Your SlideShare is downloading. ×
0
Iv 4 Sp 12 Presentation 001
Iv 4 Sp 12 Presentation 001
Iv 4 Sp 12 Presentation 001
Iv 4 Sp 12 Presentation 001
Iv 4 Sp 12 Presentation 001
Iv 4 Sp 12 Presentation 001
Iv 4 Sp 12 Presentation 001
Iv 4 Sp 12 Presentation 001
Iv 4 Sp 12 Presentation 001
Iv 4 Sp 12 Presentation 001
Iv 4 Sp 12 Presentation 001
Iv 4 Sp 12 Presentation 001
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Iv 4 Sp 12 Presentation 001

512

Published on

Compliance in e-government service engineering State-of-the-art …

Compliance in e-government service engineering State-of-the-art
Slim Turki, Marija Bjeković-Obradović
CRP Henri Tudor, Luxembourg

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
512
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. IESS 1.0 - First International Conference on Exploring Services Sciences 17-18-19 February 2010, Geneva, Switzerland Compliance in e-government service engineering State-of-the-art Slim Turki, Marija Bjeković-Obradović {slim.turki, marija.bjekovic}@tudor.lu CRP Henri Tudor, Luxembourg 2/18/10 IESS 1.0 1
  • 2. Context ➤  Organisations faced with need to conform to various laws and regulations governing their domain of activity ➤  Obligation of compliance particularly stressed in e-government. ➤  e-government: “the use of ICT systems and tools to provide better public services to citizens and other businesses” [EC] ➤  administrative laws regulate the activities and decision-making of governmental institutions. ➤  Regulation ➤  extensive source of requirements to be respected when designing IS that support institutional activities and (e-)services to public. ➤  Approaches aiming to achieve and maintain regulatory compliance of IS and services with given regulations 2/18/10 IESS 1.0 2
  • 3. Overview ➤  Compliance in the business process research area ➤  Extracting compliance requirements from legal texts ➤  Deontic logic - Extracting rights and obligations ➤  Modeling regulations with goal-oriented models ➤  Traceability support for compliance 2/18/10 IESS 1.0 3
  • 4. Compliance in the business process research area ➤  (Kharbili et al., 2008) ●  Ontologies for formal modeling of regulations, to resolve inconsistency of legal definitions and regulatory information fragments. ●  Coupled with business processes, basis for compliance management framework, to manage evolution in both business process and legislation. ➤  (Karagiannis et al., 2007, 2008) ●  Meta-modeling based approach: regulatory aspects expressed in models, and included into business processes models, to improve or redesign them for compliance with corresponding regulations. ●  Applied to Sarbanes-Oxley (SOX) act. 2/18/10 IESS 1.0 4
  • 5. Compliance in the business process research area ➤  (Rifaut, 2005) ●  PRM / PAM ●  Support for financial business process design (compliant to Basel II), and for assessment of compliance and its improvement. ●  Goal-oriented models and ISO/IEC 15504 process assessment standard used for structuring requirements for business process, and together compose a formal framework according to which compliance of business process is assessed. 2/18/10 IESS 1.0 5
  • 6. Deontic logic (1/2) ➤  Extracting rights and obligations from regulations ➤  (Kiyavitskaya et al., 2007) (Zeni et al., 2008) ●  Extraction of “objects of concern” (right, anti-right, obligation, anti- obligation, and exception) from legal texts ●  Semantic annotation tool Cerno: Obligations, constraints and condition keywords are highlighted in a regulation and a list of constraints and obligations are obtained (including traceability markers). ➤  (Biagioli et al.) (Palmirani, 2003) ●  Automated extraction of normative references, such as specific rights and obligations, detailed in legal texts ●  Address problem of law’s evolution by tracking changes over time. 2/18/10 IESS 1.0 6
  • 7. Deontic logic (2/2) ➤  (Breaux and Antón, 2006), (Breaux and Antón , 2008) ●  Extract and balance formal descriptions of rules (rights and obligations) that govern actors' actions from regulation. ●  Combines goal-oriented analysis of legal documents and techniques for extracting rights, obligations, constraints, rules from natural language statements in legal text. ●  Strength: resolving the problems of ambiguity, polysemy, cross- references when analyzing legal text, and maintaining traceability across all the artefacts in the process. ●  Has been applied to US regulation governing information privacy in health care domain. 2/18/10 IESS 1.0 7
  • 8. Modeling regulations with goal- oriented models ➤  SecureTropos (Giorgini et al., 2005) ●  Goal-oriented techniques to model security requirements ●  Assessing organization's compliance with Italian Data Protection Act. ●  Manual extraction of concepts from law, coverage of legal documents limited only to security aspect. ➤  (Ghanavati et al., 2007) ●  Tracking compliance of business processes to legislation, ●  Combines goal-oriented requirement language (GRL), user requirements notation (URN), and use case maps (UCM). ●  Links between models of legislation, organisation policy and processes, to enable examining the influence of evolving legislations on organizational policies and business processes.. ●  Applied in the domain of information privacy in healthcare in Canada. 2/18/10 IESS 1.0 8
  • 9. Extracting compliance requirements from legal texts - Challenges ➤  Modeling regulations and extracting key concepts recognized as challenging tasks for requirements engineers, system developers and compliance auditors (Otto et Antón, 2007) (Kiavitskaya et al., 2008) ●  the very nature of language in which laws are written, containing many ambiguities, cross-references, domain-specific definitions, acronyms etc., ●  overlapping or complementing regulations at different level of authority, ●  frequent changes or amendment of regulations over time, etc. ➤  Law analysis prone to interpretations and misunderstandings 2/18/10 IESS 1.0 9
  • 10. Traceability support for compliance ➤  Traceability gaining on significance ●  Ability to maintain links between originating laws and derived artefacts (requirements, IS specifications etc.) as measure to enable better understanding of legal documents and to prevent non-compliance of produced specifications. ➤  (Ghanavati et al., 2007) ●  Set of links to establish between legislation and organizational models. ➤  (Breaux and Antón) ●  Traceability maintained across all the artefacts produced from legal text to the corresponding software requirements. ●  Most of the traceability links to be established manually. 2/18/10 IESS 1.0 10
  • 11. Conclusion ➤  RE community ●  Elaborated techniques, concepts and tool support. ●  Assumption: compliance can be achieved at the requirements level, through the harmonization between IS requirements and those derived from legislation. ●  Address compliance regarding specific security and privacy regulations. ➤  Approaches centred on business process ●  More at the level of organization, its strategy, policies and process, rather than on the underlying IS level. ●  Including requirements imposed by specific regulation, to existing business processes, to ensure or assess their compliance. ●  Focus on modeling dynamic aspects of organization ●  Service engineering requires more aspects, not only business processes, be covered. ➤  No method, in the literature, specific to the design of compliant e-government services. 2/18/10 IESS 1.0 11
  • 12. IESS 1.0 - First International Conference on Exploring Services Sciences 17-18-19 February 2010, Geneva, Switzerland Compliance in e-government service engineering State-of-the-art Thank you for your attention! Slim Turki, Marija Bjeković-Obradović {slim.turki, marija.bjekovic}@tudor.lu CRP Henri Tudor, Luxembourg 2/18/10 IESS 1.0 12

×