Establishing Regulatory Compliance in Goal-Oriented Requirements Analysis

To develop with lower costs information systems that do not violate regulations, it is necessary to elicit requirements compliant to the regulations. Automated supports allow us to avoid missing requirements necessary to comply with regulations and to exclude functional requirements against the regulations. In this paper, we propose a technique to detect goals relevant to regulations in a goal model and to add goals so that the resulting goal model can be compliant to the regulations. In this approach, we obtain the goals relevant to regulations by semantically matching goal descriptions to regulatory statements. We use Case Grammar approach to deal with the meaning of goal descriptions and regulatory statements, i.e., both are transformed to case frames as their semantic representations, and we check if their case frames can be unified. After detecting the relevant goals, based on the modality of matched regulatory statements, new goals to realize the compliance to regulatory statements are added to the goal model. We made case studies and had a result that 93% of regulatory violations could be corrected.

[1]  Shinpei Hayashi,et al.  Impact Analysis on an Attributed Goal Graph , 2012, IEICE Trans. Inf. Syst..

[2]  Yijun Yu,et al.  Are your sites down? Requirements-driven self-tuning for the survivability of Web systems , 2011, 2011 IEEE 19th International Requirements Engineering Conference.

[3]  Haruhiko Kaiya,et al.  Supporting the Elicitation of Requirements Compliant with Regulations , 2008, CAiSE.

[4]  天野 隆弘 Act on the protection of personal information and medical education , 2007 .

[5]  Axel van Lamsweerde,et al.  Requirements Engineering: From System Goals to UML Models to Software Specifications , 2009 .

[6]  Fuyuki Ishikawa,et al.  Modeling, Analyzing and Weaving Legal Interpretations in Goal-Oriented Requirements Engineering , 2009, 2009 Second International Workshop on Requirements Engineering and Law.

[7]  Annie I. Antón,et al.  Addressing Legal Requirements in Requirements Engineering , 2007, 15th IEEE International Requirements Engineering Conference (RE 2007).

[8]  Shinpei Hayashi,et al.  A Tool for Attributed Goal-Oriented Requirements Analysis , 2009, 2009 IEEE/ACM International Conference on Automated Software Engineering.

[9]  Takashi Yoshikawa,et al.  Supporting Requirements Change Management in Goal Oriented Analysis , 2008, 2008 16th IEEE International Requirements Engineering Conference.

[10]  Shinpei Hayashi,et al.  Enhancing Goal-Oriented Security Requirements Analysis using Common Criteria-Based Knowledge , 2013, Int. J. Softw. Eng. Knowl. Eng..

[11]  John Mylopoulos,et al.  A Meta-Model for Modelling Law-Compliant Requirements , 2009, 2009 Second International Workshop on Requirements Engineering and Law.

[12]  Shinpei Hayashi,et al.  Terminology matching of requirements specification documents and regulations for compliance checking , 2015, 2015 IEEE Eighth International Workshop on Requirements Engineering and Law (RELAW).

[13]  C. Fillmore Lexical Entries for Verbs , 1968 .

[14]  Daniel Amyot,et al.  Goal-oriented compliance with multiple regulations , 2014, 2014 IEEE 22nd International Requirements Engineering Conference (RE).