A legal cross-references taxonomy for reasoning about compliance requirements

Requirements Engineering

Volumn 17, Issue 2, 2012, Pages 99-115

  Maxwell, Jeremy C ^a,b   Antón, Annie I ^a   Swire, Peter ^c   Riaz, Maria ^a   McCraw, Christopher M ^a  

^a North Carolina State University   (United States)

^b Allscripts Healthcare Solutions   (United States)

^c OHIO STATE UNIVERSITY   (United States)

Author keywords

Conflicting requirements; Financial systems; Healthcare IT; Regulatory compliance; Requirements engineering; Software compliance engineering

Indexed keywords

CONFLICTING REQUIREMENTS; FINANCIAL SYSTEM; GRAMM-LEACH-BLILEY ACTS; HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACTS; HEALTHCARE IT; LAWS AND REGULATIONS; LEGAL COMPLIANCE; NON-COMPLIANCE; PRIVACY RULE; REQUIREMENTS ENGINEERS; SOFTWARE COMPLIANCE;

HEALTH CARE; HEALTH INSURANCE; LEACHING; REGULATORY COMPLIANCE; TAXONOMIES;

REQUIREMENTS ENGINEERING;

EID: 84861713075     PISSN: 09473602     EISSN: 1432010X     Source Type: Journal    
DOI: 10.1007/s00766-012-0152-5     Document Type: Article

References (42)

1. Antón AI, Earp JB (2004) A requirements taxonomy for reducing web site privacy vulnerabilities. Requir Eng J 9(3): 169-185.
2. Antón AI, Earp JB, Carter RA (2003) Precluding incongruous behavior by aligning software requirements with security and privacy policies. Inf Softw Technol 45(14): 967-977.
3. Bench-Capon TJM, Robinson GO, Routen TW, Sergot MJ (1987) Logic programming for large scale applications in law: a formalisation of supplementary benefit legislation. In: 1st international conference on AI and Law, 1987, pp 190-198.
4. Berenbach B, Gruseman D, Cleland-Huang J (2010) Application of just in time tracing to regulatory codes. In: 8th conference on systems engineering research.
5. Boehm B, In H (1996) Identifying quality-requirements conflicts. IEEE Softw 13(2): 25-35.
6. Breaux TD (2009) Legal requirements acquisition for the specification of legally compliant information systems, PhD Thesis, NCSU.
7. Breaux TD, Antón AI (2008) Analyzing regulatory rules for privacy and security requirements. IEEE Trans Softw Eng 34(1): 5-20.
8. Breaux TD, Vail MW, Antón AI (2006) Towards regulatory compliance: extracting rights and obligations to align requirements with regulations. In: 14th IEEE international requirements engineering conference 2006, pp 46-55.
9. Cholvy (1999) Checking regulation consistency by using SOL-resolution. In: 7th international conference on AI & Law, pp 73-79.
10. Cleland-Huang J, Czauderna A, Gibiec M, Emenecker J (2010) A machine learning approach for tracing regulatory codes to product specific requirements. In: 32nd IEEE international conference on software engineering.
11. Cohen ML, Olson KC (2000) Legal research, West.
12. Damian DE, Zowghi D (2003) Requirements engineering challenges in multi-site software development organizations. Requir Eng J 8: 149-160.
13. Easterbrook S, Nuseibeh B (1995) Managing inconsistencies in an evolving specification. In: Proceedings of the 2nd IEEE international symposium on requirements engineering, pp 48-55.
14. Emmerich W, Finkelstein A, Montangero C, Antonelli S, Armitage S, Stevens R (1999) Managing standards compliance. Trans Softw Eng 25(6): 836-851.
15. van Engers TM, Boekenoogen MR (2003) Improving legal quality: an application report. In: 9th international conference on AI and Law, pp 284-292.
16. 2010 Global Information Survey, Ernst & Young, 2010.
17. Ghanavati S, Amyot D, Peyton L (2009) Compliance analysis based on a goal-oriented requirement language evaluation methodology. In: Proceedings of the 17th IEEE international conference on requirements engineering, pp 133-142.
18. Glaser BG (1978) Theoretical sensitivity. Sociology Press, Mill Valley, CA.
19. Glaser BG, Strauss AL (1967) The discovery of grounded theory. Aldine Transaction, Chicago.
20. Hamdaqa M, Hamou-Lhadj A (2009) Citation analysis: an approach for facilitating the understanding and the analysis of regulatory compliance documents. In: 6th international conference on information technology: new generations, pp 278-283.
21. Hart HM Jr, Wechsler H, Fallon RH Jr, Manning JF, Meltzer DJ, Shapiro DL (2009) The federal courts and the federal system, 6th edn. Foundation Press, Minneapolis.
22. Hohfeld WN (1913) Some fundamental legal conceptions as applied in judicial reasoning. Yale Law J 23(1): 16-59.
23. Karlsson L, Dahlstedt AG, Regnell B, Natt och Dag J, Persson A (2007) Requirements engineering challenges in market-driven software development-an interview study with practioners. Inf Softw Technol 49: 588-604.
24. Krebs B (2009) Choice point breach, exposed 13, 750 consumer records. The Washington Post. http://voices.washingtonpost.com/securityfix/2009/10/choicepoint_breach_exposed_137.html. Accessed 19 Oct 2009.
25. van Lamsweerde A, Darimont R, Letier E (1998) Managing conflicts in goal-driven requirements engineering. IEEE Trans Softw Eng 24(11): 908-926.
26. Massey AK, Otto PN, Antón AI (2009) Prioritizing legal requirements. In: 2nd international workshop on RE and Law.
27. Maxwell JC, Antón AI (2009) Developing production rule models to aid in acquiring requirements from legal texts. In: 17th international IEEE requirements engineering conference, pp 101-110.
28. Maxwell JC, Antón AI (2010) A refined production rule model for aiding in regulatory compliance. NCSU technical report TR-2010-3, ftp://ftp.ncsu.edu/pub/unity/lockers/ftp/csc_anon/tech/2010/TR-2010-3.pdf.
29. Maxwell JC, Antón AI (2010) The production rule framework: developing a canonical set of software requirements for compliance with law. In: 1st ACM international health informatics symposium.
30. Maxwell JC, Anton AI, Swire P (2011) A legal cross-references taxonomy for identifying conflicting software requirements. In: 19th IEEE international requirements engineering conference.
31. May MJ, Gunter CA, Lee I (2006) Privacy APIs: access control techniques to analyze and verify legal privacy policies. In: 19th IEEE computer section foundations workshop, pp 85-97.
32. Otto PN, Antón AI (2007) Addressing legal requirements in requirements engineering. In: 15th IEEE international requirements engineering conference, pp 5-14.
33. Otto PN, Antón AI, Baumer DL (2007) The choice point dilemma: how data brokers should handle the privacy of personal information. IEEE Secur Priv 5(5): 15-23.
34. Robinson WN, Fickas S (1994) Supporting multi-perspective requirements engineering. In: 1st IEEE international requirements engineering conference, pp 206-215.
35. Siena A, Mylopoulos J, Perini A, Susi A (2009) Designing law-compliant software requirements. In: 28th international conference on conceptual modeling.
36. Thurimella AK, Bruegge B (2007) Evolution in product line requirements engineering: a rationale management approach. In: 15th IEEE requirements engineering conference, pp 254-257.
37. Vijayan J (2011) Stanford hospital blames contractor for data breach. http://www.computerworld.com.
38. Vijayan J (2011) Defense Dept. Hit with $4. 9B Lawsuit over data breach. http://www.computerworld.com.
39. Watt v. Alaska, 451 U. S. 259, 285-86 (1981) (Stewart, J., dissenting) (quoting Theodore Sedgwick & John Norton Pomeroy. A treatise on the rules which govern the interpretation and construction of statutory and constitutional law 14 (2nd edn., Baker, Voorhis & Co. 1874).
40. Yin RK (2003) Case study research: design and methods. In: Applied social research methods series, vol 5, 3rd ed.
41. Young JD (2010) Commitment analysis to operationalize software requirements from privacy notices. Requir Eng J 16: 33-46.
42. Zhang P, Koppaka L(2007) Semantics-based legal citation network. In: 11th international conference on AI and Law, pp 123-130.