Method and system for analyzing policies for compliance with a specified policy using a policy template

摘要

A method and system are disclosed for analyzing policies for compliance with a specified policy. The method comprises the steps of creating a policy template representing said specified policy, and comparing a group of given policies to said policy template to determine whether said given policies conflict with said specified policy. In the preferred embodiment of the invention, the specified policy may include specified rules, the given policies include a plurality of given rules, and the policy template expresses said specified rules. In this preferred embodiment, the comparing step includes the step of comparing said plurality of given rules to the policy template to determine whether any of said given rules conflicts with said specified rules. In addition, preferably, if conflicts are found between said given policies and said specified policy, the given policies are modified to eliminate the conflicts.

主权项

1. A method of analyzing policies for compliance with a specified policy standard for controlling specified actions, comprising the steps of: creating, by using a hardware processing unit, a policy template representing said specified policy standard by expressing the specified policy standard as a set of standard rules; and
comparing, by using the hardware processing unit, a group of given privacy policies to said policy template to determine whether said given privacy policies are in compliance with said specified policy standard by expressing each of the given privacy policies as a set of policy rules, and comparing the policy rules with the standard rules to determine whether the policy rules are in compliance with the standard rules for allowing the specified actions; and when one or more of said given privacy policies is not in compliance with the specified policy standard, modifying said one or more of said given privacy policies to eliminate conflicts between the group of privacy policies and the specified policy standard and to ensure compliance of the given privacy policies with the specified policy standard for allowing the specified actions; and wherein: the specified policy standard is enacted legislation, and the comparing step includes the step of comparing said privacy policies to said policy template to determine whether said privacy policies are in compliance with said legislation; said legislation includes a set of rules, and the step of creating a policy template includes the step of creating a policy template expressing said set of rules of said legislation, whereby if there are no conflicts between the privacy policies and said policy template, then the privacy policies are in compliance with said legislation; each of the policy rules includes a first set of defined categories and one or more data items in each of said defined categories; the policy standard includes a second set of defined categories and one or more data items in each of said defined categories; and the comparing includes for each of the policy rules, comparing selected ones of the data items in defined categories of the policy rule with selected ones of the data items in the defined categories of the policy standard to determine if the selected ones of the data items in the defined categories of the policy rules are the same as the selected ones of the data items in the defined categories of the policy standard.