Towards a process for legally compliant software

Hassan, Waël; Logrippo, Luigi

doi:10.1109/relaw.2013.6671345

Cited by 3 publications

(4 citation statements)

References 28 publications

(27 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As already stated, it is critical for companies to ensure that their businesses conform to relevant policies, laws, and regulations as the consequences of infringement can be serious. A method and a process for legal software requirements extraction and compliance checking is proposed in Hassan and Logrippo . The paper shows a requirements extraction model, a set of rules for specifying the format of the extracted information, a set of UML‐based principles for translating the extracted information into a language based on predicate logic, and, finally, a tool that analyzes the resulting logic model and displays the results of the analysis.…”

Section: Motivations and Related Workmentioning

confidence: 99%

“…A method and a process for legal software requirements extraction and compliance checking is proposed in Hassan and Logrippo. 30 The paper shows a requirements extraction model, a set of rules for specifying the format of the extracted information, a set of UML-based principles for translating the extracted information into a language based on predicate logic, and, finally, a tool that analyzes the resulting logic model and displays the results of the analysis. The translation principles are based on a Governance Analysis Model, which is described in UML; the language is the Governance Analysis Language, and the tool is the Governance Analysis Tool.…”

Section: Of 20mentioning

confidence: 99%

See 1 more Smart Citation

Cybersecurity compliance analysis as a service: Requirements specification and application scenarios

Furfaro

Gallo

Garro

et al. 2017

Concurrency and Computation

View full text Add to dashboard Cite

Summary Cybersecurity compliance analysis is the process of assessing whether the behavior of an IT system or application conforms to the cybersecurity rules and regulations in force. This assessment can be offered as a service by exploiting available cloud technologies, and, indeed, it is one of the services classified by the Cloud Security Alliance (CSA) as part of the security information and event management (SIEM) category of the SecaaS (security as a service) domain. The definition and implementation of this typology of cloud services are challenging activities due to the complexity of both the reference business domain and the compliance analysis services to be provided themselves. The paper exploits a recently proposed requirements methodology, called GOReM (goal‐oriented requirements methodology), to support the conceptualization and subsequent implementation of cybersecurity compliance analysis services. In particular, two different application scenarios regarding compliance analysis of an existing or under development IT system/application are presented and discussed. In both the scenarios, GOReM allows to grasp and understand the many and complex issues to address for providing secure cloud services to worldwide customers, also due to the numerous, different and ever changing legal aspects, which have to be taken into account by service providers.

show abstract

Section: Motivations and Related Workmentioning

confidence: 99%

Section: Of 20mentioning

confidence: 99%

Cybersecurity compliance analysis as a service: Requirements specification and application scenarios

Furfaro

Gallo

Garro

et al. 2017

Concurrency and Computation

View full text Add to dashboard Cite

show abstract

“…Hassan and Logrippo developed a logic-based approach to compliance checking for requirements based on Alloy [11], [12], [13]. Their most recent work includes a model for extracting legal requirements from legal texts, a set of rules to translate those requirements into a formal logic, and tool support to analyze the resulting logical model for compliance [13].…”

Section: Related Workmentioning

confidence: 99%

“…Their most recent work includes a model for extracting legal requirements from legal texts, a set of rules to translate those requirements into a formal logic, and tool support to analyze the resulting logical model for compliance [13]. Although this research provides a reasonably comprehensive methodology for establishing compliance in legal requirements, it does not examine how people make decisions when asked to consider regulatory compliance for software requirements.…”

Section: Related Workmentioning

confidence: 99%

Evaluating Legal Implementation Readiness Decision-Making

Massey

Otto

Antn

2015

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

Software systems are increasingly regulated. Software engineers therefore must determine which requirements have met or exceeded their legal obligations and which requirements have not. Requirements that have met or exceeded their legal obligations are legally implementation ready, whereas requirements that have not met or exceeded their legal obligations need further refinement. In this paper, we examine how software engineers make these determinations using a multi-case study with three cases. Each case involves assessment of requirements for an electronic health record system that must comply with the US Health Insurance Portability and Accountability Act (HIPAA) and is measured against the evaluations of HIPAA compliance subject matter experts. Our first case examines how individual graduate-level software engineering students assess whether the requirements met or exceeded their HIPAA obligations. Our second case replicates the findings from our first case using a different set of participants. Our third case examines how graduate-level software engineering students assess requirements using the Wideband Delphi approach to deriving consensus in groups. Our findings suggest that the average graduate-level software engineering student is ill-prepared to write legally compliant software with any confidence and that domain experts are an absolute necessity.

show abstract

Compliance checking of software processes: A systematic literature review

Ardila

Gallina

Muram

2022

J Software Evolu Process

View full text Add to dashboard Cite

The processes used to develop software need to comply with normative requirements (e.g., standards and regulations) to align with the market and the law. Manual compliance checking is challenging because there are numerous requirements with changing nature and different purposes. Despite the importance of automated techniques, there is not any systematic study in this field. This lack may hinder organizations from moving toward automated compliance checking practices. In this paper, we characterize the methods for automatic compliance checking of software processes, including used techniques, potential impacts, and challenges. For this, we undertake a systematic literature review (SLR) of studies reporting methods in this field. As a result, we identify solutions that use different techniques (e.g., anthologies and metamodels) to represent processes and their artifacts (e.g., tasks and roles). Various languages, which have diverse capabilities for managing competing and changing norms, and agile strategies, are also used to represent normative requirements. Most solutions require tool‐support concretization and enhanced capabilities to handle processes and normative diversity. Our findings outline compelling areas for future research. In particular, there is a need to select suitable languages for consolidating a generic and normative‐agnostic solution, increase automation levels, tool support, and boost the application in practice by improving usability aspects.

show abstract

Towards a process for legally compliant software

Cited by 3 publications

References 28 publications

Cybersecurity compliance analysis as a service: Requirements specification and application scenarios

Cybersecurity compliance analysis as a service: Requirements specification and application scenarios

Evaluating Legal Implementation Readiness Decision-Making

Compliance checking of software processes: A systematic literature review

Contact Info

Product

Resources

About