Article Preview
TopIntroduction
Now-a-days, the electronic form of service delivery and operations are expanding rapidly to cope with the technological advancement in government and business organizations. Nevertheless, the manifestation of some largest disasters and scandals have been reported in recent corporate history due to the lack of control over the electronic form of operations such as unauthorized information access, insecure financial transaction, fraud identity are the few examples behind this crisis (Sadiq et. al, 2007). As a consequence, several national and international policies, regulations, and standards such as SOX and HIPAA were enacted and obliged in the organizations in their operations and electronic form of service delivery process in order to protect the vulnerability of electronic transactions and ascertain the control over the electronic operations (Maxwell & Anton, 2010; Maxwell et al., 2012).
The organizations are encountering a growing number of complex regulations and standards day by day (Cleven & Winter, 2009). As a result, the IT professionals are facing increasing difficulties more than ever to ensure the compliance of regulations and policies in software systems development enacted by the local, state, national, regional, and even international authorities as non-compliance of these regulations in the system development may cause an enormous loss of trust, reputation, and huge financial burden (Maxwell & Anton, 2010; Breaux & Anton, 2008). The following three case studies will help us understand the significance of regulatory compliance in software systems development. In recent times, 27-million-dollar lawsuit is filed against CHOICE-POINT (a data aggregation company in USA) for the data breach allowing unauthorized access of information. In addition, it causes loss of reputation, brand damage, employee retraining and having government audits for 20 years. TRICARE (a health care program of the US Defence Military Health System provides health benefits for military personal, retirees and their dependents) is given a lawsuit of 4.9-billion-dollar for the theft of unencrypted backup tapes containing credit cards information of its beneficiaries. STANFORD HOSPITAL is given a penalty of 20-million-dollar lawsuit because of the unauthorized disclosure of protected health information in their public website (Maxwell & Anton, 2010; Maxwell et al., 2012).
The organizations of the above cases were given such expensive consequences for not been compliant with the enacted regulations and policies concerning with the system development. More precisely, the regulatory requirements exist in the regulation and policy documents were not fully taken into consideration in the system development even though a number of approaches are proposed to deal with the regulatory requirements in software systems development. The primary reasons can be the scarcity of information regarding documented approaches such as the scope and operational characteristics of these approaches which may lead to an ambiguous understanding, complexities, and difficulties in adapting these approaches in the requirements engineering process of system development. Moreover, there is a lack of studies that identifies, classifies, and analyses the documented approaches of regulatory requirements compliance in requirements engineering.