Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Information Disclosure Statement
The information disclosure statement (IDS) submitted on 6/4/20 was filed after the mailing date of the application on 6/4/20.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
The information disclosure statement (IDS) submitted on 9/10/20 was filed after the mailing date of the application on 6/4/20.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
The information disclosure statement (IDS) submitted on 3/30/21 was filed after the mailing date of the application on 6/4/20.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-6, 8, 10-11 and 13-17 are rejected under 35 U.S.C. 103 as being unpatentable over Harris (US Patent Pub. 20140324517) in view of Le Rudulier (US Patent Pub. 20170228558).


As per claims 1 and 16-17: Harris discloses a system for analyzing risk data for a plurality of organizational networks, the system comprising (see abstract):
at least one risk assessment processor in communication with the plurality of organizational networks, wherein the at least one risk assessment processor is configured to monitor organizational risk associated with each organizational network (See Abstract; A method for assessing risks and efficiencies based on enterprise communications information may include: collecting information from digital data tools over at least one computer network (or a plurality of networks) into a storage database in a computer memory);
at least one non-volatile storage memory configured to store risk data associated with a plurality of organizational risks, network data associated with each organizational network in the plurality of organizational networks (Paragraph 7; storing the collected information in a database stored in a computer memory and accessing the computer memory using at least one computer processor), and organizational group data defining a plurality of organizational groups, wherein each organizational group is associated with at least one of the organizational networks in the plurality of organizational networks (Paragraph 48; this data may be data defined by the enterprise. For example, this data may include information about the employee's roles and duties in the enterprise's organizational chart, the employee's personal information such as contact information, the employee digital access rights, the employee's location data, or the enterprise's governance structures. In another aspect of the invention, this data may be data that is collected from the employee);
wherein the at least one risk assessment processor is configured to provide a risk assessment platform that is remotely accessible by a plurality of administrator devices, the plurality of administrator devices including at least one administrator device associated with each of the organizational networks (Paragraph 68; analysts may enter queries into a user interface through client systems 30 or host system 10 and based on output from the communication data analysis and processing system 100, the business impact engine 240 may provide a visual response to the analyst queries. Based on the research and analysis conducted by the other components, the business impact engine 240 may propose reconfigurations of resources to enhance efficiency and/or reduce risk within the business structure);
Harris does not specifically disclose the risk assessment platform defines an organizational group interface accessible by each of the administrator devices, wherein the organizational group interface: enables each administrator device to associate one or more organizational groups with the organizational network associated with that administrator device; and for a particular organizational group, provides each administrator device associated with each organizational network associated with that particular organizational group with access to shared risk data from a plurality of sharing organizational networks associated with the particular organizational group, wherein the shared risk data includes internal risk data from each of the organizational networks in the plurality of sharing organizational networks, and the plurality of sharing organizational networks includes a plurality of unrelated organizational networks.
	Le Rudulier discloses each individual with a particular job title or place within an organizational chart may have different delegation risks. In some cases, the delegation risk may be the risk of an individual within the organization exposing confidential information to an unauthorized person. By providing a delegation risk score, an administrator may assign tasks and permissions based on other criteria than job title, organization chart or group/team membership, as each individual regardless of title is different (Paragraph 38).
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains, having the teachings of Harris and Le Rudulier in it’s entirety, to modify the technique of Harris for assessing risks and efficiencies based on enterprise communications information by adopting Le Rudulier 's teaching for generate individual delegation risk scores to each candidate individual to assist in the delegation of tasks throughout an organization. The motivation would have been to improve analyzing risk data for a plurality of organizational networks.
As per claim 2: The system of claim 1, wherein the at least one risk assessment processor is configured to:
define the plurality of organizational groups to include a plurality of sector-specific groups, wherein each sector-specific group corresponds to a specific organizational sector; define sector-specific risk assessment templates for each of the specific organizational sectors (Paragraph 48; this data may be data defined by the enterprise. For example, this data may include information about the employee's roles and duties in the enterprise's organizational chart, the employee's personal information such as contact information, the employee digital access rights, the employee's location data, or the enterprise's governance structures. In another aspect of the invention, this data may be data that is collected from the employee);
 define the organizational group interface to:
enable each administrator device to associate one or more sector-specific organizational groups with the organizational network associated with that administrator device, wherein the one or more sector-specific organizational groups correspond to the specific organizational sector of the organizational network associated with that administrator device (See Le Rudulier; Paragraph 38; each individual with a particular job title or place within an organizational chart may have different delegation risks. In some cases, the delegation risk may be the risk of an individual within the organization exposing confidential information to an unauthorized person. By providing a delegation risk score, an administrator may assign tasks and permissions based on other criteria than job title, organization chart or group/team membership, as each individual regardless of title is different); and 
for each sector-specific organizational group, provide each administrator device associated with each organizational network associated with that sector-specific organizational group with the sector-specific risk templates associated with the specific organizational sector that corresponds to that sector- specific organizational group (See Le Rudulier; Paragraph 38; each individual with a particular job title or place within an organizational chart may have different delegation risks. In some cases, the delegation risk may be the risk of an individual within the organization exposing confidential information to an unauthorized person. By providing a delegation risk score, an administrator may assign tasks and permissions based on other criteria than job title, organization chart or group/team membership, as each individual regardless of title is different). 
As per claim 3: The system of claim 2, wherein the organizational group interface defines, for each sector-specific organizational group, a data steam of sector-specific risk data for the specific organizational sector that corresponds to that sector- specific organizational group, wherein the data stream of sector-specific risk data comprises a real-time or near-real-time stream of risk data related to risks common to organizational networks within that specific organizational sector (See Le Rudulier; Paragraph 38; each individual with a particular job title or place within an organizational chart may have different delegation risks. In some cases, the delegation risk may be the risk of an individual within the organization exposing confidential information to an unauthorized person. By providing a delegation risk score, an administrator may assign tasks and permissions based on other criteria than job title, organization chart or group/team membership, as each individual regardless of title is different). 
As per claim 4: The system of claim 3, wherein, for each sector-specific organizational group, the organizational group interface provides a risk sharing interface that enables each administrator device associated with that sector-specific organizational group to link internal sector-specific risk data to the data stream of sector-specific risk data whereby the data stream of sector-specific risk data includes the linked internal sector-specific risk data (See Le Rudulier; Paragraph 38; each individual with a particular job title or place within an organizational chart may have different delegation risks. In some cases, the delegation risk may be the risk of an individual within the organization exposing confidential information to an unauthorized person. By providing a delegation risk score, an administrator may assign tasks and permissions based on other criteria than job title, organization chart or group/team membership, as each individual regardless of title is different).
As per claim 5: The system of claim 4, wherein the at least one risk assessment processor is configured to remove confidential data from the internal sector-specific risk data linked to the data stream of sector-specific risk data (Paragraph 47; the delegation risk score may represents a risk that an unauthorized person may obtain access to confidential information associated with the task as a result of assigning the candidate individual. The delegation risk scores may then be utilized to at least in part assign the task to one of the candidate individuals).
As per claim 6: The system of claim 5, wherein the at least one risk assessment processor is configured to: 
identify the confidential data from the internal sector-specific risk data linked to the data stream of sector-specific risk data; and automatically remove the identified confidential data prior to the internal sector-specific risk data being included in the data stream of sector- specific risk data (Paragraph 47; the delegation risk score may represents a risk that an unauthorized person may obtain access to confidential information associated with the task as a result of assigning the candidate individual. The delegation risk scores may then be utilized to at least in part assign the task to one of the candidate individuals).
As per claim 8: The system of claim 3, wherein for each sector-specific group 
the at least one risk assessment processor is configured to identify popular risk data for the specific organizational sector corresponding to that sector-specific group, wherein the popular risk data is identified based on risk data interactions from the organizational networks corresponding to the specific organizational sector; and the data steam of sector-specific risk data includes the identified popular risk data corresponding to the specific organizational sector (See Le Rudulier; Paragraph 38; each individual with a particular job title or place within an organizational chart may have different delegation risks. In some cases, the delegation risk may be the risk of an individual within the organization exposing confidential information to an unauthorized person. By providing a delegation risk score, an administrator may assign tasks and permissions based on other criteria than job title, organization chart or group/team membership, as each individual regardless of title is different).
As per claim 10: The system of claim 9, wherein the at least one risk assessment processor is configured to: 
identify a plurality of mitigating organizational networks from the plurality of organizational networks associated with the particular sector-specific group, wherein the plurality of mitigating organizational networks are the organizational networks associated with the particular sector-specific group implementing the collective risk mitigation action (Paragraph 48; this data may be data defined by the enterprise. For example, this data may include information about the employee's roles and duties in the enterprise's organizational chart, the employee's personal information such as contact information, the employee digital access rights, the employee's location data, or the enterprise's governance structures. In another aspect of the invention, this data may be data that is collected from the employee); and
 notify the administrator devices associated with each organizational network associated with that particular sector-specific group of the plurality of mitigating organizational networks (See Le Rudulier; Paragraph 38; each individual with a particular job title or place within an organizational chart may have different delegation risks. In some cases, the delegation risk may be the risk of an individual within the organization exposing confidential information to an unauthorized person. By providing a delegation risk score, an administrator may assign tasks and permissions based on other criteria than job title, organization chart or group/team membership, as each individual regardless of title is different).
As per claim 11: The system of claim 1, wherein: the organizational group interface enables each administrator device to share internal risk data with the one or more organizational groups associated with the organizational network associated with that administrator device; and the at least one risk assessment processor is configured to remove confidential data from the internal risk data shared by each of the administrator devices (Paragraph 47; the delegation risk score may represents a risk that an unauthorized person may obtain access to confidential information associated with the task as a result of assigning the candidate individual. The delegation risk scores may then be utilized to at least in part assign the task to one of the candidate individuals).
As per claim 13: The system of claim 1, wherein:
the network data comprises a plurality of organizational profiles corresponding to the plurality of organizational networks; and the at least one risk assessment processor is configured to: identify a plurality of similar organizational networks, wherein each similar organizational network has a similar organizational profile; and automatically assign the plurality of similar organizational networks to one of the organizational groups (Paragraph 48; this data may be data defined by the enterprise. For example, this data may include information about the employee's roles and duties in the enterprise's organizational chart, the employee's personal information such as contact information, the employee digital access rights, the employee's location data, or the enterprise's governance structures. In another aspect of the invention, this data may be data that is collected from the employee).
As per claim 14: The system of claim 1, wherein the organizational group interface: 
enable each administrator device to transmit an organizational group invitation to an additional computing devices associated with an additional organizational network, wherein the organizational group invitation corresponds to a selected organizational group in the plurality of organizational groups, and the organizational group invitation enables the additional computing device to access the organizational group interface for the selected organizational group (Paragraph 48; this data may be data defined by the enterprise. For example, this data may include information about the employee's roles and duties in the enterprise's organizational chart, the employee's personal information such as contact information, the employee digital access rights, the employee's location data, or the enterprise's governance structures. In another aspect of the invention, this data may be data that is collected from the employee).
As per claim 15: The system of claim 1, wherein for each organizational network in at least one of the organizational networks, the at least one risk assessment processor is configured to monitor the organizational risk associated with that organizational network by transmitting a risk data request to each of the user devices in the plurality of user devices associated with that organizational network (See Abstract; A method for assessing risks and efficiencies based on enterprise communications information may include: collecting information from digital data tools over at least one computer network (or a plurality of networks) into a storage database in a computer memory); 
receiving a plurality of risk data responses from the user devices associated with that organizational network, each risk data response identifying a particular organizational risk and defining a plurality of risk attributes associated with the particular organizational risk (Paragraph 7; storing the collected information in a database stored in a computer memory and accessing the computer memory using at least one computer processor);
for at least one of the particular organizational risks, defining a risk assessment score by generating a risk evaluation template for that particular organizational risk, the risk evaluation template defining a plurality of risk assessment criteria based on the plurality of risk attributes associated with that particular organizational risk (Paragraph 48; this data may be data defined by the enterprise. For example, this data may include information about the employee's roles and duties in the enterprise's organizational chart, the employee's personal information such as contact information, the employee digital access rights, the employee's location data, or the enterprise's governance structures. In another aspect of the invention, this data may be data that is collected from the employee); 
transmitting the risk evaluation template to a plurality of assessment user devices in the plurality of users devices associated with that organizational network (Paragraph 7; storing the collected information in a database stored in a computer memory and accessing the computer memory using at least one computer processor); 
receiving a plurality of risk evaluation responses from the plurality of assessment user devices, each risk evaluation response including user-specific values for the plurality of risk assessment criteria in the risk evaluation template (See Le Rudulier; Paragraph 38; each individual with a particular job title or place within an organizational chart may have different delegation risks. In some cases, the delegation risk may be the risk of an individual within the organization exposing confidential information to an unauthorized person. By providing a delegation risk score, an administrator may assign tasks and permissions based on other criteria than job title, organization chart or group/team membership, as each individual regardless of title is different);
automatically generating a risk assessment score for the particular organizational risk based on the user-specific values in the plurality of risk evaluation responses, the risk assessment score defining an expected organizational impact of that particular organizational risk (See Le Rudulier; Paragraph 38; each individual with a particular job title or place within an organizational chart may have different delegation risks. In some cases, the delegation risk may be the risk of an individual within the organization exposing confidential information to an unauthorized person. By providing a delegation risk score, an administrator may assign tasks and permissions based on other criteria than job title, organization chart or group/team membership, as each individual regardless of title is different); and
transmitting the risk assessment score for the particular organizational risk to at least one of the user devices associated with that organizational network (See Le Rudulier; Paragraph 38).

Claim(s) 7 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Harris (US Patent Pub. 20140324517) in view of Le Rudulier (US Patent Pub. 20170228558) and in view of Ohama (US Patent Pub. 20090077096).


As per claim 7: The system of claim 5, wherein the at least one risk assessment processor is configured to:
identify the confidential data from the internal sector-specific risk data linked to the data stream of sector-specific risk data; and automatically remove the identified confidential data prior to the internal sector-specific risk data being included in the data stream of sector- specific risk data (Paragraph 47; the delegation risk score may represents a risk that an unauthorized person may obtain access to confidential information associated with the task as a result of assigning the candidate individual. The delegation risk scores may then be utilized to at least in part assign the task to one of the candidate individuals).
However, Harris and Le Rudulier do not specifically disclose identify potential confidential data from the internal sector-specific risk data linked to the data stream of sector-specific risk data; generate a data removal prompt for the administrator device prior to including the internal sector-specific risk data in the data stream of sector-specific risk data; receive a removal input from the administrator device in response to the data removal prompt, wherein the removal input identifies selected confidential data from the identified potential confidential data; and remove the selected confidential data prior to the internal sector- specific risk data being included in the data stream of sector-specific risk data (See Ohama; Paragraph 61 remove confidential data in the mobile phone 100, for example, first, a system administrator operates his/her own PC to access a management page of the mobile phone management server (not shown). Then, content of the management page is displayed on a screen of the administrator's terminal. Next, the system administrator pushes a remote removal button on a registered mobile phone list to direct removal of confidential data stored in the mobile phone 100 in concern).
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains, having the teachings of Harris, Le Rudulier and Ohama in it’s entirety, to modify the technique of Harris for assessing risks and efficiencies based on enterprise communications information by adopting Ohama's teaching for remove confidential data. The motivation would have been to improve analyzing risk data for a plurality of organizational networks.
As per claim 12: The system of claim 11, the organizational group interface enables each administrator device to share internal risk data with the one or more organizational groups associated with the organizational network associated with that administrator device; and the at least one risk assessment processor is configured to remove confidential data from the internal risk data shared by each of the administrator devices (Paragraph 47; the delegation risk score may represents a risk that an unauthorized person may obtain access to confidential information associated with the task as a result of assigning the candidate individual. The delegation risk scores may then be utilized to at least in part assign the task to one of the candidate individuals).
However, Harris and Le Rudulier do not specifically disclose wherein the at least one risk assessment processor is configured to, for each administrator device sharing internal risk data: identify potential confidential data from the internal risk data shared by that administrator device; generate a data removal prompt for that administrator device prior to including the internal risk data in the shared risk data accessible to other administrator devices; receive a removal input from that administrator device in response to the data removal prompt, wherein the removal input identifies selected confidential data from the identified potential confidential data; and
remove the selected confidential data prior to the internal risk data being shared with other administrator devices (See Ohama; Paragraph 61 remove confidential data in the mobile phone 100, for example, first, a system administrator operates his/her own PC to access a management page of the mobile phone management server (not shown). Then, content of the management page is displayed on a screen of the administrator's terminal. Next, the system administrator pushes a remote removal button on a registered mobile phone list to direct removal of confidential data stored in the mobile phone 100 in concern).
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains, having the teachings of Harris, Le Rudulier and Ohama in it’s entirety, to modify the technique of Harris for assessing risks and efficiencies based on enterprise communications information by adopting Ohama's teaching for remove confidential data. The motivation would have been to improve analyzing risk data for a plurality of organizational networks.

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Harris (US Patent Pub. 20140324517) in view of Le Rudulier (US Patent Pub. 20170228558) and in view of Boudreau (US Patent Pub. 20180089449).

As per claim 9: The system of claim 2, define the plurality of organizational groups to include a plurality of sector-specific groups, wherein each sector-specific group corresponds to a specific organizational sector; define sector-specific risk assessment templates for each of the specific organizational sectors (Paragraph 48; this data may be data defined by the enterprise. For example, this data may include information about the employee's roles and duties in the enterprise's organizational chart, the employee's personal information such as contact information, the employee digital access rights, the employee's location data, or the enterprise's governance structures. In another aspect of the invention, this data may be data that is collected from the employee).
However, Harris and Le Rudulier do not specifically disclose wherein, for a particular sector-specific group, the at least one risk assessment processor is configured to: identify a collective mitigation action, wherein the collective mitigation action corresponds to an associated sector-specific risk for the specific organizational sector associated with that particular sector-specific group; generate a collective risk mitigation notification corresponding to the collective mitigation actions; and provide the collective risk mitigation notification to each administrator device associated with each organizational network associated with that particular sector-specific group, wherein the collective risk mitigation notification provides an indication of the associated sector- specific risk and the residual risk value associated with the collective mitigation action.
Boudreau discloses determining the various risk rating values as a function of context defined by values of the other risk ratings, including the aspect of FIG. 5, may consider the total risk score in context of (in parallel with) the individual content sender, recipient and reach risk values in selecting and deploying appropriate or optimal risk mitigation responses (Paragraph 84).
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains, having the teachings of Harris, Le Rudulier and Boudreau in it’s entirety, to modify the technique of Harris for assessing risks and efficiencies based on enterprise communications information by adopting Boudreau's teaching for risk mitigation. The motivation would have been to improve analyzing risk data for a plurality of organizational networks.





Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANTHONY D BROWN whose telephone number is (571)270-1472. The examiner can normally be reached 730-330pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ANTHONY D BROWN/Primary Examiner, Art Unit 2433