Abstract

Most systems and business processes in organizations need to comply with more than one law or regulation. Different regulations can partially overlap (e.g., one can be more detailed than the other) or even conflict with each other. In addition, one regulation can permit an action whereas the same action in another regulation might be mandatory or forbidden. In each of these cases, an organization needs to take different strategies. This paper presents an approach to handle different situations when comparing and attempting to comply with multiple regulations as part of a goal-oriented modeling framework named LEGAL-URN. This framework helps organizations find suitable trade-offs and priorities when complying with multiple regulations while at the same time trying to meet their own business objectives. The approach is illustrated with a case study involving a Canadian health care organization that must comply with four laws related to privacy, quality of care, freedom of information, and care consent.

Discussion

  • Please feel free to discuss this article directly on this page. Constructive comments are welcomed! Please sign your TWiki name.

FormForVirtualLibrary edit

Title Goal-Oriented Compliance with Multiple Regulations
Authors S. Ghanavati, D. Amyot, A. Rifaut and E. Dubois
Type Conference
Conference/Journal Title 22nd IEEE Int. Requirements Engineering Conf. (RE’14)
Volume/Number
Editors
Publisher IEEE CS
Month August
Year 2014
Pages 73-82
DOI
Keywords Legal Compliance, Multiple Regulations, Conflict Management, Goal-oriented Requirements Language
Topic revision: r2 - 30 Aug 2014, DanielAmyot
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback