Goal-oriented compliance with multiple regulations

Most systems and business processes in organizations need to comply with more than one law or regulation. Different regulations can partially overlap (e.g., one can be more detailed than the other) or even conflict with each other. In addition, one regulation can permit an action whereas the same action in another regulation might be mandatory or forbidden. In each of these cases, an organization needs to take different strategies. This paper presents an approach to handle different situations when comparing and attempting to comply with multiple regulations as part of a goal-oriented modeling framework named LEGAL-URN. This framework helps organizations find suitable trade-offs and priorities when complying with multiple regulations while at the same time trying to meet their own business objectives. The approach is illustrated with a case study involving a Canadian health care organization that must comply with four laws related to privacy, quality of care, freedom of information, and care consent.

[1]  Daniel Amyot,et al.  Legal-urn framework for legal compliance of business processes , 2013 .

[2]  Guido Boella,et al.  Integrating Legal-URN and Eunomos: Towards a Comprehensive Compliance Management Solution , 2013, AICOL.

[3]  Daniel Amyot,et al.  GRL Modeling and Analysis with jUCMNav , 2011, iStar.

[4]  John Mylopoulos,et al.  Capturing Variability of Law with Nómos 2 , 2012, ER.

[5]  J Klein The legal requirements. , 1982, Hospital & community psychiatry.

[6]  Travis D. Breaux,et al.  Managing multi-jurisdictional requirements in the cloud: towards a computational legal landscape , 2011, CCSW '11.

[7]  Nicola Zannone,et al.  Why Eliciting and Managing Legal Requirements Is Hard , 2008, 2008 Requirements Engineering and Law.

[8]  D. Gabbay,et al.  Inconsistency Handling in Multiperspective Specifications , 1994 .

[9]  John Mylopoulos,et al.  Towards a framework for law-compliant software requirements , 2009, 2009 31st International Conference on Software Engineering - Companion Volume.

[10]  Daniel Amyot,et al.  Compliance Analysis Based on a Goal-oriented Requirement Language Evaluation Methodology , 2009, 2009 17th IEEE International Requirements Engineering Conference.

[11]  Tom M. van Engers,et al.  Automated Detection of Reference Structures in Law , 2006, JURIX.

[12]  Travis D. Breaux,et al.  Reconciling multi-jurisdictional legal requirements: A case study in requirements water marking , 2012, 2012 20th IEEE International Requirements Engineering Conference (RE).

[13]  Sepideh Ghanavati,et al.  Measurement-oriented comparison of multiple regulations with GRL , 2012, 2012 Fifth IEEE International Workshop on Requirements Engineering and Law (RELAW).

[14]  Daniel Amyot,et al.  A systematic review of goal-oriented requirements management frameworks for business process compliance , 2011, 2011 Fourth International Workshop on Requirements Engineering and Law.

[15]  Guido Boella,et al.  Eunomos, A Legal Document and Knowledge Management System for Regulatory Compliance , 2012 .

[16]  Annie I. Antón,et al.  A legal cross-references taxonomy for identifying conflicting software requirements , 2011, 2011 IEEE 19th International Requirements Engineering Conference.

[17]  Annie I. Antón,et al.  Legal Requirements, Compliance and Practice: An Industry Case Study in Accessibility , 2008, 2008 16th IEEE International Requirements Engineering Conference.

[18]  Travis D. Breaux,et al.  Comparing requirements from multiple jurisdictions , 2011, 2011 Fourth International Workshop on Requirements Engineering and Law.

[19]  Bashar Nuseibeh,et al.  Managing inconsistencies in an evolving specification , 1995, Proceedings of 1995 IEEE International Symposium on Requirements Engineering (RE'95).

[20]  Daniel Amyot,et al.  Legal goal-oriented requirement language (legal GRL) for modeling regulations , 2014, MiSE 2014.

[21]  Daniel Amyot,et al.  Towards a Framework for Tracking Legal Compliance in Healthcare , 2007, CAiSE.

[22]  Axel van Lamsweerde,et al.  Managing Conflicts in Goal-Driven Requirements Engineering , 1998, IEEE Trans. Software Eng..

[23]  Mehrdad Sabetzadeh,et al.  Automated detection and resolution of legal cross references: Approach and a study of Luxembourg's legislation , 2014, 2014 IEEE 22nd International Requirements Engineering Conference (RE).

[24]  Thomas Mautner,et al.  Rights , 2008, Radical Hope.