Legal Requirements Acquisition for the Specification of Legally Compliant Information Systems
No Thumbnail Available
Files
Date
2009-04-22
Authors
Journal Title
Series/Report No.
Journal ISSN
Volume Title
Publisher
Abstract
U.S. Federal and state regulations impose mandatory and discretionary requirements on industrywide business practices to achieve non-functional, societal goals such as improved accessibility, privacy and safety. The structure and syntax of regulations affects how well software engineers identify and interpret legal requirements. Inconsistent interpretations can lead to noncompliance and violations of the law. To support software engineers who must comply with these regulations, I propose a Frame-Based Requirements Analysis Method (FBRAM) to acquire and specify legal requirements from U.S. federal regulatory documents. The legal requirements are systematically specified using a reusable, domain-independent upper ontology, natural language phrase heuristics, a regulatory document model and a frame-based markup language. The methodology maintains traceability from regulatory statements and phrases to formal properties in a frame-based model and supports the resolution of multiple types of legal ambiguity. The methodology is supported by a software prototype to assist engineers with applying the model and with analyzing legal requirements. This work is validated in three domains, information privacy, information accessibility and aviation safety, which are governed by the Health Insurance Portability and Accountability Act of 1996, the Rehabilitation Act Amendments of 1998, and the Federal Aviation Act of 1958, respectively.
Description
Keywords
law, requirements engineering, compliance, governance
Citation
Degree
PhD
Discipline
Computer Science
