A legal cross-references taxonomy for reasoning about compliance requirements

  title={A legal cross-references taxonomy for reasoning about compliance requirements},
  author={Jeremy C. Maxwell and Annie I. Ant{\'o}n and Peter P. Swire and Maria Riaz and Christopher M. McCraw},
  journal={Requirements Engineering},
Companies must ensure their software complies with relevant laws and regulations to avoid the risk of costly penalties, lost reputation, and brand damage resulting from non-compliance. [] Key Method Herein, we analyze each external cross-reference within the U.S. Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, the Gramm–Leach–Bliley Act (GLBA), and the GLBA Financial Privacy Rule to determine whether a cross-reference either introduces a conflicting requirement, a conflicting…

A Strategy for Addressing Ambiguity in Regulatory Requirements

Ambiguities in legal texts can make the difference between regulatory compliance and non-compliance in software systems. Ambiguities are prevalent in laws and regulations. Policy analysts who write

Automated Classification of Legal Cross References Based on Semantic Intent

An approach for automated classification of legal cross references based on their semantic intent is developed, based on a qualitative study indicating that, in most cases, the text segments appearing before and after a cross reference contain cues about the cross reference's intent.

An empirical investigation of software engineers' ability to classify legal cross-references

An empirical study is presented in which the ability of software practitioners to classify cross-references using the previously developed cross-reference taxonomy is measured, finding that software practitioners are not well equipped to understand the impact of cross- References on their software.

An automated framework for detection and resolution of cross references in legal texts

This article proposes an approach and tool support for automated detection and resolution of cross references that leverages the structure of legal texts, formalized into a schema, and a set of natural language patterns for legal cross reference expressions.

Comparing and analyzing definitions in multi-jurisdictions

  • S. GhanavatiT. Breaux
  • Computer Science
    2015 IEEE Eighth International Workshop on Requirements Engineering and Law (RELAW)
  • 2015
A method to analyze and compare natural language definitions across legal texts and how to analyze the legal statements with respect to definitions is developed, which helps reduce the number of comparison between definitions across multiple jurisdictions.

Assessing regulatory change through legal requirements coverage modeling

A preliminary framework and method that can be used by requirements engineers and their legal teams to identify relevant legal requirements and trace changes in requirements coverage is introduced.

L-SQUARE: Preliminary extension of the SQUARE methodology to address legal compliance

  • Aaron AlvaLisa R. Young
  • Business
    2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)
  • 2014
This preliminary extension of SQUARE sets existing research into an established methodology for requirements engineering, creating a framework for situating current research in legal compliance, and identifying gaps for future work.

Domain- and Quality-aware Requirements Engineering for Law-compliant Systems

This thesis identifies the information necessary for an informed requirements selection, presents a process in which one collects all the necessary information, highlights the challenges to be addressed by this process and its activities, and presents a selection of methods to conduct the activities of the process.

An ontology-based compliance audit framework for medical data sharing across europe

An approach to privacy protection verification by means of a novel audit framework that aims to allow privacy auditors to look at past events of data processing effectuated by healthcare organisation and verify compliance to legal privacy requirements.

Analyzing privacy requirements: A case study of healthcare in Saudi Arabia

This article applied the Breaux and Antón approach to the text of the Saudi Arabian healthcare privacy regulations; in Saudi Arabia, privacy is among the top dilemmas for public and private healthcare practitioners and the analysis can assist requirements engineers, standards organizations, compliance officers and stakeholders by ensuring that their systems conform to Saudi policy.



A legal cross-references taxonomy for identifying conflicting software requirements

A legal cross-reference taxonomy is proposed to aid requirements engineers in classifying cross-references as they specify compliance requirements to address conflicting requirements that may otherwise thwart legal compliance.

Legal requirements acquisition for the specification of legally compliant information systems

A Frame-Based Requirements Analysis Method (FBRAM) is proposed to acquire and specify legal requirements from U.S. federal regulatory documents using a reusable, domain-independent upper ontology, natural language phrase heuristics, a regulatory document model and a frame-based markup language.

Analyzing Regulatory Rules for Privacy and Security Requirements

The methodology provides statement-level coverage for an entire regulatory document to consistently identify and infer six types of data access constraints, handle complex cross references, resolve ambiguities, and assign required priorities between access rights and obligations to avoid unlawful information disclosures.

Towards Regulatory Compliance: Extracting Rights and Obligations to Align Requirements with Regulations

This work presents the methodology for extracting and prioritizing rights and obligations from regulations and shows how semantic models can be used to clarify ambiguities through focused elicitation and to balance rights with obligations.

Addressing Legal Requirements in Requirements Engineering

  • Paul N. OttoA. Antón
  • Computer Science, Law
    15th IEEE International Requirements Engineering Conference (RE 2007)
  • 2007
Research efforts over the past 50 years in handling legal texts for systems development include the use of symbolic logic, logic programming, first-order temporal logic, deontic logic, defeasible logic, goal modeling, and semi-structured representations.

A refined production rule model for aiding in regulatory compliance

A methodology for creating production rule models to aid developers in specifying legally compliant software requirements is developed and heuristics for specifying production rules that model legal texts are developed.

Improving legal quality: an application report

Some knowledge representation techniques that are used to improve legal quality are explained and their application is shown and real-life examples of anomalies detected.

The production rule framework: developing a canonical set of software requirements for compliance with law

A production rule framework is presented that software engineers can to specify compliance requirements for software and is applied to check iTrust, an open source electronic medical records system, for compliance with the Health Insurance Portability and Accountability Act Security Rule.

Developing Production Rule Models to Aid in Acquiring Requirements from Legal Texts

This paper introduces the Production Rule Modeling methodology, and demonstrates this methodology using examples from a production rule model for four sections of the U.S. Heath Insurance Portability and Accountability Act (HIPAA).

Prioritizing Legal Requirements

This paper presents a prioritization technique for legal requirements and applies it on a set of 63 functional requirements for an open-source electronic health records system that must comply with the U.S. Health Insurance Portability and Accountability Act.