Validating legal compliance: governance analysis method
暂无分享,去创建一个
This dissertation introduces a logic-based, computer assisted framework for validating legal compliance of enterprise governance models. This framework is intended to help checking whether governance systems are consistent with the law. The framework proposes legal and enterprise models, a governance analysis method - called GAM -, in addition to a governance analysis language - called GAL -, and an implemented governance analysis tool - called GAT. The method consists in extracting requirements into GAL statements by using patterns and translating them into a logic model for consistency checking.
The models, language, and tool proposed in this thesis evolved as a result of their application to governance laws (privacy and financial). The method's main processes were validated through application to Canadian and US laws (mainly PIPEDA and Sarbanes-Oxley) combined with various examples taken from enterprise systems. From these evaluations it was concluded that the method is formal, and repeatable for the purposes of partially extracting requirements from laws and enterprises, directly mapping these combined requirements into logic models, and checking results.
The extraction process uses patterns to match legal and enterprise requirements. The representation process maps extracted requirements to GAL statements. The generation process takes as input GAL statements to generate a logic model. The Alloy logic analyser is then used to check legal consistency. Three legal-compliance validation techniques are proposed: model, ontology, and scenario checks. Model-checks validate the combined legal and enterprise requirements for logical consistency. Ontology-checks validate the enterprise structure and process. Scenario-checks validate enterprise scenarios.
The techniques are shown to be useful for identifying conflicts and extracting counterexamples.