Abstract
A software system complies with a regulation if its operation is consistent with the regulation under all circumstances. The importance of regulatory compliance for software systems has been growing, as regulations are increasingly impacting both the functional and non-functional requirements of legacy and new systems. HIPAA and SOX are recent examples of laws with broad impact on software systems, as attested by the billions of dollars spent in the US alone on compliance. In this paper we propose a framework for establishing regulatory compliance for a given set of software requirements. The framework assumes as inputs models of the requirements (expressed in i*) and the regulations (expressed in Nòmos). In addition, we adopt and integrate with i* and Nòmos a modeling technique for capturing arguments and establishing their acceptability. Given these, the framework proposes a systematic process for revising the requirements, and arguing through a discussion among stakeholders that the revisions make the requirements compliant. Our proposed framework is illustrated through a case study involving fragments of the HIPAA regulation.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Sartor, G.: Fundamental legal concepts: A formal and teleological characterisation. Artificial Intelligence and Law 14, 101–142 (2006)
Ghanavati, S., Amyot, D., Peyton, L.: Towards a framework for tracking legal compliance in healthcare. In: Krogstie, J., Opdahl, A.L., Sindre, G. (eds.) CAiSE 2007 and WES 2007. LNCS, vol. 4495, pp. 218–232. Springer, Heidelberg (2007)
Young, J.D., Anton, A.I.: A method for identifying software requirements based on policy commitments. In: IEEE Int. Conf. Req. Eng., pp. 47–56 (2010)
Siena, A.: Engineering law-compliant requirements. The Nòmos framework. PhD thesis, University of Trento, Italy (2010)
Yu, E.: Modelling Strategic Relationships for Process Reengineering. PhD thesis, University of Toronto, Canada (1995)
Hohfeld, W.N.: Fundamental Legal Conceptions as Applied in Judicial Reasoning. Yale Law Journal 23(1) (1913)
Jureta, I., Mylopoulos, J., Faulkner, S.: Analysis of multi-party agreement in requirements validation. In: IEEE Int. Conf. Req. Eng., pp. 57–66 (2009)
Ingolfo, S.: Establishing compliance of software requirements through argumentation, Master’s thesis, University of Trento, Italy (2010)
Guzman, A.T.: A compliance-based theory of international law. California Law Review 90(6), 1823–1887 (2002)
Maxwell, J., Anton, A.: Checking existing requirements for compliance with law using a production rule model. In: Second International Workshop on Requirements Engineering and Law (RELAW), pp. 1–6 (2009)
Rifaut, A., Dubois, E.: Using goal-oriented requirements engineering for improving the quality of iso/iec 15504 based compliance assessment frameworks, pp. 33–42. IEEE Computer Society, Los Alamitos (2008)
Robinson, W.N.: Implementing rule-based monitors within a framework for continuous requirements monitoring. In: Hawaii International Conference on System Sciences, vol. 7, p. 188a (2005)
Habli, I., Wu, W., Attwood, K., Kelly, T.: Extending argumentation to goal-oriented requirements engineering. In: Hainaut, J.-L., Rundensteiner, E.A., Kirchberg, M., Bertolotto, M., Brochhausen, M., Chen, Y.-P.P., Cherfi, S.S.-S., Doerr, M., Han, H., Hartmann, S., Parsons, J., Poels, G., Rolland, C., Trujillo, J., Yu, E., Zimányie, E. (eds.) ER Workshops 2007. LNCS, vol. 4802, pp. 306–316. Springer, Heidelberg (2007)
Haley, C.B., Moffett, J.D., Laney, R., Nuseibeh, B.: Arguing security: validating security requirements using structured argumentation. In: SREIS 2005 (2005)
Ghetiu, T., Polac, F., Bown, J.: Argument-driven validation of computer simulations - a necessity, rather than an option. In: Advances in System Testing and Validation Lifecycle (VALID), pp. 1–4 (August 2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ingolfo, S., Siena, A., Mylopoulos, J. (2011). Establishing Regulatory Compliance for Software Requirements. In: Jeusfeld, M., Delcambre, L., Ling, TW. (eds) Conceptual Modeling – ER 2011. ER 2011. Lecture Notes in Computer Science, vol 6998. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24606-7_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-24606-7_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-24605-0
Online ISBN: 978-3-642-24606-7
eBook Packages: Computer ScienceComputer Science (R0)