Exercising Due Diligence in Legal Requirements Acquisition: A Tool-supported, Frame-Based Approach

Government laws and organizational policies introduce critical legal requirements that govern information systems. Unlike traditional requirements elicited from stakeholders, legal requirements have unique characteristics that software engineers must address to ensure that their systems are demonstrably compliant with relevant laws and policies. This paper presents important terminology for developing legally compliant software systems and a methodology consisting of procedures and models for acquiring, representing and analyzing phenomena in legal documents, which constitute rich sources of legal requirements. Based on a grounded theory, the method has been validated through a mixed-methods approach consisting of multiple, descriptive case studies. This paper presents a human subject experiment that tests a fundamental part of the theory to understand the efficacy of multiple users applying the method to a sample regulation text.

[1]  Marek J. Sergot,et al.  The British Nationality Act as a logic program , 1986, CACM.

[2]  Annie I. Antón,et al.  Addressing Legal Requirements in Requirements Engineering , 2007, 15th IEEE International Requirements Engineering Conference (RE 2007).

[3]  O. Gotel,et al.  Contribution Structures , 1995 .

[4]  F. Wilcoxon Individual Comparisons by Ranking Methods , 1945 .

[5]  J Klein The legal requirements. , 1982, Hospital & community psychiatry.

[6]  John Mylopoulos,et al.  Extracting rights and obligations from regulations: toward a tool-supported process , 2007, ASE.

[7]  Daniela Tiscornia,et al.  Esplex: A rule and conceptual model for representing statutes , 1987, ICAIL '87.

[8]  Ban Al-Ani,et al.  Marginal Notes on Amethodical Requirements Engineering:  What Experts Learned from Experience , 2008, 2008 16th IEEE International Requirements Engineering Conference.

[9]  Annie I. Antón,et al.  Analyzing Regulatory Rules for Privacy and Security Requirements , 2008, IEEE Transactions on Software Engineering.

[10]  Annie I. Antón,et al.  Towards Regulatory Compliance: Extracting Rights and Obligations to Align Requirements with Regulations , 2006, 14th IEEE International Requirements Engineering Conference (RE'06).

[11]  Annie I. Antón,et al.  Analyzing goal semantics for rights, permissions, and obligations , 2005, 13th IEEE International Conference on Requirements Engineering (RE'05).

[12]  Jacob Cohen A Coefficient of Agreement for Nominal Scales , 1960 .

[13]  Annie I. Antón,et al.  Legal Requirements, Compliance and Practice: An Industry Case Study in Accessibility , 2008, 2008 16th IEEE International Requirements Engineering Conference.

[14]  A. Antón,et al.  A Systematic Method for Acquiring Regulatory Requirements : A Frame-Based Approach , 2007 .

[15]  M. Hart,et al.  SOME FUNDAMENTAL LEGAL CONCEPTIONS AS APPLIED IN JUDICIAL REASONING , 2008 .

[16]  Greg Wilson,et al.  Requirements in the wild: How small companies do it , 2007, 15th IEEE International Requirements Engineering Conference (RE 2007).

[17]  N. Isaacs,et al.  Fundamental Legal Conceptions as Applied in Judicial Reasoning: And Other Legal Essays , 2010 .

[18]  D. M. Sherman A Prolog model of the income tax act of Canada , 1987, ICAIL '87.

[19]  Roel Wieringa,et al.  Requirements Engineering: Frameworks for Understanding , 1996 .

[20]  Clare-Marie Karat,et al.  Enforceability vs. accountability in electronic policies , 2006, Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06).

[21]  Daniel Amyot,et al.  Towards a Framework for Tracking Legal Compliance in Healthcare , 2007, CAiSE.