Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


DETAILED ACTION
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 1/31/22 has been entered.

Examiner Amendment
An Examiner’s Amendment to the record appears below.  Should the changes and/or additions be unacceptable to Applicant, an amendment may be filed as provided by 37 CFR 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the Issue Fee.

The following changes were authorized by XXX in a telephone interview on 4/28/06.

Please replace claims 1-2, 4-6, 12, 16, 18-19 and 21-24 with the claims cited below:
--
1.	(Currently Amended) A method for populating data sets indicative of risk level of a first entity having a relationship with a second entity, the method comprising:
receiving, by one or more processors, a first questionnaire from the first entity for the second entity, the first questionnaire including a first question associated with first question data;
performing, by the one or more processors, a matching operation between the first question data and second question data associated with a second question of a second questionnaire, the second questionnaire corresponding to the second entity;
based on a result of the matching operation indicating a match between the first question data and the second question data, generating, by the one or more processors, a mapping between the first question and the second question; 
in response to identification of a response to the second question provided by the second entity, populating, by the one or more processors based on the match between the first question data and the second question data, the first questionnaire with the response to the second question as a response to the first question on behalf of the second entity; 
after populating the response to the first question with the response to the second question, determining a level of cybersecurity of the second entity  associated with low risk, a second level associated with medium risk, and a third level associated with high risk; and
providing to the first entity, by the one or more processors, the first questionnaire including the first question populated with the response from the second question. 
2.	(Currently Amended) The method of claim 1, further comprising:
based on a mapping between the second question data and third question data of a third question of a third questionnaire, populate, by the one or more processors, the third questionnaire with the response to the second question as a response to the third question on behalf of the second entity


4.	(Currently Amended) The method of claim 1, further comprising:
after populating the response to the first question with the response to the second question, receiving a submission request from the second entity to submit the first questionnaire to the first entity; 
processors, the cybersecurity category of the first question of the first questionnaire; and 
prior to providing the first questionnaire to the first entity: 
comparing the level of cybersecurity with the populated response of the first question; 
notifying the second entity of a discrepancy between the level of cybersecurity with the populated response of the first question; and 
prompting the second entity to modify the populated response of the first question prior to providing the first questionnaire to the first entity; or 
after providing to the first entity, by the one or more processors, the first questionnaire including the first question populated with the response from the second question:
comparing the level of cybersecurity with the populated response of the first question; and
notifying the first entity of a discrepancy between the level of cybersecurity with the populated response of the first question.
5.	(Currently Amended) The method of claim 4, further comprising:
identifying based on the first question data, by the one or more processors, a cybersecurity category of the first question of the first questionnaire; and 

6.	(Currently Amended) The method of claim 5, further comprising:
after providing to the first entity, by the one or more processors, the first questionnaire including the first question populated with the response from the second question, determining a level of cybersecurity of the second entity for the cybersecurity category; 
comparing the level of cybersecurity with the populated response of the first question;
determining the populated response of the first question is consistent with the level of cybersecurity; [[and]] 
receiving an indication from the first entity that the first questionnaire is accepted; and
after receiving an indication from the first entity that the first questionnaire is accepted: 
determining a second level of cybersecurity of the second entity for the cybersecurity category; 

notifying the first entity of a discrepancy between the second level of cybersecurity with the populated response of the first question of [[he]] the accepted first questionnaire.
12.	(Currently Amended) A non-transitory computer-readable storage medium storing instructions that, when executed by one or more processors, cause the one or more processors to perform operations for providing a first questionnaire associated with vendor risk management of a first entity having a relationship with a second entity as a vendor of the first entity, the operations comprising:
executing a first routine to receive a first questionnaire from the first entity for the second entity, the first entity different from the second entity, the first questionnaire including a first question associated with first question data;
executing a second routine to perform a matching operation between the first question data and second question data associated with a second question of a second questionnaire, the second questionnaire corresponding to the second entity;
based on a result of the matching operation indicating a match between the first question data and the second question data, executing a third routine to, generate a mapping between the first question and the second question; 
in response to identification of a response to the second question provided by the second entity, executing a fourth routine to populate, based on the match between the first question data and the second question data, the first 
after population of the response to the first question with the response to the second question, determine a level of cybersecurity of the second entity for a cybersecurity category associated with the first question of the first questionnaire, the level of cybersecurity determined from at least one of a plurality of available levels, the plurality of available levels comprising a first level associated with low risk, a second level associated with medium risk, and a third level associated with high risk; and
executing a fifth routine to provide, to the first entity, the first questionnaire including the first question populated with the response from the second question.

16.	(Currently Amended) The non-transitory computer-readable storage medium of claim 14, the operations further comprising:
based on the mapping, identifying a first match between the fourth question of the second questionnaire and a fifth question of the third questionnaire, and a second match between the fourth question of the second questionnaire and a sixth question of the fourth questionnaire;
in response to a determination that the fourth question of the second questionnaire and the fifth question of the third questionnaire have the same response type, mapping the populated response of the fourth 
in response to a determination that the fourth question of the second questionnaire and the fifth question of the third questionnaire have different response types, generating a prompt for the second entity to provide a response to the sixth question of the fourth questionnaire based on the populated response of the fourth question of the second questionnaire; 
receiving a modification of the response to the fifth question of the third questionnaire; 
identifying the modified response of the fifth question of the third questionnaire is different from the populated response of the fourth question of the second questionnaire; and 
generating a prompt for the second entity to provide designate one of the modified response of the fifth question of the third questionnaire or the populated response of the fourth question of the second questionnaire for use as the same response for each of the fifth question of the third questionnaire and the fourth question of the second questionnaire.

18.	(Currently Amended) The non-transitory computer-readable storage medium of claim 14, the operations further comprising:
receiving

identifying a format of the fourth questionnaire; 
determining whether to parse the fourth questionnaire based on the format of the fourth questionnaire;
based on a determination to parse the fourth questionnaire, select a parser from multiple parsers based on the format of the fourth questionnaire; and
parse the fourth questionnaire to generate, for each question of the fourth questionnaire, a corresponding question definition.
19.	(Currently Amended) The non-transitory computer-readable storage medium of claim 14, the operations further comprising:
receiving
generating the fifth questionnaire based on one or more question definitions of the fourth questionnaire having an active status; and
providing the fifth questionnaire to the first entity.

21.	(Currently Amended) A system for providing a first questionnaire associated with vendor risk management of a first entity having a relationship with a second entity as a vendor of the first entity, the system comprising:
a memory; and
one or more processors coupled to the memory, the one or more processors configured to:

perform a matching operation between the first question data and second question data associated with a second question of a second questionnaire, the second questionnaire corresponding to the second entity;
based on a result of the matching operation indicating a match between the first question data and the second question data, generate a mapping between the first question and the second question; 
in response to identification of a response to the second question provided by the second entity, populate, based on the match between the first question data and the second question data, the first questionnaire with the response to the second question as a response to the first question on behalf of the second entity; 
after population of the response to the first question with the response to the second question, determine a level of cybersecurity of the second entity for a cybersecurity category associated with the first question of the first questionnaire, the level of cybersecurity determined from at least one of a plurality of available levels, the plurality of available levels comprising a first level associated with low risk, a second level associated with medium risk, and a third level associated with high risk; and

22.	(Currently Amended) The system of claim 21, the one or more processors further configured to: 
generate a visual representation that depicts [[the]] relationships between the first entity and the second entity and between the first entity and each of one or more additional vendors; and
wherein the visual representation comprises, for the second entity, an indication of a cybersecurity rating, an indication of an industry cybersecurity percentile ranking, an indication of a number of questionnaires sent from the first entity to the second entity for response, an indication of a number of questionnaires sent from the second entity to the first entity for response, one or more tag, or a combination thereof.
23.	(Currently Amended) The system of claim 21, the one or more processors further configured to: 
generate a visual representation that depicts [[the]] relationships between the first entity and the second entity and between the first entity and each of one or more additional vendors
receive a filter input associated with the visual representation; and 
in response to the filter input, modify the visual representation to depict one or more relationships, based on the filtered input, between the first entity and one or more other entities. 

generate a visual representation that depicts [[the]] relationships between the first entity and the second entity and between the first entity and each of one or more additional vendors;
receive a selection, via the visual representation, of the second entity; and 
generate a second visual representation that indicates information associated with each questionnaire sent from the first entity to the second entity for response, information associated with each questionnaire sent from the second entity to the first entity for response, or both.

--

Allowed Claims
In light of applicant’s arguments/amendments and the examiner amendment authorized by applicant’s representative claims 1-24 are allowed.


Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on statement of Reasons for Allowance”.



If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571) 272-3839. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300. Any inquiry of a general nature or relating to the status of this application or proceeding should be directed to the Group receptionist whose telephone number is (571) 272-1600.
/PIOTR POLTORAK/     Primary Examiner, Art Unit 2433