Establishing Regulatory Compliance for Information System Requirements: An Experience Report from the Health Care Domain

Adherence to laws and regulations imposes important constraints on organizations, for legacy and new systems, both for their design and operation. Nomos is a framework that supports the development of compliant software systems. In this paper, we report on the application of Nomos in an industrial project, to provide model-based evidence that a set of requirements for a healthcare information system are compliant with a specific law. Compliance is treated as a collection of assigned responsibilities to social and system actors. The design of compliance pays special attention to auditability, i.e., making sure that design-time compliance is actually being adhered to.

[1]  Anna Perini,et al.  Exploring the Effectiveness of Normative i* Modelling: Results from a Case Study on Food Chain Traceability , 2008, CAiSE.

[2]  Eric Yu,et al.  Modeling Strategic Relationships for Process Reengineering , 1995, Social Modeling for Requirements Engineering.

[3]  Jon Doyle,et al.  Semantic parameterization: A process for modeling domain descriptions , 2008, TSEM.

[4]  Giovanni Sartor,et al.  Fundamental legal concepts: A formal and teleological characterisation* , 2006, Artificial Intelligence and Law.

[5]  John Mylopoulos,et al.  Designing Law-Compliant Software Requirements , 2009, ER.

[6]  Eric Dubois,et al.  Using Goal-Oriented Requirements Engineering for Improving the Quality of ISO/IEC 15504 based Compliance Assessment Frameworks , 2008, 2008 16th IEEE International Requirements Engineering Conference.

[7]  Robert Darimont,et al.  Goal-oriented Analysis of Regulations , 2006, ReMo2V.

[8]  Sergiu M. Dascalu,et al.  Unit-level test adequacy criteria for visual dataflow languages and a testing methodology , 2008, TSEM.

[9]  John Mylopoulos,et al.  A Meta-Model for Modelling Law-Compliant Requirements , 2009, 2009 Second International Workshop on Requirements Engineering and Law.

[10]  Shazia Wasim Sadiq,et al.  Process modelling: the deontic way , 2006, APCCM.

[11]  Daniel Amyot,et al.  Towards a Framework for Tracking Legal Compliance in Healthcare , 2007, CAiSE.

[12]  N. Isaacs,et al.  Fundamental Legal Conceptions as Applied in Judicial Reasoning: And Other Legal Essays , 2010 .

[13]  John Mylopoulos,et al.  Requirements Engineering Meets Trust Management: Model, Methodology, and Reasoning , 2004, iTrust.

[14]  John Mylopoulos,et al.  Requirements engineering for trust management: model, methodology, and reasoning , 2006, International Journal of Information Security.