Acquiring Software Compliance Artifacts from Policies and Regulations
نویسندگان
چکیده
Policies and government regulations impose restrictions on information practices in healthcare and finance. These restrictions govern the use and disclosure of information that spans organizations and their business practices. To comply with policies and the law, organizations must demonstrate that they have verifiable procedures in-place to implement these restrictions. To this end, we present techniques that software engineers can use to systematically acquire software artifacts from natural language policies and regulations based on our in-depth analysis of the U.S. Health Insurance Portability and Accountability Act (HIPAA). The techniques apply semantic primitives to regulatory statements to express class structures using the Z notation. From these structures, software engineers distinguish between necessary and discretionary software requirements and acquire the following software artifacts: specifications for transactions including interfaces between software and business processes; data schemas and data maintenance requirements; and event-based test cases for ensuring that systems comply with policies and regulations.
منابع مشابه
Compliance Engineering: Aligning Software Requirements with Policies and Government Regulations
As information is increasingly managed electronically, policies and government regulations intended to protect personal privacy are increasing the requirements complexity of software systems. These regulations and policies are frequently developed by lawyers and domain experts – not engineers – resulting in complex and ambiguous legal language. To ensure software complies with the law, software...
متن کاملCompliance in service-oriented architectures: A model-driven and view-based approach
Context: Ensuring software systems conforming to multiple sources of relevant policies, laws, and regulations is significant because the consequences of infringement can be serious. Unfortunately, this goal is hardly achievable due to the divergence and frequent changes of compliance sources and the differences in perception and expertise of the involved stakeholders. In the long run, these iss...
متن کاملResearch and Teaching Statements
Legal compliance in software systems is one of the most important problems in the field of software engineering. Laws, regulations, and organizational policies describe societal values that impose serious challenges and requirements to software engineers building systems. My dissertation examines how software engineers can ensure software requirements comply with relevant laws, regulations, and...
متن کاملShareholder Wealth Effects of MANAGEMENT Regulatory COMPLIANCE
Purpose: This paper addresses whether and how the Sarbanes-Oxley Act of 2002(SOX) affects shareholder wealth (firm value) by focusing on the trade-off between improved corporate governance leading to a lower cost of capital and increased managerial compliance costs of regulations. Design/Methodology: We use an analytical model of solving the management utility maximization function and the cha...
متن کاملA distributed requirements management framework for legal compliance and accountability
Increasingly, new regulations are governing organizations and their information systems. Individuals responsible for ensuring legal compliance and accountability currently lack sufficient guidance and support to manage their legal obligations within relevant information systems. While software controls provide assurances that business processes adhere to specific requirements, such as those der...
متن کامل