Designing Law-Compliant Software Requirements
نویسندگان
چکیده
New laws, such as HIPAA and SOX, are increasingly impacting the design of software systems, as business organisations strive to comply. This paper studies the problem of generating a set of requirements for a new system which comply with a given law. Specifically, the paper proposes a systematic process for generating law-compliant requirements by using a taxonomy of legal concepts and a set of primitives to describe stakeholders and their strategic goals. Given a model of law and a model of stakeholders goals, legal alternatives are identified and explored. Strategic goals that can realise legal prescriptions are systematically analysed, and alternative ways of fulfilling a law are evaluated. The approach is demonstrated by means of a case study. This work is part of the Nomos framework, intended to support the design of law-compliant requirements models.
منابع مشابه
Legal Requirements Acquisition for the Specification of Legally Compliant
BREAUX, TRAVIS DURAND. Legal Requirements Acquisition for the Specification of Legally Compliant Information Systems. (Under the direction of Ana Isabel Antón.) U.S. federal and state regulations impose mandatory and discretionary requirements on industrywide business practices to achieve non-functional, societal goals such as improved accessibility, privacy and safety. The structure and syntax...
متن کاملPatterns- and Security-Requirements-Engineering-based Support for Development and Documentation of Security Standard Compliant ICT Systems
Aligning an ICT system with a security standard is a challenging task, because of the sparse support for development and documentation that these standards provide. We create patterns for the elements of trustworthiness: security, risk management, privacy, and law. The instantiations of these patterns are used to support the development and documentation of ICT systems according to security sta...
متن کاملEvolving Requirements in Socio-Technical Systems: Concepts and Practice
Changes in requirements are inevitable in the context of socio-technical systems (STS) that involve human organizations with their rules, as well as individuals and software systems. In these complex systems need for changes may emerge once software components come into operation, due to undesirable behavior of the STS, or due to variations in organization rules, laws, resources and STS’s compo...
متن کاملAn IEC-compliant Engineering Tool for Distributed Control Applications
Elec. & Comp. Eng. Dept. , University of Patras, 265 00 Patras, Greece, [email protected] Abstract-To address the need of modern manufacturing plants to quickly respond to market requirements by designing competitive products and modifying existing ones, evolving IEC standards like 61499 and 61804 define a methodology to be used by system designers to construct distributed industrial contr...
متن کاملBusiness Process Development through the Use of a Modified Axiomatic Design Methodology
Today, medical device companies need to be compliant to global regulatory requirements and at the same time, streamline and shorten their product development lifecycle so they can secure the competitive advantages that come from being first to market. That means improving efficiency throughout the product development process, from development through regulatory approvals (around the world), whi...
متن کامل