Compliance management with measurement frameworks

New regulatory regimes advocate the use of “goaloriented” regulations that are more flexible during regulatory conversations occurring between the regulators and the regulatees when new regulations are introduced. In that context, long-term “compliance agreements” between regulators and regulatees are needed. Using recent developments of the Measurement Theory, this paper shows that the concept of Measurement Framework (MF) for soft-systems is of particular importance for providing those compliance agreements. We show that with two kinds of goals and softgoals based on MF, one can improve (a) the elicitation of compliance requirements, (b) the structure of the compliance arguments for compliant requirements, and (c) the consistency between actual compliance at run-time and the intentional compliance at early stages of Requirements Engineering.

[1]  John Mylopoulos,et al.  A core ontology for requirements , 2009, Appl. Ontology.

[2]  John Mylopoulos,et al.  From Laws to Requirements , 2008, 2008 Requirements Engineering and Law.

[3]  André Rifaut Goal-Driven Requirements Engineering for Supporting the ISO 15504 Assessment Process , 2005, EuroSPI.

[4]  Antònia Mas Picahaco,et al.  ISO/IEC 15504 Adaptation for Software Process Assessment in SMEs , 2003, Software Engineering Research and Practice.

[5]  Daniel Amyot,et al.  Evaluating goal models within the goal‐oriented requirement language , 2010, Int. J. Intell. Syst..

[6]  L. Finkelstein Widely, strongly and weakly defined measurement , 2003 .

[7]  H. D. Rombach,et al.  The Goal Question Metric Approach , 1994 .

[8]  Eric Dubois,et al.  Using Goal-Oriented Requirements Engineering for Improving the Quality of ISO/IEC 15504 based Compliance Assessment Frameworks , 2008, 2008 16th IEEE International Requirements Engineering Conference.

[9]  Nicola Zannone,et al.  Why Eliciting and Managing Legal Requirements Is Hard , 2008, 2008 Requirements Engineering and Law.

[10]  Khaled El Emam,et al.  SPICE in retrospect: Developing a standard for process assessment , 2007, J. Syst. Softw..

[11]  John Mylopoulos,et al.  Understanding "why" in software process modelling, analysis, and design , 1994, Proceedings of 16th International Conference on Software Engineering.

[12]  Ibrahim Habli,et al.  A Generic Goal-Based Certification Argument for the Justification of Formal Analysis , 2009, SafeCert@ETAPS.

[13]  Eric S. K. Yu,et al.  Analyzing goal models: different approaches and how to choose among them , 2011, SAC.

[14]  Daniel Amyot,et al.  Compliance Analysis Based on a Goal-oriented Requirement Language Evaluation Methodology , 2009, 2009 17th IEEE International Requirements Engineering Conference.

[15]  Eric Yu,et al.  Evaluating goal models within the goal-oriented requirement language , 2010 .

[16]  Anne-Laure Mention,et al.  Improving auditor effectiveness in assessing KYC/AML practices: Case study in a Luxembourgish context , 2011 .

[17]  Alireza Pourshahid,et al.  Business Process Compliance Tracking Using Key Performance Indicators , 2010, Business Process Management Workshops.

[18]  William N. Robinson,et al.  Requirements interaction management , 2003, CSUR.

[19]  P. May Regulatory regimes and accountability , 2007 .

[20]  Annie I. Antón,et al.  Addressing Legal Requirements in Requirements Engineering , 2007, 15th IEEE International Requirements Engineering Conference (RE 2007).