DETAILED ACTION
This Notice of Allowance is in response to applicants’ amendment and remarks filed 10/18/2021.  Claims 1-20 are pending and have been considered as follows.
The text of those sections of Title 35 U.S. Code not included in this section can be found in the prior office action.
The prior office actions are incorporated herein by reference.  In particular, the observations with respect to claim language, and response to previously presented arguments.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Allowable Subject Matter
Claims 1-20 are allowed.
Examiner’s Statement for Reasons of Allowance
The following is an examiner’s statement of reasons for allowance:
In interpreting the currently amended claims in light of the specification, the Examiner finds the claimed invention to be patentably distinct from the prior art of record.
Independent Claims 1 and 12 are allowed for the reasons argued by applicants on pages 12-24 of the remarks filed on 10/18/2021 which are persuasive. Claims 2-11 and 13-20 depend upon respective independent claims above and are allowed by virtue of their dependencies.
Although the prior art Maung (US 20180285887 A1) teaches “A centralized cloud-based platform manages the compliance of the plurality of heterogeneous remote cloud-based systems by applying a set of data compliance rules pertaining to regulatory controls. The regulatory controls pertain to data access events and data manipulation events that occur on the plurality of computing systems” [Abstract]; data security [0040]; security controls [0056],
None of the prior art of record teaches individually or in combination the limitations listed below as recited in applicants’ amended independent claims [emphasis added]:
[Claim 1] “(a) at least one tenant onboarded onto said multi-tenant security assurance platform... said implementing verified by collecting said one or more evidence tasks by said multi-tenant security assurance platform; (d) a Readiness Project Module for tracking by a readiness project, a readiness of said at least one tenant for a corresponding audit project tracked by an Audit Project Module of said multi-tenant security assurance platform; wherein said multi-tenant security assurance platform performs usage-tracking of said plurality of InfoSec entities”;
[Claim 12] “(a) onboarding a tenant onto a multi-tenant software-as-a- service (SaaS) web-application; (b) performing usage-tracking of a plurality of information security (InfoSec) entities defined in said multi-tenant SaaS web-application... (d) verifying said implementing by collecting said one or more evidence tasks in said multi-tenant SaaS web-application;  and (e) utilizing a readiness project for preparing said tenant for an audit project, said readiness project and said audit project defined in said multi-tenant SaaS web-application”.

Lederer et al. (US 20020023109 A1) disclosed a system for ensuring compliance with regulations includes a data storage for storing compliance-related data pertaining to products. The system also includes a communication interface for receiving information from an entity (such as an order-entry system) pertaining to an order placed by the entity or customer-related information. The system also includes functionality for examining the information to determine whether it may be successfully processed by the system, and if so, for processing the information. The system further includes functionality for storing an indication of the information in a suspense storage area when the system determines that it cannot be successfully processed. The system also provides an interface maintenance module, including functionality for: (i) examining the indicated information in the suspense storage area; (ii) making changes in response to the indicated information; and (iii) resubmitting the information for processing by the system after the changes have been made. Other aspects of the invention allow users to search for, retrieve, and dispatch compliance related documents (such as MSDSs) using improved interfaces. For instance, an exemplary interface incorporates web-enabling functionality.
Seliger et al. (US 20020107875 A1) disclosed an architecture having a centralized storage location coupled to a context manager is provided for servicing and logging context events from a plurality of sources. This type of system uses a synchronization scheme to perform orderly storage and retrieval of data to and from the centralized storage location. In other instances, information stored in the centralized storage location or signals from the context manager are used to achieve an auditing 
Dvorak et al. (US 20020120472 A1) disclosed a patient-centered integrated health care record is provided including information related to health care delivery for a patient, and information related to health care delivery management for the patient. The integrated health care record may be used with a health care system to facilitate management of and to provide health care for patients. The health care delivery information and the health care delivery management information for patients may be stored within the UPR as patient records, with one patient record per patient. The information may be stored as formatted data, links to formatted data, or as selections from a list. In one embodiment, audit functionality is provided, where contact with data records is recorded as an audit trail.
Cottrell et al. (US 20030233258 A1) disclosed a data processing center which acts as a central clearing house for processing requests for disclosures of verification information from providers who make disclosures of information relating to stored document information, and requests from parties desiring an accounting of such disclosures of information, as in accordance with HIPAA regulations. The data processing center typically associates requests and verification information relating to a release of information with the individuals and providers to which the disclosures of information pertain. The data processing center maintains information relating to disclosures of record information for either a prescribed time period or indefinitely in 
Dube et al. (US 20070250699 A1) disclosed a networked machine receiving an instruction from a server to execute a pre-recorded action sequence designed to capture evidence data. The machine can annotate the captured evidence data with meta-data, and send the annotated evidence data to the server. The server can then perform analysis on the collected evidence data and present the evidence data and the analysis to an administrator.
Heroux (US 8296244 B1) disclosed a method and system for guiding end-users with respect to payment card data security standards. The system uses guidance questions that are worded simply and intelligibly so that end-users, regardless of their technical background or expertise, can understand the underlying issues and provide the proper answer. The guidance questions are generated from the PCI DSS SAQ and related guidance documents, to generate a list of positive, negative or non-applicable SAQ answers at the end of the process. The system generates action items with applicable policy statements for negative answers, if necessary, such that a completed questionnaire can be generated with all positive answers and sent to the authoritative entity. The system also generates vulnerability level reports based on the end-user's answers to assist the end-user and the host in assessing PCI DSS compliance readiness. The host can process the generated information to do risk analysis or risk management.
Spencer (US 6356909 B1) disclosed an integrated web based system for generating electronic request for proposal (RFP) forms and responding to the generated RFPs over a secure communications network. Using a web site interface, the present invention enables users to request specific information for goods and services from specific vendors, automates the process of responding to the RFPs, and automates the process of reviewing, analyzing and presenting the results. Potential vendors are notified via e-mail when the RFP is completed, and have the option to respond to the RFP by using information stored in the associated online databases or by providing new information that is then stored in the online databases. The system remembers links from questions to all appropriate responses and prompts vendors to add them to their response form. Analysis on completed forms is automated and enables the users to evaluate RFPs.
Banerjee et al. (US 20130067078 A1) disclosed verifying a storage capacity of a network element coupled to an end device over a network connection. The method also includes executing script provided in the network element, which is configured for exchanging packets in a network environment. The script initiates a collection of data being retrieved from the end device. The data can be Fault, Configuration, Accounting, Performance, and Security (FCAPS) data associated with the end device. The data collected from the end device is communicated to a next destination.
JOHNSON et al. (US 20130124244 A1) disclosed an enterprise proposal management system with various enterprise systems, applications, data sources, and other resources to provide a comprehensive solution to manage and coordinate a proposal lifecycle and data associated therewith. In particular, the system and method 
Liu et al. (US 20130159277 A1) disclosed a data extraction module stored in the memory and executable by the processor to: pre-process a micro-blog entry; and extract data from the micro-blog entry based at least in part on one or more natural language processing technologies, the one or more natural language processing technologies including named entity recognition (NER) to locate and classify elements in the micro-blog entry into predefined categories, the NER comprising a combination of a k-nearest neighbor (KNN) classifier with a conditional random field (CRF) labeler; a classification module stored in the memory and executable by the processor to classify the micro-blog entry into pre-defined categories; and an index module stored in the memory and executable by the processor to: index the extracted data and the micro-blog entry; receive a request; and provide the extracted data and the micro-blog entry based on the request.
Denton et al. (US 20130246217 A1) disclosed a market platform that may operate to inform buyers and suppliers, to allow buyers and suppliers to select products and contracting parameters to meet their needs, to allow buyers and suppliers to 
Gao et al. (US 20170032035 A1) disclosed receiving a query or a document; mapping the query or the document into a lower dimensional representation by using at least one operational layer that shares operations of at least two disparate tasks, wherein the at least one operational layer is based, at least in part, on a multi-task deep neural network (DNN); and using the lower dimensional representation to perform at least one of the at least two disparate tasks.
LaFever et al. (US 20170243028 A1) disclosed a system to obtain a request from a first user for provision of a privacy policy; determine a first privacy policy based, at least in part, on the request; obtain data from the first user pertaining to a first plurality of data subjects; generate a first dynamically-changing, temporally unique identifier (DDID) for a first data subject in the first plurality of data subjects, wherein the first dynamically-changing, temporally unique identifier is configured to: replace a first value related to the first data subject; and comply with the determined first privacy policy; store the first dynamically changing, temporally unique identifier in the one or more data stores; receive, over the network, a first request for the first value related to 
Barday (US 20170357502 A1) disclosed A) receiving, by one or more computer processors via a first computer software application, from a first set of one or more users, respective answers for a plurality of question/answer pairings regarding a proposed design of the product; (B) generating, by one or more computer processors, an initial privacy impact assessment for the product based, at least in part, on the plurality of question/answer pairings; (C) receiving, by one or more computer processors, an implementation date for the product; (D) after receiving the plurality of question/answer pairings regarding the proposed design of the product, displaying, by one or more computer processors, the plurality of question/answer pairings to a second set of one or more users.
However, the prior art of record, taken by itself or in any combination, do not anticipate or make obvious the invention of the present application and in particular the claim features listed above.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicants’ disclosure.
Liu et al. (“Research and Design of Security Audit System for Compliance”, August 2012, International Symposium on Information Technologies in Medicine and Education, pp. 905-909)
Cobb et al. (US 20070288253 A1)
Kohli et al. (US 20120102543 A1)
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kenneth W Chang whose telephone number is (571)270-7530. The examiner can normally be reached Monday - Friday 9-5pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on 571-272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and 





/KENNETH W CHANG/Primary Examiner, Art Unit 2438                                                                                                                                                                                                        
    PNG
    media_image1.png
    35
    280
    media_image1.png
    Greyscale

11.12.2021