A systematic literature mapping of goal and non-goal modelling methods for legal and regulatory compliance

Akhigbe, Okhaide; Amyot, Daniel; Richards, Gregory

doi:10.1007/s00766-018-0294-1

Cited by 23 publications

(21 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Regulatory compliance is the act of ensuring adherence of an organization, process, and/or (software) product to regulations like standards, laws, guidelines, or specifications [2]. Regulatory compliance addresses goals and mitigates risks.…”

Section: Background and Terminologymentioning

confidence: 99%

See 1 more Smart Citation

Compliance Requirements in Large-Scale Software Development: An Industrial Case Study

Usman

Felderer

Unterkalmsteiner

et al. 2020

Product-Focused Software Process Improvement

View full text Add to dashboard Cite

Regulatory compliance is a well-studied area, including research on how to model, check, analyse, enact, and verify compliance of software. However, while the theoretical body of knowledge is vast, empirical evidence on challenges with regulatory compliance, as faced by industrial practitioners particularly in the Software Engineering domain, is still lacking. In this paper, we report on an industrial case study which aims at providing insights into common practices and challenges with checking and analysing regulatory compliance, and we discuss our insights in direct relation to the state of reported evidence. Our study is performed at Ericsson AB, a large telecommunications company, which must comply to both locally and internationally governing regulatory entities and standards such as GDPR. The main contributions of this work are empirical evidence on challenges experienced by Ericsson that complement the existing body of knowledge on regulatory compliance.

show abstract

Section: Background and Terminologymentioning

confidence: 99%

“…Compliance tasks are common activities that are carried out in order to achieve compliance with regulations. These tasks include compliance modeling, checking, analysis and enactment [2].…”

Section: Background and Terminologymentioning

confidence: 99%

Compliance Requirements in Large-Scale Software Development: An Industrial Case Study

Usman

Felderer

Unterkalmsteiner

et al. 2020

Product-Focused Software Process Improvement

View full text Add to dashboard Cite

show abstract

“…This idea of having a modeling framework to organize the certification elements is not new. It was particularly highlighted by [1,25]. Among the works on compliance to a regulation, we can mention, for example, the SafetyMet metamodel safety oriented [38] or the UML stereotype developed by [31].…”

Section: Related Workmentioning

confidence: 99%

“…Their method consists in supporting modeling a safety standard in their UML profile, then to make the link, according to precise rules materialized by OCL constraints, between the domain model and the certification model. This work, as identified by [1], models the structure of the standard to provide an organization of the elements provided by the applicant to satisfy the standard. However this work does not clarify the intent of the objectives of standard, this task being assigned here to the experts who will model the safety standard.…”

Section: Related Workmentioning

confidence: 99%

“…To support applicants in this task, expert committees, composed of companies, certification authorities and academics, have defined standards, guidelines or recommendations (that will be simply referred as standards in the sequel) 1 . These standards are complex documents, which provide high-level certification objectives to be fulfilled and often require experts to understand precisely what is expected by the certification.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Patterns for Certification Standards

Delmas

Pagetti

Polacsek

2020

Advanced Information Systems Engineering

View full text Add to dashboard Cite

One of the absolute preconditions for a safety-critical system to enter the market is to be issued a certificate by the regulating authorities. To this end, the "applicant" must demonstrate the compliance of its product with the domain's standards. The high complexity of this process has led applicants to rely on assurance cases made for certification in the medical, nuclear, or aeronautic domains. In this paper, we propose a generic method that guides the applicant through the specification of assurance cases for a complex standard. Unlike existing works focused on a single context, our objective is to provide an approach that is both generic and domain-agnostic. In order to illustrate this new approach, we present the results of its application on a real-world case study, which pointed out new issues and led to improvements.

show abstract

A goal‐driven approach for the joint deployment of safety and security standards for operators of essential services

Ponsard

Grandclaudon

Massonet

2021

J Software Evolu Process

View full text Add to dashboard Cite

Summary Designing safety‐critical software in domains ensuring essential services like transportation, energy, or health requires high assurance techniques and compliance with domain specific standards. As a result of the global interconnectivity and the evolution toward cyber‐physical systems, the increasing exposure to cyber threats calls for the adoption of cyber security standards and frameworks. Although safety and security have different cultures, both fields share similar concepts and tools and are worth being investigated together. This paper provides the background to understand emerging co‐engineering approaches. It advocates for the use of a model‐based approach to provide a sound risk‐oriented process and to capture rationales interconnecting top‐level standards/directives to concrete safety/security measures. We show the benefits of adopting goal‐oriented analysis that can be transposed later to domain‐specific frameworks. Both qualitative and quantitative reasoning aspects are analyzed and discussed, especially to support trade‐off analysis. Our work is driven by a representative case study in drinking water utility in the scope of the NIS regulation for operator of essential services.

show abstract

A systematic literature mapping of goal and non-goal modelling methods for legal and regulatory compliance

Cited by 23 publications

References 42 publications

Compliance Requirements in Large-Scale Software Development: An Industrial Case Study

Compliance Requirements in Large-Scale Software Development: An Industrial Case Study

Patterns for Certification Standards

A goal‐driven approach for the joint deployment of safety and security standards for operators of essential services

Contact Info

Product

Resources

About