Most systems and business processes in organizations need to comply with more than one law or regulation. Different regulations can partially overlap (e.g., one can be more detailed than the other) or even conflict with each other. In addition, one regulation can permit an action whereas the same action in another regulation might be mandatory or forbidden. In each of these cases, an organization needs to take different strategies. This paper presents an approach to handle different situations when comparing and attempting to comply with multiple regulations as part of a goal-oriented modeling framework named LEGAL-URN. This framework helps organizations find suitable trade-offs and priorities when complying with multiple regulations while at the same time trying to meet their own business objectives. The approach is illustrated with a case study involving a Canadian health care organization that must comply with four laws related to privacy, quality of care, freedom of information, and care consent.
- Please feel free to discuss this article directly on this page. Constructive comments are welcomed! Please sign your TWiki name.
| Title || Goal-Oriented Compliance with Multiple Regulations |
| Authors || S. Ghanavati, D. Amyot, A. Rifaut and E. Dubois |
| Type || Conference |
| Conference/Journal Title || 22nd IEEE Int. Requirements Engineering Conf. (RE14) |
| Volume/Number || |
| Editors || |
| Publisher || IEEE CS |
| Month || August |
| Year || 2014 |
| Pages || 73-82 |
| DOI || |
| Keywords || Legal Compliance, Multiple Regulations, Conflict Management, Goal-oriented Requirements Language |