Iv 4 Sp 12 Presentation 001
•
0 likes•251 views
Compliance in e-government service engineering State-of-the-art Slim Turki, Marija Bjeković-Obradović CRP Henri Tudor, Luxembourg
![Context
➤ Organisations faced with need to conform to various laws and
regulations governing their domain of activity
➤ Obligation of compliance particularly stressed in e-government.
➤ e-government: “the use of ICT systems and tools to provide better
public services to citizens and other businesses” [EC]
➤ administrative laws regulate the activities and decision-making of
governmental institutions.
➤ Regulation
➤ extensive source of requirements to be respected when designing IS
that support institutional activities and (e-)services to public.
➤ Approaches aiming to achieve and maintain regulatory compliance
of IS and services with given regulations
2/18/10 IESS 1.0 2](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recommended
More Related Content
Similar to Iv 4 Sp 12 Presentation 001
Similar to Iv 4 Sp 12 Presentation 001 (20)
More from IESS
More from IESS (20)
Recently uploaded
Recently uploaded (20)
Iv 4 Sp 12 Presentation 001
- 1. IESS 1.0 - First International Conference on Exploring Services Sciences 17-18-19 February 2010, Geneva, Switzerland Compliance in e-government service engineering State-of-the-art Slim Turki, Marija Bjeković-Obradović {slim.turki, marija.bjekovic}@tudor.lu CRP Henri Tudor, Luxembourg 2/18/10 IESS 1.0 1
- 2. Context ➤ Organisations faced with need to conform to various laws and regulations governing their domain of activity ➤ Obligation of compliance particularly stressed in e-government. ➤ e-government: “the use of ICT systems and tools to provide better public services to citizens and other businesses” [EC] ➤ administrative laws regulate the activities and decision-making of governmental institutions. ➤ Regulation ➤ extensive source of requirements to be respected when designing IS that support institutional activities and (e-)services to public. ➤ Approaches aiming to achieve and maintain regulatory compliance of IS and services with given regulations 2/18/10 IESS 1.0 2
- 3. Overview ➤ Compliance in the business process research area ➤ Extracting compliance requirements from legal texts ➤ Deontic logic - Extracting rights and obligations ➤ Modeling regulations with goal-oriented models ➤ Traceability support for compliance 2/18/10 IESS 1.0 3
- 4. Compliance in the business process research area ➤ (Kharbili et al., 2008) ● Ontologies for formal modeling of regulations, to resolve inconsistency of legal definitions and regulatory information fragments. ● Coupled with business processes, basis for compliance management framework, to manage evolution in both business process and legislation. ➤ (Karagiannis et al., 2007, 2008) ● Meta-modeling based approach: regulatory aspects expressed in models, and included into business processes models, to improve or redesign them for compliance with corresponding regulations. ● Applied to Sarbanes-Oxley (SOX) act. 2/18/10 IESS 1.0 4
- 5. Compliance in the business process research area ➤ (Rifaut, 2005) ● PRM / PAM ● Support for financial business process design (compliant to Basel II), and for assessment of compliance and its improvement. ● Goal-oriented models and ISO/IEC 15504 process assessment standard used for structuring requirements for business process, and together compose a formal framework according to which compliance of business process is assessed. 2/18/10 IESS 1.0 5
- 6. Deontic logic (1/2) ➤ Extracting rights and obligations from regulations ➤ (Kiyavitskaya et al., 2007) (Zeni et al., 2008) ● Extraction of “objects of concern” (right, anti-right, obligation, anti- obligation, and exception) from legal texts ● Semantic annotation tool Cerno: Obligations, constraints and condition keywords are highlighted in a regulation and a list of constraints and obligations are obtained (including traceability markers). ➤ (Biagioli et al.) (Palmirani, 2003) ● Automated extraction of normative references, such as specific rights and obligations, detailed in legal texts ● Address problem of law’s evolution by tracking changes over time. 2/18/10 IESS 1.0 6
- 7. Deontic logic (2/2) ➤ (Breaux and Antón, 2006), (Breaux and Antón , 2008) ● Extract and balance formal descriptions of rules (rights and obligations) that govern actors' actions from regulation. ● Combines goal-oriented analysis of legal documents and techniques for extracting rights, obligations, constraints, rules from natural language statements in legal text. ● Strength: resolving the problems of ambiguity, polysemy, cross- references when analyzing legal text, and maintaining traceability across all the artefacts in the process. ● Has been applied to US regulation governing information privacy in health care domain. 2/18/10 IESS 1.0 7
- 8. Modeling regulations with goal- oriented models ➤ SecureTropos (Giorgini et al., 2005) ● Goal-oriented techniques to model security requirements ● Assessing organization's compliance with Italian Data Protection Act. ● Manual extraction of concepts from law, coverage of legal documents limited only to security aspect. ➤ (Ghanavati et al., 2007) ● Tracking compliance of business processes to legislation, ● Combines goal-oriented requirement language (GRL), user requirements notation (URN), and use case maps (UCM). ● Links between models of legislation, organisation policy and processes, to enable examining the influence of evolving legislations on organizational policies and business processes.. ● Applied in the domain of information privacy in healthcare in Canada. 2/18/10 IESS 1.0 8
- 9. Extracting compliance requirements from legal texts - Challenges ➤ Modeling regulations and extracting key concepts recognized as challenging tasks for requirements engineers, system developers and compliance auditors (Otto et Antón, 2007) (Kiavitskaya et al., 2008) ● the very nature of language in which laws are written, containing many ambiguities, cross-references, domain-specific definitions, acronyms etc., ● overlapping or complementing regulations at different level of authority, ● frequent changes or amendment of regulations over time, etc. ➤ Law analysis prone to interpretations and misunderstandings 2/18/10 IESS 1.0 9
- 10. Traceability support for compliance ➤ Traceability gaining on significance ● Ability to maintain links between originating laws and derived artefacts (requirements, IS specifications etc.) as measure to enable better understanding of legal documents and to prevent non-compliance of produced specifications. ➤ (Ghanavati et al., 2007) ● Set of links to establish between legislation and organizational models. ➤ (Breaux and Antón) ● Traceability maintained across all the artefacts produced from legal text to the corresponding software requirements. ● Most of the traceability links to be established manually. 2/18/10 IESS 1.0 10
- 11. Conclusion ➤ RE community ● Elaborated techniques, concepts and tool support. ● Assumption: compliance can be achieved at the requirements level, through the harmonization between IS requirements and those derived from legislation. ● Address compliance regarding specific security and privacy regulations. ➤ Approaches centred on business process ● More at the level of organization, its strategy, policies and process, rather than on the underlying IS level. ● Including requirements imposed by specific regulation, to existing business processes, to ensure or assess their compliance. ● Focus on modeling dynamic aspects of organization ● Service engineering requires more aspects, not only business processes, be covered. ➤ No method, in the literature, specific to the design of compliant e-government services. 2/18/10 IESS 1.0 11
- 12. IESS 1.0 - First International Conference on Exploring Services Sciences 17-18-19 February 2010, Geneva, Switzerland Compliance in e-government service engineering State-of-the-art Thank you for your attention! Slim Turki, Marija Bjeković-Obradović {slim.turki, marija.bjekovic}@tudor.lu CRP Henri Tudor, Luxembourg 2/18/10 IESS 1.0 12