is an inquiry request. The compliance management client uses the RESTful API to request the above query from the compliance management server. The compliance management server, as described in claim 11, calls the Repository function for the query target item, retrieves the query target item data from the data repository using the already configured entity manager and JPAQueryFactory, inputs the query target item data retrieved from the data repository into the already configured data transfer object (DTO), purifies it using internal data cleansing logic, and then transmits the query target item data, including the query target item data, to the compliance management client via the RESTful API.
13. The request from the above compliance management client is a change request. The compliance management client uses the RESTful API to transmit form data corresponding to the change request to the compliance management server. The compliance management server, as described above, inputs form data corresponding to the change request into a pre-configured data transfer object (DTO), purifies it using internal data cleansing logic, then calls a repository function to modify the data repository in response to the change request using a pre-configured entity manager and JPAQueryFactory, as described in claim 11.
14. The no-code compliance management method according to claim 11, wherein the above unit policy management step receives input from the user based on the unit policy management screen displayed on the compliance management client and manages the above unit policies individually.
15. The no-code compliance management method according to claim 14, wherein the above-mentioned unit policy management screen includes a dashboard display area where a menu list is displayed, a unit policy source compliance list display area where a source compliance list of unit policies is displayed when the unit policy management menu is selected in the dashboard display area, a unit policy list display area where a simplified display of the unit policy list stored in the unit policy repository is shown, and a unit policy details display area where detailed information of one unit policy selected from the unit policy list is displayed.
16. The no-code compliance management method according to claim 15, wherein the detailed information of the above-mentioned unit policy includes the unique code, name (item), classification information (field) in the source compliance of the above-mentioned unit policy, status, responsible person, relevant laws and regulations, tags, related policies, attachments, certificate mapping, and detailed guide.
17. The no-code compliance management method according to claim 14, wherein the above unit policy management step provides an environment in which the details of the unit policy stored in the above unit policy repository can be modified, and when the details of the unit policy are modified, the details of the unit policy stored in the compliance repository are updated with the modified information.
18. The compliance management method according to claim 11, wherein the compliance classification item management step described above receives input from the user based on the compliance management screen displayed on the compliance management client and manages hierarchical classification items of compliance.
19. The compliance management method according to claim 18, wherein the compliance evaluation item management step includes receiving input from the user based on the compliance management screen, assigning at least one unit policy to a subcategory of the hierarchical classification item of compliance, and storing and managing it in the compliance repository.
20. The no-code compliance management method according to claim 19, wherein the unit policies assigned to the subcategories of the hierarchical classification items of compliance described above are stored in the compliance repository based on the hierarchical classification items and their placement within the subcategories of compliance described above, and are assigned a serial number.