Choosing Compliance Solutions through Stakeholder Preferences

  • Silvia Ingolfo
  • Alberto Siena
  • Ivan Jureta
  • Angelo Susi
  • Anna Perini
  • John Mylopoulos
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7830)


[Context and motivation] Compliance to relevant laws is increasingly recognized as a critical, but also expensive, quality for software requirements. [Question/Problem] Laws contain elements such as conditions and derogations that generate a space of possible compliance alternatives. During requirements engineering, an analyst has to select one of these compliance alternatives and ensure that the requirements specification she is putting together complies with that alternative. However, the space of such alternatives is often large. [Principal ideas and results] This paper extends Nòmos 2, a modeling framework for laws, to support modeling of and reasoning with stakeholder preferences and priorities. The problem of preferred regulatory compliance is then defined as a problem of finding a compliance alternative that matches best stakeholder preferences. [Contribution] The paper defines the concept of preference between situations and integrates it with the Nòmos 2 modeling language. It also presents a reasoning tool for preferences and illustrates its use with an extract from a use case concerning the Italian law on Electronic Health Record.


Regulatory compliance stakeholder preferences models of law 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases. Addison-Wesley (1995)Google Scholar
  2. 2.
    Alviano, M., Faber, W., Leone, N., Perri, S., Pfeifer, G., Terracina, G.: The disjunctive datalog system DLV. In: de Moor, O., Gottlob, G., Furche, T., Sellers, A. (eds.) Datalog 2010. LNCS, vol. 6702, pp. 282–301. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  3. 3.
    Bray, I.: An Introduction to Requirements Engineering. Addison-Wesley (2002)Google Scholar
  4. 4.
    Breaux, T., Antón, A.: Analyzing regulatory rules for privacy and security requirements. IEEE Trans. Softw. Eng. 34, 5–20 (2008)CrossRefGoogle Scholar
  5. 5.
    Cleland-Huang, J., Czauderna, A., Gibiec, M., Emenecker, J.: A machine learning approach for tracing regulatory codes to product specific requirements. In: Kramer, J., Bishop, J., Devanbu, P.T., Uchitel, S. (eds.) ICSE (1), pp. 155–164. ACM (2010)Google Scholar
  6. 6.
    Darimont, R., Lemoine, M.: Goal-oriented analysis of regulations. In: ReMo2V, held at CAiSE 2006 (2006)Google Scholar
  7. 7.
    Ghanavati, S., Amyot, D., Peyton, L.: Towards a framework for tracking legal compliance in healthcare. In: Krogstie, J., Opdahl, A.L., Sindre, G. (eds.) CAiSE 2007. LNCS, vol. 4495, pp. 218–232. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    Ghanavati, S., Amyot, D., Peyton, L.: A systematic review of goal-oriented requirements management frameworks for business process compliance. In: RELAW 2011, pp. 25–34. IEEE (2011)Google Scholar
  9. 9.
    Gordon, D.G., Breaux, T.D.: Reconciling Multi-jurisdictional Legal Requirements: A Case Study in Requirements Water Marking. In: RE 2012. IEEE (2012)Google Scholar
  10. 10.
    Ingolfo, S., Siena, A., Jureta, I., Susi, A., Perini, A., Mylopoulos, J.: Modeling and reasoning with stakeholder preferences among legal alternatives. Submitted to CAISE13 (2012)Google Scholar
  11. 11.
    Ingolfo, S., Siena, A., Mylopoulos, J., Susi, A., Perini, A.: Arguing regulatory compliance of software requirements. Accepted for publication in Data & Knowledge Engineering, DKE (2012),
  12. 12.
    Jureta, I., Borgida, A., Ernst, N.A., Mylopoulos, J.: Techne: Towards a new generation of requirements modeling languages with goals, preferences, and inconsistency handling. In: RE 2010, pp. 115–124. IEEE Computer Society (2010)Google Scholar
  13. 13.
    Khadraoui, A., Leonard, M., Thi, T.T.P., Helfert, M.: A Framework for Compliance of Legacy Information Systems with Legal Aspect. In: Gronau, N. (ed.) AIS Transactions on Enterprise Systems, vol. 1. GITO Publishing GmbH (2009) ISSN 1867-7134Google Scholar
  14. 14.
    Kiyavitskaya, N., Zeni, N., Breaux, T.D., Antón, A.I., Cordy, J.R., Mich, L., Mylopoulos, J.: Automating the extraction of rights and obligations for regulatory compliance. In: Li, Q., Spaccapietra, S., Yu, E., Olivé, A. (eds.) ER 2008. LNCS, vol. 5231, pp. 154–168. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. 15.
    Liaskos, S., McIlraith, S.A., Sohrabi, S., Mylopoulos, J.: Representing and reasoning about preferences in requirements engineering. Requir. Eng. 16(3), 227–249 (2011)CrossRefGoogle Scholar
  16. 16.
    Maxwell, J.C., Antón, A.I., Swire, P.: Managing Changing Compliance Requirements by Predicting Regulatory Evolution: An Adaptability Framework. In: RE 2012. IEEE (2012)Google Scholar
  17. 17.
    Minker, J.: Overview of disjunctive logic programming. Ann. Math. Artif. Intell. 12(1-2), 1–24 (1994)MathSciNetCrossRefGoogle Scholar
  18. 18.
    Nekvi, M.R.I., Madhavji, N.H., Ferrari, R., Berenbach, B.: Impediments to requirements-compliance. In: Regnell, B., Damian, D. (eds.) REFSQ 2011. LNCS, vol. 7195, pp. 30–36. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  19. 19.
    Perini, A., Susi, A., Avesani, P.: A Machine Learning Approach to Software Requirements Prioritization. IEEE Transactions on Software Engineering (2012) (to appear)Google Scholar
  20. 20.
    Rifaut, A., Dubois, E.: Using goal-oriented requirements engineering for improving the quality of iso/iec 15504 based compliance assessment frameworks. In: RE 2008, pp. 33–42 (2008)Google Scholar
  21. 21.
    Siena, A., Ingolfo, S., Susi, A., Jureta, I., Perini, A., Mylopoulos, J.: Requirements, intentions, goals and applicable norms. In: ER Workshops, pp. 195–200 (2012)Google Scholar
  22. 22.
    Siena, A., Jureta, I., Ingolfo, S., Susi, A., Perini, A., Mylopoulos, J.: Capturing variability of law with Nòmos 2. In: ER 2012 (2012)Google Scholar
  23. 23.
    Tawhid, R., et al.: Towards outcome-based regulatory compliance in aviation security. In: RE 2012, pp. 267–272 (2012)Google Scholar
  24. 24.
    Zave, P., Jackson, M.: Four dark corners of requirements engineering. ACM Trans. Softw. Eng. Methodol. 6(1), 1–30 (1997)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Silvia Ingolfo
    • 1
  • Alberto Siena
    • 1
  • Ivan Jureta
    • 2
  • Angelo Susi
    • 3
  • Anna Perini
    • 3
  • John Mylopoulos
    • 1
  1. 1.University of TrentoTrentoItaly
  2. 2.University of NamurNamurBelgium
  3. 3.FBK-IrstTrentoItaly

Personalised recommendations