Claims:
WE CLAIM:
1. A method for validating compliance of an information technology (IT) asset of an organization to a regulatory guideline, the method comprising:
accessing, by a validation system, raw data from a plurality of data sources, wherein the raw data comprises at least one of an operation data, an IT asset data, a regulatory intelligence data, and a regulatory reference data;
processing, by the validation system, the raw data to extract one or more regulatory parameters;
analyzing, by the validation system, the one or more regulatory parameters using one or more artificial intelligence computing processes to assess at least one of a regulatory risk and a corresponding regulatory impact; and
validating, by the validation system, the compliance of the IT asset to the regulatory guideline based on the at least one of the regulatory risk and the corresponding regulatory impact.

2. The method of claim 1, wherein the operation data comprises at least one of a socioeconomic data, a biomedical data, a genetic data, an environmental data, a medical data, a clinical research data, a financial data, and an expense data.

3. The method of claim 1, wherein the IT asset data comprises at least one of a type of operating system, a proprietary computing process, a third-party computing process, a database, an information security process, an information backup process, a network infrastructure, and a storage infrastructure, and wherein the IT asset comprises at least one of a research and development system, a laboratory information management system, a regulatory submission and management system, a technical operation system, a manufacturing execution system, an enterprise resource planning system, a quality management system, a sales and marketing system, a promotion compliance system, a finance system, a legal system, and a customer engagement system.

4. The method of claim 1, wherein the regulatory intelligence data comprises information with respect to change in at least one of a law, a regulation, a directive, and a guidance in an industrial sector to which the organization belongs.

5. The method of claim 1, wherein the regulatory reference data comprises at least one of a good automated manufacturing practice (GAMP) guideline, a food and drug administration (FDA) guideline, an international standard organization (ISO) guideline, and an international council on harmonization of technical requirements for registration of pharmaceuticals for human use (ICH) guideline.

6. The method of claim 1, wherein processing the raw data comprises:
integrating the raw data from the plurality of data sources by at least one of a correction and a normalization; and
correlating the integrated data to extract the one or more regulatory parameters.

7. The method of claim 6, further comprising:
indexing the one or more regulatory parameters; and
storing the one or more indexed regulatory parameters for subsequent search and retrieval.

8. The method of claim 6, further comprising:
ranking the one or more regulatory parameters based on at least one of a geographical risk, a type of risk according to the regulatory guideline, a number of incidents corresponding to the IT asset, and a historical compliance detail of the IT asset.

9. The method of claim 1, wherein processing the raw data comprises performing a regulatory assessment of the raw data based on at least one of a technology, an industry requirement, an intent of use, and a criticality.

10. The method of claim 9, further comprising:
presenting the regulatory assessment for manual validation.

11. The method of claim 1, wherein analyzing the one or more regulatory parameters comprises performing a qualitative assessment of the one or more regulatory parameters based on a set of rules.

12. The method of claim 1, wherein analyzing the one or more regulatory parameters comprises deriving at least one of a risk mitigation strategy based on the at least one of the regulatory risk and the corresponding regulatory impact for compliance control.

13. The method of claim 12, wherein the at least one of the risk mitigation strategy comprises at least one of a regulation, a policy, a standard operating procedure, a work instruction, a qualification, a protocol, and an organizational structure.

14. The method of claim 12, further comprising:
rendering recommendations based on the at least one of the risk mitigation strategy for an identified non-compliance upon validation.

15. The method of claim 1, wherein analyzing the one or more regulatory parameters comprises performing a predictive analysis of the one or more regulatory parameters to:
assess at least one of a potential regulatory risk;
derive at least one of a corresponding risk mitigation strategy for the at least one of the potential regulatory risk; and
validate the at least one of the potential regulatory risk and the at least one of the corresponding risk mitigation strategy.

16. A system for validating compliance of an information technology (IT) asset of an organization to a regulatory guideline, the system comprising:
at least one processor; and
a memory for storing instructions that, when executed by the at least one processor, cause the at least one processor to perform operations comprising:
accessing raw data from a plurality of data sources, wherein the raw data comprises at least one of an operation data, an IT asset data, a regulatory intelligence data, and a regulatory reference data;
processing the raw data to extract one or more regulatory parameters;
analyzing the one or more regulatory parameters using one or more artificial intelligence computing processes to assess at least one of a regulatory risk and a corresponding regulatory impact; and
validating the compliance of the IT asset to the regulatory guideline based on the at least one of the regulatory risk and the corresponding regulatory impact.

17. The system of claim 16, wherein processing the raw data comprises:
integrating the raw data from the plurality of data sources by at least one of a correction and a normalization; and
correlating the integrated data to extract the one or more regulatory parameters.

18. The system of claim 17, wherein the operations further comprise:
indexing the one or more regulatory parameters, and storing the one or more indexed regulatory parameters for subsequent search and retrieval; or
ranking the one or more regulatory parameters based on at least one of a geographical risk, a type of risk according to the regulatory guideline, a number of incidents corresponding to the IT asset, and a historical compliance detail of the IT asset.

19. The system of claim 16, wherein processing the raw data comprises performing a regulatory assessment of the raw data based on at least one of a technology, an industry requirement, an intent of use, and a criticality, and wherein the operations further comprise presenting the regulatory assessment for manual validation.

20. The system of claim 16, wherein analyzing the one or more regulatory parameters comprises performing a qualitative assessment of the one or more regulatory parameters based on a set of rules.

21. The system of claim 16, wherein analyzing the one or more regulatory parameters comprises deriving at least one of a risk mitigation strategy based on the at least one of the regulatory risk and the corresponding regulatory impact for compliance control, and wherein the at least one of the risk mitigation strategy comprises at least one of a regulation, a policy, a standard operating procedure, a work instruction, a qualification, a protocol, and an organizational structure.

22. The system of claim 21, wherein the operations further comprise rendering recommendations based on the at least one of the risk mitigation strategy for an identified non-compliance upon validation.

23. The system of claim 16, wherein analyzing the one or more regulatory parameters comprises performing a predictive analysis of the one or more regulatory parameters to:
assess at least one of a potential regulatory risk;
derive at least one of a corresponding risk mitigation strategy for the at least one of the potential regulatory risk; and
validate the at least one of the potential regulatory risk and the at least one of the corresponding risk mitigation strategy.

Dated this 16th day of January 2017

Swetha SN
Of K&S Partners
Agent for the Applicant
, Description:TECHNICAL FIELD
This disclosure relates generally to regulatory compliance, and more particularly to a method and system for validating compliance of an information technology (IT) asset of an organization to a regulatory guideline.