Experimentation in software engineering: an introduction
Experimentation in software engineering: an introduction
Modelling strategic relationships for process reengineering
Modelling strategic relationships for process reengineering
Implementing Rule-Based Monitors within a Framework for Continuous Requirements Monitoring
HICSS '05 Proceedings of the Proceedings of the 38th Annual Hawaii International Conference on System Sciences - Volume 07
Fundamental legal concepts: a formal and teleological characterisation
Artificial Intelligence and Law
RE '08 Proceedings of the 2008 16th IEEE International Requirements Engineering Conference
Analysis of Multi-Party Agreement in Requirements Validation
RE '09 Proceedings of the 2009 17th IEEE International Requirements Engineering Conference, RE
Towards a framework for tracking legal compliance in healthcare
CAiSE'07 Proceedings of the 19th international conference on Advanced information systems engineering
Extending argumentation to goal-oriented requirements engineering
ER'07 Proceedings of the 2007 conference on Advances in conceptual modeling: foundations and applications
Checking Existing Requirements for Compliance with Law Using a Production Rule Model
RELAW '09 Proceedings of the 2009 Second International Workshop on Requirements Engineering and Law
Modeling, Analyzing and Weaving Legal Interpretations in Goal-Oriented Requirements Engineering
RELAW '09 Proceedings of the 2009 Second International Workshop on Requirements Engineering and Law
Argument-Driven Validation of Computer Simulations - A Necessity, Rather than an Option
VALID '10 Proceedings of the 2010 Second International Conference on Advances in System Testing and Validation Lifecycle
A Method for Identifying Software Requirements Based on Policy Commitments
RE '10 Proceedings of the 2010 18th IEEE International Requirements Engineering Conference
Establishing regulatory compliance for software requirements
ER'11 Proceedings of the 30th international conference on Conceptual modeling
Risk and argument: A risk-based argumentation method for practical security
RE '11 Proceedings of the 2011 IEEE 19th International Requirements Engineering Conference
| Hi-index | 0.00 |
A software system complies with a regulation if its operation is consistent with the regulation under all circumstances. The importance of regulatory compliance for software systems has been growing, as regulations are increasingly impacting both the functional and non-functional requirements of legacy and new systems. HIPAA and SOX are recent examples of laws with broad impact on software systems, as attested by the billions of dollars spent in the US alone on compliance. In this paper we propose a framework for establishing regulatory compliance for a given set of software requirements. The framework assumes as inputs models of the requirements (expressed in i*) and the regulations (expressed in Nomos). In addition, we adopt and integrate with i* and Nomos a modeling technique for capturing arguments and establishing their acceptability. Given these, the framework proposes a systematic process for revising the requirements, and arguing through a discussion among stakeholders that the revisions make the requirements compliant. A pilot industrial case study involving fragments of the Italian regulation on privacy for Electronic Health Records provides preliminary evidence of the framework's adequacy and indicates directions for further improvements.