Compliance Management is Becoming a Major Issue in IS Design

Bonazzi, Riccardo; Hussami, L.; Pigneur, Yves

doi:10.1007/978-3-7908-2148-2_45

Cited by 14 publications

(9 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Compliance is a well-known research subject in IS. The literature addresses topics such as the compliance of business processes and services [14][15][16], requirements engineering and conceptual modeling [17,18], auditing IS compliance [19,20], and the alignment between law and IT compliance [21]. However, the majority of studies focus on the perspective of modeling and checking compliance [10], lacking the human behavior in that regulatory space and the guidance to allow cooperation between different experts, not specific to a technology or IT architecture.…”

Section: Is Design and Compliancementioning

confidence: 99%

Modeling the Organizational Regulatory Space: A Joint Design Approach

Barata

Cunha

2013

Lecture Notes in Business Information Processing

View full text Add to dashboard Cite

Part 5: Enterprise Modelling and Information SystemsInternational audienceWe present an approach for the joint design of organizational regulatory spaces (ORS). The approach was validated through action research, integrating the components of context, people, process, information, and IT. The design of the ORS is usually performed by distinct teams, with unconnected viewpoints, using different vocabularies and tools. Similarly to information systems, there are business experts that define the regulatory goals and rules. The ORS modeling is problematic, and is fragmented. We have adopted the O2 framework to provide a common level of abstraction for the design. The result is a comprehensive and layered map of the ORS. This approach has proved to offer an effective representation of the ORS for external auditors and business associations. Internally, we provide organizations with new ways to model, communicate, and improve the regulatory space

show abstract

Section: Is Design and Compliancementioning

confidence: 99%

Modeling the Organizational Regulatory Space: A Joint Design Approach

Barata

Cunha

2013

Lecture Notes in Business Information Processing

View full text Add to dashboard Cite

show abstract

“…The implementation of controls usually does not follow a generic strategy and hence business compliance is reached on a per-case basis, that is, organizations use ad hoc, hand-crafted solutions for specific compliance concerns [3,[5][6][7]. This usually means that a separate project is started and develops an individual, custom solution for the compliance concern to be addressed.…”

Section: Compliance and Business Processesmentioning

confidence: 99%

“…In cases where preventive controls are hard to implement, for example, failure of a system, service, or human operation, monitoring components can play a more active role by ensuring fast detection of compliance violations [4]; in other words, the monitoring component itself is the compliance control. In many organizations, however, implementation of compliance controls does not follow a generic strategy; compliance is reached on a per case basis, with ad hoc, hand-crafted solutions or niche products used for specific compliance scenarios [3,[5][6][7]. Additionally, these compliance controls are scattered throughout an organization system without a clear architectural concept; in some cases, controls are duplicated.…”

mentioning

confidence: 99%

Domain-specific language for event-based compliance monitoring in process-driven SOAs

Mulo

Zdun

Dustdar

2012

SOCA

View full text Add to dashboard Cite

Organizations today are required to adhere to a number of compliance concerns from laws, regulations and policies. Compliance is achieved through defining and implementing so-called controls in the organizations' business processes. Organizations that build their systems based on the process-driven SOA paradigm realize business processes through orchestration of services to handle the process' business activities. These business activities or groups of business activities in some cases realize the compliance controls. We propose an approach for implementing event-based compliance monitoring infrastructure that observes such business processes to verify that compliance is indeed adhered to. Our approach is essentially a model-driven technique for realizing this infrastructure. We implement a domainspecific language for specification of compliance directives, and we include code generation templates to generate compliance monitoring code, which is leveraged by complex event processing components to monitor for compliance. We evaluate the impact of our approach on the effort and productivity of a developer who is specifying compliance directives.

show abstract

“…Currently, the impact of technical systems to prior analogue world definitions of accountability is unclear. Only few attempts have been made to include the ability of tracing root causes of unwanted events by design, such as [2]. Current e↵orts for data accountability IS lack either the social aspect of IS or a solution by design or both.…”

Section: Introductionmentioning

confidence: 99%

Data Accountability in Socio-Technical Systems

Beckers

Landthaler

Matthes

et al. 2016

Enterprise, Business-Process and Information Systems Modeling

View full text Add to dashboard Cite

Abstract. Data-accountability encompasses responsibility for data and the traceability of data flows. This is becoming increasingly important for Socio-Technical Systems (STS). Determining root causes for unwanted events after their occurrence is often not possible, e.g. because of missing logs. A better traceability of root causes can be supported by the integration of accountability mechanisms at design time. We contribute a structured method for designing an accountability architecture for STS at design time. Therefore, we propose the elicitation of accountability goals to answer why an unwanted event happened and who is responsible for it. We also identify four di↵erent interaction types in STS. Additionally, we derive accountability graphs from a generic accountability model for STS that serve as a baseline for designing accountability mechanisms for all relevant entities in an STS. The resulting architecture is adjusted to legal requirements, regulations and contracts. We demonstrate the applicability of our approach with an eHealth case study.

show abstract

Compliance Management is Becoming a Major Issue in IS Design

Cited by 14 publications

References 11 publications

Modeling the Organizational Regulatory Space: A Joint Design Approach

Modeling the Organizational Regulatory Space: A Joint Design Approach

Domain-specific language for event-based compliance monitoring in process-driven SOAs

Data Accountability in Socio-Technical Systems

Contact Info

Product

Resources

About