Establishing regulatory compliance for software requirements

Authors:
Silvia Ingolfo;Alberto Siena;John Mylopoulos
Affiliations:
University of Trento, Trento, Italy;University of Trento, Trento, Italy;University of Trento, Trento, Italy
Venue:
ER'11 Proceedings of the 30th international conference on Conceptual modeling
Year:
2011

Citing 10
Cited 2

Modelling strategic relationships for process reengineering

Modelling strategic relationships for process reengineering
Implementing Rule-Based Monitors within a Framework for Continuous Requirements Monitoring

HICSS '05 Proceedings of the Proceedings of the 38th Annual Hawaii International Conference on System Sciences - Volume 07
Fundamental legal concepts: a formal and teleological characterisation

Artificial Intelligence and Law
Using Goal-Oriented Requirements Engineering for Improving the Quality of ISO/IEC 15504 based Compliance Assessment Frameworks

RE '08 Proceedings of the 2008 16th IEEE International Requirements Engineering Conference
Analysis of Multi-Party Agreement in Requirements Validation

RE '09 Proceedings of the 2009 17th IEEE International Requirements Engineering Conference, RE
Towards a framework for tracking legal compliance in healthcare

CAiSE'07 Proceedings of the 19th international conference on Advanced information systems engineering
Extending argumentation to goal-oriented requirements engineering

ER'07 Proceedings of the 2007 conference on Advances in conceptual modeling: foundations and applications
Checking Existing Requirements for Compliance with Law Using a Production Rule Model

RELAW '09 Proceedings of the 2009 Second International Workshop on Requirements Engineering and Law
Argument-Driven Validation of Computer Simulations - A Necessity, Rather than an Option

VALID '10 Proceedings of the 2010 Second International Conference on Advances in System Testing and Validation Lifecycle
A Method for Identifying Software Requirements Based on Policy Commitments

RE '10 Proceedings of the 2010 18th IEEE International Requirements Engineering Conference

Law and adaptivity in requirements engineering

Proceedings of the 8th International Symposium on Software Engineering for Adaptive and Self-Managing Systems
Arguing regulatory compliance of software requirements

Data & Knowledge Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

A software system complies with a regulation if its operation is consistent with the regulation under all circumstances. The importance of regulatory compliance for software systems has been growing, as regulations are increasingly impacting both the functional and nonfunctional requirements of legacy and new systems. HIPAA and SOX are recent examples of laws with broad impact on software systems, as attested by the billions of dollars spent in the US alone on compliance. In this paper we propose a framework for establishing regulatory compliance for a given set of software requirements. The framework assumes as inputs models of the requirements (expressed in i*) and the regulations (expressed in Nòmos). In addition, we adopt and integrate with i* and Nòmos a modeling technique for capturing arguments and establishing their acceptability. Given these, the framework proposes a systematic process for revising the requirements, and arguing through a discussion among stakeholders that the revisions make the requirements compliant. Our proposed framework is illustrated through a case study involving fragments of the HIPAA regulation.