Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION

This Office Action is sent in response to Application’s Communication received on 03/24/2022 for application number 17/149389. The Office hereby acknowledges receipt of the following and placed of record in file: Specification, Drawing, Abstract, Oath/Declaration, and Claims.
Claims (1-3) are presented for examination.

Double Patenting

The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  
Claims 1 and 2 are rejected on the ground of nonstatutory double patenting over claim 1 and 2 of copending Application 16669707 since the subject matter claimed in the claims 1 and 2 of the instant application is directed to the same common subject matter in the claims 1 and 2 of copending Application 16669707.
The co-pending application anticipates the claims of the instant application, both applications are directed to an enterprise system with a template management module, questionnaire management module and risk assessment module for performing risk assessment. The co-pending application anticipates the claims of the instant application, wherein the limitations are directed to a GUI, custom data field and risk levels.
The instant Application
16669707
Comment
Claim 1.
A method for determining risk levels associated with vendors and/or software or service providers, the method comprising the steps of: 


causing to display, by a processor of an enterprise system, one or more graphical user interfaces (GUIs) associated with one or more risk assessment modules, the risk assessment modules comprising one or more members selected from the group consisting of: 




10(i) a template management module (e.g., modify template module) for managing questionnaire templates; 


(ii) a questionnaire management module (e.g., questionnaire library module) for managing questionnaires;


 (iii) a start risk assessment module for performing a new risk assessment; 


15(iv) a continue risk assessment module for continuing an existing risk assessment; 



and (v) an assessment viewing module for managing completed assessments; 




receiving, by a processor of an enterprise system, a first input from a first client (e.g., said first client having been authorized to access the enterprise system, e.g., said first client being one member of a network of subscribed clients), the first input comprising instructions to access a 20selected module of the one or more risk assessment modules; 





receiving, by the processor of the enterprise system, subsequent input from the first client specific to the selected risk assessment module; 





and updating, in a memory of the enterprise system, risk assessments information stored in association with the first client, based on the subsequent input; 




25wherein the questionnaire management module is configured to define a scoring system for questions in a questionnaire. 
Claim 1.
A method for determining risk levels associated with vendors and/or software or service providers, the method comprising the steps of: 


causing to display, by a processor of an enterprise system, one or more graphical user interfaces (GUIs) associated with one or more risk assessment modules, the risk assessment modules comprising executable code executed by the processor, the risk assessment modules further comprising one or more members selected from the group consisting of: 

(i) a template management module for managing questionnaire templates; 




(ii) a questionnaire management module for managing questionnaires; 




(iii) a start risk assessment module for performing a new risk assessment; 


(iv) a continue risk assessment module for continuing an existing risk assessment; 



and (v) an assessment viewing module for managing completed assessments; providing to a user a workspace GUI; 



receiving, by a processor of an enterprise system, a first input from a first client, the first input comprising instructions to access a selected module of the one or more risk assessment modules; selecting, by the user via the workspace GUI, one or more contributors; receiving, by the processor of the enterprise system, a subsequent input from the first client specific to the selected risk assessment module, the subsequent input comprising custom data field information for an inherent risk assessment, the custom data field information including selection of the one or more contributors; [[and]] updating, in a memory of the enterprise system, risk assessments information stored in association with the first client, based on the subsequent input; answering, by at least one of the one or more contributors, at least one question by providing a discrete risk rating in response to each question, each discrete risk rating having a color associated with it, wherein for each question, the workspace GUI comprises a button displayed next to the name of each contributor; and 10829799v1Application No. 16/669,7073Docket No.: 2010918-0019 rendering, by the processor, the color of the button to match the color of the associated risk rating corresponding to the associated question as a result of each question answered by a contributor, wherein the risk assessment module is configured to define a rating scale, define one or more scoring formats, and/or define one or more mitigating questions in a questionnaire.








The co-pending application anticipates the claims of the instant application, both applications are directed to an enterprise system with a template management module, questionnaire management module and risk assessment module for performing risk assessment.
Claim 2.
wherein the method comprises providing to a user a create questionnaire GUI, wherein a subsequent input comprises custom data field information for a 30risk assessment, the custom data field information including one or more risk score ranges
Claim 2.
wherein the method comprises providing to a user a risk level settings GUI, and wherein a subsequent input comprises custom data field information for a risk assessment, the custom data field information including one or more risk level settings.
The co-pending application anticipates the claims of the instant application, wherein the limitations are directed to a GUI, custom data field and risk levels.




Claims 1 and 2 are rejected on the ground of nonstatutory double patenting over claim 1 and 2 of copending Application 15796221 since the subject matter claimed in the claims 1 and 2 of the instant application is directed to the same common subject matter in the claims 1 and 2 of copending Application 15796221.
The co-pending application anticipates the claims of the instant application, both applications are directed to an enterprise system with a template management module, questionnaire management module and risk assessment module for performing risk assessment. The co-pending application anticipates the claims of the instant application, wherein the limitations are directed to a GUI, custom data field and risk levels.
The instant Application
15796221
Comment
Claim 1.
A method for determining risk levels associated with vendors and/or software or service providers, the method comprising the steps of: 


causing to display, by a processor of an enterprise system, one or more graphical user interfaces (GUIs) associated with one or more risk assessment modules, the risk assessment modules comprising one or more members selected from the group consisting of: 




10(i) a template management module (e.g., modify template module) for managing questionnaire templates; 


(ii) a questionnaire management module (e.g., questionnaire library module) for managing questionnaires;


 (iii) a start risk assessment module for performing a new risk assessment; 




15(iv) a continue risk assessment module for continuing an existing risk assessment; 



and (v) an assessment viewing module for managing completed assessments; 




receiving, by a processor of an enterprise system, a first input from a first client (e.g., said first client having been authorized to access the enterprise system, e.g., said first client being one member of a network of subscribed clients), the first input comprising instructions to access a 20selected module of the one or more risk assessment modules; 





receiving, by the processor of the enterprise system, subsequent input from the first client specific to the selected risk assessment module; 





and updating, in a memory of the enterprise system, risk assessments information stored in association with the first client, based on the subsequent input; 




25wherein the questionnaire management module is configured to define a scoring system for questions in a questionnaire. 
Claim 1. 
A method for determining risk levels associated with vendors and/or software or service providers, the method comprising the steps of: 


causing to display, by a processor of an enterprise system, one or more graphical user interfaces (GUIs) associated with one or more risk assessment modules, the risk assessment modules comprising one or more members selected from the group consisting of: 





(i) a template management module for managing questionnaire templates; 




(ii) a questionnaire management module for managing questionnaires; 






(iii) a start risk assessment module for performing a new risk assessment; (iii) a continue risk assessment module for continuing an existing risk assessment; 

(iv) an assessment viewing module for managing completed assessments; and receiving, by a processor of an enterprise system, a first input from a first client, the first input comprising instructions to access a selected module of the one or more risk assessment modules; receiving, by the processor of the enterprise system, subsequent input from the first client specific to the selected risk assessment module; and updating, in a memory of the enterprise system, risk assessments information stored in association with the first client, based on the subsequent input








The co-pending application anticipates the claims of the instant application, both applications are directed to an enterprise system with a template management module, questionnaire management module and risk assessment module for performing risk assessment.
Claim 2.
wherein the method comprises providing to a user a create questionnaire GUI, wherein a subsequent input comprises custom data field information for a 30risk assessment, the custom data field information including one or more risk score ranges
Claim 2.
wherein the first input comprises Page 2 of 14 9728413v1Docket No.: 2010918-0012 instructions to access the template management module, and wherein a subsequent input comprises custom data field information for a questionnaire template, the custom data field information including global risk settings, risk levels, and/or answer format
The co-pending application anticipates the claims of the instant application, wherein the limitations are directed to a GUI, custom data field and risk levels.



Claim Rejections - 35 USC § 102

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1-3 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Wilcox et al. US Patent Application Publication US 20150242776 A1 (hereinafter Wilcox).
Regarding claim 1, Wilcox teaches A method for determining risk levels associated with vendors and/or software or service providers, the method comprising the steps of: causing to display, by a processor of an enterprise system, one or more graphical user interfaces (GUIs) associated with one or more risk assessment modules, the risk assessment modules comprising one or more members selected from the group consisting of ([0045-0047], [0060], [0108] wherein Wilcox describes a system with multiple functionalities with GUI and operable modules for processing a risk assessment dedicated to software) 10(i) a template management module (e.g., modify template module) for managing questionnaire templates ([0043], [0068], [0071], [0075] wherein Wilcox incorporates a component for receiving a set of questions, multiple choice questions sets and triggered questions sets) (ii) a questionnaire management module (e.g., questionnaire library module) for managing questionnaires ([0068-0071], [0074-0075] wherein Wilcox incorporates a transaction risk assessor and aggregator and management, categorization, and scoring of question sets) (iii) a start risk assessment module for performing a new risk assessment ([0051], [0074], [0111], [0119] wherein Wilcox describes receiving requests to perform new and additional risk assessments for a particular vendor) (iv) a continue risk assessment module for continuing an existing risk assessment [0045], [0076-0078] wherein Wilcox describes a risk aggregator and functions that include aggregating a new assessment and processing risk assessments for a vendor and continue a risk assessment for the vendor) and (v) an assessment viewing module for managing completed assessments ([0045-0046], [0083], [0084] wherein Wilcox incorporates vendor profiles including viewable risk assessments completed for the vendor) receiving, by a processor of an enterprise system, a first input from a first client (e.g., said first client having been authorized to access the enterprise system, e.g., said first client being one member of a network of subscribed clients), the first input comprising instructions to access a 20selected module of the one or more risk assessment modulesselected module of the one or more risk assessment modules ([0045-0047], [0060], [0108] wherein Wilcox implements system functionality via dedicated GUI' s and operable modules wherein the system provides tools for accessing risk assessment functions) receiving, by the processor of the enterprise system, subsequent input from the first client specific to the selected risk assessment module (FIG. 1 and [0045-0047], [0060], [0108] wherein Wilcox describes a system functionality implemented via dedicated GUI's to access operable modules) and updating, in a memory of the enterprise system, risk assessments information stored in association with the first client, based on the subsequent input ([0045], [0055], [0083-0085] wherein Wilcox’s administrative computer interacts with stored vendor profile assessment information including stored risk assessments. Any computer accessing the system is reasonably a form of "client") wherein the questionnaire management module is configured to define a scoring system for questions in a questionnaire ([0059], [0068-0072], [0077] Wherein Wilcox process the questionnaire questions/answers and assess the risk levels, scoring and ratings for a vendor and transactions and provide mitigating actions)
Regarding claim 2, Wilcox teaches wherein the method comprises providing to a user a create questionnaire GUI, wherein a subsequent input comprises custom data field information for a 30risk assessment, the custom data field information including one or more risk score ranges ([0071] [0072] [0083-0084] wherein Wilcox incorporates risk scoring, thresholds, and ranges settings for vendors).
Regarding claim 3, Wilcox teaches wherein the method comprises providing to a user a review response GUI, wherein a subsequent input comprises custom data field information for a risk assessment, the custom data field information including one or more score points for one or more questions in a questionnaire ([0065-0068] wherein Wilcox provides a starting point for evaluating different categories of data and element and determines responses to a series of questions related to a vendor. See the score associated with certain questions), ([0081], [0096] please see the validation of the risks captured in the transactions and the control function for text check).

Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN MRABI whose telephone number is (571)272-8875. The examiner can normally be reached on Monday-Friday, 7:30am-5pm Alt, Friday EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Scott Baderman can be reached on 571-272-3644.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HASSAN MRABI/Examiner, Art Unit 2144