Name
Abstract | ||
|---|---|---|
Context: Ensuring software systems conforming to multiple sources of relevant policies, laws, and regulations is significant because the consequences of infringement can be serious. Unfortunately, this goal is hardly achievable due to the divergence and frequent changes of compliance sources and the differences in perception and expertise of the involved stakeholders. In the long run, these issues lead to problems regarding complexity, understandability, maintainability, and reusability of compliance concerns. Objective: In this article, we present a model-driven and view-based approach for addressing problems related to compliance concerns. Method: Compliance concerns are represented using separate view models. This is achieved using domain-specific languages (DSLs) that enable non-technical and technical experts to formulate only the excerpts of the system according to their expertise and domain knowledge. The compliance implementations, reports, and documentation can be automatically generated from the models. The applicability of our approach has been validated using an industrial case study. Results: Our approach supports stakeholders in dealing with the divergence of multiple compliance sources. The compliance controls and relevant reports and documentation are generated from the models and hence become traceable, understandable, and reusable. Because the generated artifacts are associated with the models, the compliance information won't be lost as the system evolves. DSLs and view models convey compliance concerns to each stakeholder in a view that is most appropriate for his/her current work task. Conclusions: Our approach lays a solid foundation for ensuring conformance to relevant laws and regulations. This approach, on the one hand, aims at addressing the variety of expertise and domain knowledge of stakeholders. On the other hand, it also aims at ensuring the explicit links between compliance sources and the corresponding implementations, reports, and documents for conducting many important tasks such as root cause analysis, auditing, and governance. |
Year | DOI | Venue |
|---|---|---|
2012 | 10.1016/j.infsof.2012.01.001 | Information & Software Technology |
Keywords | Field | DocType |
multiple compliance source,involved stakeholders,compliance concern,relevant law,compliance information,compliance source,view-based approach,compliance implementation,domain knowledge,service-oriented architecture,compliance control,domain specific languages,software engineering,service oriented architectures | Domain-specific language,Data mining,Systems engineering,Domain knowledge,Stakeholder,Computer science,Root cause analysis,Software system,Implementation,Documentation,Maintainability | Journal |
Volume | Issue | ISSN |
54 | 6 | 0950-5849 |
Citations | PageRank | References |
16 | 0.67 | 45 |
Authors | ||
6 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Huy Tran | 1 | 286 | 31.59 |
| Uwe Zdun | 2 | 1429 | 148.33 |
| Ta'id Holmes | 3 | 56 | 5.66 |
| Ernst Oberortner | 4 | 42 | 4.63 |
| Emmanuel Mulo | 5 | 45 | 2.68 |
| Schahram Dustdar | 6 | 9347 | 575.71 |