Automating the Extraction of Rights and Obligations for Regulatory Compliance

Abstract: Abstract. Government regulations are increasingly affecting the security, privacy and governance of information systems in the United States, Europe and elsewhere. Consequently, companies and software developers are required to ensure that their software systems comply with relevant regulations, either through design or re-engineering. We previously proposed a methodology for extracting stakeholder requirements, called rights and obligations, from regulations. In this paper, we examine the challenges to develo… Show more

“…At the system's scale, it has been pioneered by Sawyer et al within the REVERE project and tool while having initial results in detection of roles and "shall"/"should" to distinguish between requirements types [21]. Kiyavitskaya et al use GaiusT to extract rights, obligations, on both HIPAA (Health Insurance Portability and Accountability Act) and equivalent Italian regulations [15]. It is not based upon a term-frequency analysis but relies on text decomposition in a parse tree conforming to a structured grammar and fragments annotations.…”

“…Traditional Requirements Engineering often considers requirements at a technical level, within a developmentdriven perspective, except for some particular cases concerning regulatory requirements and legal conformance issues [2][9] [15], and tends to handle requirements into one unique level of analysis. However, there exists another fringe of requirements coming from high level documents such as laws, standards or regulatory texts that express high level objectives and requirements on the system.…”

Toward multilevel textual requirements traceability using model-driven engineering and information retrieval

“…At the system's scale, it has been pioneered by Sawyer et al within the REVERE project and tool while having initial results in detection of roles and "shall"/"should" to distinguish between requirements types [21]. Kiyavitskaya et al use GaiusT to extract rights, obligations, on both HIPAA (Health Insurance Portability and Accountability Act) and equivalent Italian regulations [15]. It is not based upon a term-frequency analysis but relies on text decomposition in a parse tree conforming to a structured grammar and fragments annotations.…”

“…Traditional Requirements Engineering often considers requirements at a technical level, within a developmentdriven perspective, except for some particular cases concerning regulatory requirements and legal conformance issues [2][9] [15], and tends to handle requirements into one unique level of analysis. However, there exists another fringe of requirements coming from high level documents such as laws, standards or regulatory texts that express high level objectives and requirements on the system.…”

Toward multilevel textual requirements traceability using model-driven engineering and information retrieval

“…At the system's scale, it has been pioneered by Sawyer et al [21] within the REVERE project and tool while having initial results in detection of roles and "shall"/"should" to distinguish between requirements types. Kiyavitskaya et al [15] use GaiusT to extract rights, obligations, on both HIPAA (Health Insurance Portability and Accountability Act) and equivalent Italian regulations. It is not based upon a term-frequency analysis but relies on text decomposition in a parse tree conforming to a structured grammar and fragments annotations.…”

Defining and retrieving themes in nuclear regulations

“…At the system's scale, it has been pioneered by Sawyer et al [32] within the REVERE project and distinguish between requirements types. Kiyavitskaya et al [33] use GaiusT to extract rights, obligations, on both HIPAA and equivalent Italian regulations. It relies on text decomposition in a parse tree.…”

INCREMENT: A Mixed MDE-IR Approach for Regulatory Requirements Modeling and Analysis