Article Preview
TopIntroduction
With the unprecedented opportunities of information technology, the revolution of the modern world is now focused on the information age from industrial age. The manifestation of this transformation is emerging in the field of electronic service development such as e-commerce, e-governance, e-learning which have become part of our daily lives (Almarabeh & AbuAli, 2010). The information system development projects often face uncertainties and problems in the grey regulation areas or are being constrained by existing regulations in adopting new technologies and solutions for new service development. Moreover, organizations are now facing difficulties to comply with a rapidly growing number and increasing complexities of new regulations, and standards. This has a significant impact on how the organizations develop an information system and adapt changes to its operations with the compliance of regulatory requirements (Yoon, 2018).
Regulatory requirements compliance essentially means ensuring that the system development and its operations are in accordance with prescribed guidelines and/or agreed set of rules. The introduction of regulations such as General Data Protection Regulation (GDPR), Sarbanes Oxley Act. (SOX), Health Insurance Portability and Accountability Act. (HIPAA) have made regulatory requirement compliance a pivotal point of information system research and development activities since non-compliance to the regulatory requirements of these regulations can have dire consequences (Abdullah et al., 2010). Regulatory requirement compliance has become a critical concern nowadays for public and private organizations since failing to comply with the regulations is no longer an option (OECD, 2020). The organizations are increasingly concerned with high investment for compliance management emerging as a result of events that led to some of the largest disasters in the corporate usage of information technology, such as Cambridge Analytica case 2018 (UK), WorldCom, Tricare, Choice Point (USA), HIH (Australia), Société General (France) (The Guardian, 2018; Braganza & Franken, 2007; Bace et al., 2006). Furthermore, the current globalized ecosystem, via the potential use of distributed computing resources such as cloud solutions (Khan et al., 2019) or cross-border offering of the information system services, amplifies and complicates the cases of what rules apply, in which cases, for which roles and subjects.
There are several studies discussing regulation compliance in the literature. Soliman et al. (2020) discuss a semantic based framework to systematically classify the regulatory information for automated rule checking purpose. Xu & Cai (2019) presents a semantic frame-based method for extracting regulatory information based on lexical and domain semantics using natural language processing and machine learning techniques. Zhang & El-Gohary (2016) also present a rule based natural language processing approach to automatically process the regulation documents for pattern matching in information extraction. However, it is reported in the literature that the semi-automated process often may provide greater performance as most of the regulations rely on subjective nature of the regulation context. Muthuri et al. (2017) present a legal interpretation model to interpret legal provisions in determining business process compliance. DeVos et al. (2019) present Open Digital Rights Language (ODRL) profile to capture semantics of the policies for business process compliance checking. Hale & Gamble (2019) present a semantic hierarchy based stepwise process to extract security provisions from security control standards in preparing service agreements for organizations. Therefore, the limitations of existing works from the above literature review can be summarized as follows:
- •
The proposed methods and techniques in existing literature are only focused on extracting the regulatory rules from various regulations. There is a research gap describing how a legislation may or may not affect the information system development projects, which is often not easily identifiable due to lack of clear understanding of the regulatory requirements compliance as well as the domain gap between legal sciences and IT (Soliman et al., 2020; Hale & Gamble, 2019).
- •
The organizations struggle with finding proper guidelines and framework for understanding compliance management in information system development for assistance in their compliance management activities in the project (Mustapha et al., 2020; Zarrabi & Tawil, 2019).