US Patent 11792222 Automated risk assessment module with real-time compliance monitoring

Techniques are disclosed for usage-tracking of various information security (InfoSec) entities for tenants/organization onboarded on an instant multi-tenant security assurance platform. The InfoSec entities include policies, procedures, controls and evidence tasks. A policy or procedure is enforced by implementing one or more controls, and the collection of one or more evidence tasks proves/verifies the implementation of a control. The InfoSec entities are linked to each other across the platform and accrue a number of benefits for the tenants. These include generating a security questionnaire response (SQR), defining a readiness project and an audit project, sharing InfoSec entities encompassing the various products of a tenant, automating risk assessment, automatic collection of evidence tasks for verifying the implementation and/or operational state/status of various mitigating controls, etc.