Compliance Analysis Based on a Goal-oriented Requirement Language Evaluation Methodology

In recent years, many governmental regulations have been introduced to protect the privacy of person-al information. As a result, organizations must take a systematic approach to ensure that their business processes comply with these regulations. In the past, we introduced a requirements framework that mapped regulations documents and goals to goal and scenario models of organizational processes. The intent was to help organizations document and manage the compliance of their processes in the face of evolutionary changes. In this paper, we extend our framework by incorporating regulation scenario models and by adding the notion of contribution link level to the compliance link types. These extensions result in a frame-work that is more aligned to the needs of an organization when it must evaluate and ensure the legal compliance of its organizational processes.

[1]  Daniel Amyot,et al.  A Requirements Management Framework for Privacy Compliance , 2007, WER.

[2]  John Mylopoulos,et al.  Representing and Using Nonfunctional Requirements: A Process-Oriented Approach , 1992, IEEE Trans. Software Eng..

[3]  Daniel Amyot,et al.  Towards a Framework for Tracking Legal Compliance in Healthcare , 2007, CAiSE.

[4]  Eugene H. Spafford,et al.  A distributed requirements management framework for legal compliance and accountability , 2009, Comput. Secur..

[5]  Radboud Winkels,et al.  Legal Ontologies in Knowledge Engineering and Information Management , 2004, Artificial Intelligence and Law.

[6]  Anna Perini,et al.  Exploring the Effectiveness of Normative i* Modelling: Results from a Case Study on Food Chain Traceability , 2008, CAiSE.

[7]  Bev Littlewood,et al.  Theories of Software Reliability: How Good Are They and How Can They Be Improved? , 1980, IEEE Transactions on Software Engineering.

[8]  Eric Dubois,et al.  Using Goal-Oriented Requirements Engineering for Improving the Quality of ISO/IEC 15504 based Compliance Assessment Frameworks , 2008, 2008 16th IEEE International Requirements Engineering Conference.

[9]  John Mylopoulos,et al.  Automating the Extraction of Rights and Obligations for Regulatory Compliance , 2008, ER.

[10]  Daniel Amyot,et al.  Integrating an Eclipse-Based Scenario Modeling Environment with a Requirements Management System , 2006, 2006 Canadian Conference on Electrical and Computer Engineering.

[11]  Annie I. Antón,et al.  Towards Regulatory Compliance: Extracting Rights and Obligations to Align Requirements with Regulations , 2006, 14th IEEE International Requirements Engineering Conference (RE'06).

[12]  Robert Darimont,et al.  Goal-oriented Analysis of Regulations , 2006, ReMo2V.

[13]  Annie I. Antón,et al.  A Distributed Requirements Management Framework for Compliance and Accountability , 2006 .

[14]  John Mylopoulos,et al.  Reasoning with Goal Models , 2002, ER.

[15]  Eric Yu,et al.  Evaluating goal models within the goal-oriented requirement language , 2010 .