Regulatory Requirements Compliance in Requirements Engineering: A Systematic Classification and Analysis

Regulatory Requirements Compliance in Requirements Engineering: A Systematic Classification and Analysis

M. Mahmudul Hasan (American International University- Bangladesh, Dhaka, Bangladesh)
DOI: 10.4018/IJSSOE.2016100102
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Regulations and policies contain a rich source of requirements and failure to address these authoritative requirements in software system development can impose costly penalties for regulatory noncompliance. Despite the advancement of information system research, regulatory requirements compliance remains one of the primary challenges still to be efficiently dealt in system development because of the scarce information, complexity, and understanding of available approaches in requirements engineering process of a system development. This paper reports a systematic literature review of the documented approaches of regulatory requirements compliance, classifies these approaches according to different criteria and provides a qualitative analysis of their operational characteristics. The results of this analysis can serve system developers as the means of deriving appropriate methods and tools for regulatory requirements compliance in the software system development.
Article Preview

Introduction

Now-a-days, the electronic form of service delivery and operations are expanding rapidly to cope with the technological advancement in government and business organizations. Nevertheless, the manifestation of some largest disasters and scandals have been reported in recent corporate history due to the lack of control over the electronic form of operations such as unauthorized information access, insecure financial transaction, fraud identity are the few examples behind this crisis (Sadiq et. al, 2007). As a consequence, several national and international policies, regulations, and standards such as SOX and HIPAA were enacted and obliged in the organizations in their operations and electronic form of service delivery process in order to protect the vulnerability of electronic transactions and ascertain the control over the electronic operations (Maxwell & Anton, 2010; Maxwell et al., 2012).

The organizations are encountering a growing number of complex regulations and standards day by day (Cleven & Winter, 2009). As a result, the IT professionals are facing increasing difficulties more than ever to ensure the compliance of regulations and policies in software systems development enacted by the local, state, national, regional, and even international authorities as non-compliance of these regulations in the system development may cause an enormous loss of trust, reputation, and huge financial burden (Maxwell & Anton, 2010; Breaux & Anton, 2008). The following three case studies will help us understand the significance of regulatory compliance in software systems development. In recent times, 27-million-dollar lawsuit is filed against CHOICE-POINT (a data aggregation company in USA) for the data breach allowing unauthorized access of information. In addition, it causes loss of reputation, brand damage, employee retraining and having government audits for 20 years. TRICARE (a health care program of the US Defence Military Health System provides health benefits for military personal, retirees and their dependents) is given a lawsuit of 4.9-billion-dollar for the theft of unencrypted backup tapes containing credit cards information of its beneficiaries. STANFORD HOSPITAL is given a penalty of 20-million-dollar lawsuit because of the unauthorized disclosure of protected health information in their public website (Maxwell & Anton, 2010; Maxwell et al., 2012).

The organizations of the above cases were given such expensive consequences for not been compliant with the enacted regulations and policies concerning with the system development. More precisely, the regulatory requirements exist in the regulation and policy documents were not fully taken into consideration in the system development even though a number of approaches are proposed to deal with the regulatory requirements in software systems development. The primary reasons can be the scarcity of information regarding documented approaches such as the scope and operational characteristics of these approaches which may lead to an ambiguous understanding, complexities, and difficulties in adapting these approaches in the requirements engineering process of system development. Moreover, there is a lack of studies that identifies, classifies, and analyses the documented approaches of regulatory requirements compliance in requirements engineering.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 7: 4 Issues (2017): 3 Released, 1 Forthcoming
Volume 6: 4 Issues (2016)
Volume 5: 4 Issues (2015)
Volume 4: 4 Issues (2014)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing