Managing legal interpretation in regulatory compliance

Boella, Guido; Janssen, Marijn; Hulstijn, Joris; Humphreys, Llio; Torre, Leendert van der

doi:10.1145/2514601.2514605

Cited by 25 publications

(23 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A repository of compliance requirements has also been proposed [34], although without real tool support. Assurances demonstrating the correctness of compliance requirements with respect to the sources have been suggested, especially in terms of traceability links [4,9] and formal proofs [36,3,31].…”

Section: Interpretmentioning

confidence: 99%

“…Several works have considered configurable compliance controls for business processes, in the form of compliance descriptors [17], business process templates [28] and configurable compliance rules [27]. Implementation automa- Assurances N/A [3,4,9,31,36] [ 25,35] N/A [12,23,26] Performance N/A N/A N/A [33] tion has been addressed from different perspectives. While some approaches have proposed an automated derivation of compliance controls from the requirement descriptions [35], others have presented repositories of reusable process fragments [30] or compliance rules [27].…”

Section: Implementmentioning

confidence: 99%

See 1 more Smart Citation

Towards adaptive compliance

García-Galán

Pasquale

Grispos

et al. 2016

Proceedings of the 11th International Symposium on Software Engineering for Adaptive and Self-Managing Systems

View full text Add to dashboard Cite

Mission critical software is often required to comply with multiple regulations, standards or policies. Recent paradigms, such as cloud computing, also require software to operate in heterogeneous, highly distributed, and changing environments. In these environments, compliance requirements can vary at runtime and traditional compliance management techniques, which are normally applied at design time, may no longer be sufficient. In this paper, we motivate the need for adaptive compliance by illustrating possible compliance concerns determined by runtime variability. We further motivate our work by means of a cloud computing scenario, and present two main contributions. First, we propose and justify a process to support adaptive compliance that extends the traditional compliance management lifecycle with the activities of the Monitor-Analyse-Plan-Execute (MAPE) loop, and enacts adaptation through re-configuration. Second, we explore the literature on software compliance and classify existing work in terms of the activities and concerns of adaptive compliance. In this way, we determine how the literature can support our proposal and what are the open research challenges that need to be addressed in order to fully support adaptive compliance.

show abstract

Section: Interpretmentioning

confidence: 99%

Section: Implementmentioning

confidence: 99%

Towards adaptive compliance

García-Galán

Pasquale

Grispos

et al. 2016

Proceedings of the 11th International Symposium on Software Engineering for Adaptive and Self-Managing Systems

View full text Add to dashboard Cite

show abstract

“…1 in Figure 1 indicates that interpretations of regulation text by such stakeholders as enterprise legal advisors, compliance experts, CxO level business stakeholders, and operational managers, which are prevalent and even necessary in industry are ignored in formal approaches to a large extent [14]. Formal approaches often show direct translation of regulations to rules in the formal language used by the approach.…”

Section: Motivation and Related Workmentioning

confidence: 99%

“…A terminological mapping would essentially tell where in the operational activities a rule from the regulation becomes applicable. Surprisingly, formal compliance checking approaches implicitly assume such mapping to exist without describing how to arrive at it as also indicated in [14], [15], and [16]. If some means were provided whereby similarity between concepts from regulations and operational specifics could be formally established, then it would be easier to relate concepts from regulations with operational specifics and indicate where a rule from regulation becomes applicable.…”

Section: Introductionmentioning

confidence: 99%

Toward Better Mapping between Regulations and Operations of Enterprises Using Vocabularies and Semantic Similarity

Sunkle

Kholkar

Kulkarni

2015

J. Complex Syst. Inform. Model. Q.

View full text Add to dashboard Cite

Abstract. Industry governance, risk, and compliance (GRC) solutions stand to gain from various analyses offered by formal compliance checking approaches. Such adoption is made difficult by the fact that most formal approaches assume that a mapping between concepts of regulations and models of operational specifics exists. Industry solutions offer tagging mechanisms to map regulations to operational specifics; however, they are mostly semi-formal in nature and tend to rely extensively on experts. We propose to use Semantics of Business Vocabularies and Rules along with similarity measures to create an explicit mapping between concepts of regulations and models of operational specifics of the enterprise. We believe that our work-in-progress takes a step toward adapting and leveraging formal compliance checking approaches in industry GRC solutions.

show abstract

“…Determining whether an automatically found, potentially compliance-violating process fragment really represents a compliance violation requires a discussion among experts (Boella et al 2013). & Fourth, even if the compliance checking approach is applicable to multiple modeling languages, the definition of compliance rules depends on the actual modeling language in use.…”

Section: Limitationsmentioning

confidence: 99%

Business process compliance checking – applying and evaluating a generic pattern matching approach for conceptual models in the financial sector

et al. 2014

View full text Add to dashboard Cite

Given the strong increase in regulatory requirements for business processes the management of business process compliance becomes a more and more regarded field in IS research. Several methods have been developed to support compliance checking of conceptual models. However, their focus on distinct modeling languages and mostly linear (i.e., predecessor-successor related) compliance rules may hinder widespread adoption and application in practice. Furthermore, hardly any of them has been evaluated in a real-world setting. We address this issue by applying a generic pattern matching approach for conceptual models to business process compliance checking in the financial sector. It consists of a model query language, a search algorithm and a corresponding modelling tool prototype. It is (1) applicable for all graph-based conceptual modeling languages and (2) for different kinds of compliance rules. Furthermore, based on an applicability check, we (3) evaluate the approach in a financial industry project setting against its relevance for decision support of audit and compliance management tasks.

show abstract

Managing legal interpretation in regulatory compliance

Cited by 25 publications

References 13 publications

Towards adaptive compliance

Towards adaptive compliance

Toward Better Mapping between Regulations and Operations of Enterprises Using Vocabularies and Semantic Similarity

Business process compliance checking – applying and evaluating a generic pattern matching approach for conceptual models in the financial sector

Contact Info

Product

Resources

About