Goal-oriented compliance with multiple regulations

Author

Ghanavati, Sara ; Rifaut, Andre ; Dubois, Eric ; Amyot, Daniel

Author_Institution

CRP Henri Tudor, Luxembourg City, Luxembourg

fYear

2014

fDate

25-29 Aug. 2014

Firstpage

73

Lastpage

82

Abstract

Most systems and business processes in organizations need to comply with more than one law or regulation. Different regulations can partially overlap (e.g., one can be more detailed than the other) or even conflict with each other. In addition, one regulation can permit an action whereas the same action in another regulation might be mandatory or forbidden. In each of these cases, an organization needs to take different strategies. This paper presents an approach to handle different situations when comparing and attempting to comply with multiple regulations as part of a goal-oriented modeling framework named LEGAL-URN. This framework helps organizations find suitable trade-offs and priorities when complying with multiple regulations while at the same time trying to meet their own business objectives. The approach is illustrated with a case study involving a Canadian health care organization that must comply with four laws related to privacy, quality of care, freedom of information, and care consent.

Keywords

conformance testing; formal specification; legislation; Canadian health care organization; LEGAL-URN; business objectives; business processes; care consent; data privacy; freedom of information; goal-oriented compliance; goal-oriented modeling framework; multiple regulation; organizations; quality of care; Law; Organizations; Privacy; Sections; Watermarking; Conflict Management; Goal-oriented Requirements Language; Legal Compliance; Multiple Regulations;

fLanguage

English

Publisher

ieee

Conference_Titel

Requirements Engineering Conference (RE), 2014 IEEE 22nd International

Conference_Location

Karlskrona

Print_ISBN

978-1-4799-3031-9

Type

conf

DOI

10.1109/RE.2014.6912249

Filename

6912249