@article{B_FSE14,
 author = {Travis D. Breaux},
 affiliation = {North Carolina State University},
 title = {Compliance Engineering: Aligning Software Requirements with Policies and Regulations},
 booktitle = {ACM/SIGSOFT 14th Symposium on Foundations on Software Engineering, Doctoral Symposium},
 year = {2006},
 month = {November},
 location = {Portland, OR, USA},
 abstract = {As information is increasingly managed electronically, policies
and government regulations intended to protect personal privacy
are increasing the requirements complexity of software systems.
These regulations and policies are frequently developed by
lawyers and domain experts – not engineers – resulting in
complex and ambiguous legal language. To ensure software
complies with the law, software developers face the perilous
challenge of distilling regulations into implementable software
requirements. Furthermore, because regulations describe business
processes and not individual software systems, auditors, managers
and developers are faced with a daunting traceability quagmire
when aligning regulations, business practices and requirements
across an organization. To address these two challenges, I propose
a framework that includes a methodology to distill regulations
into stakeholder rights and obligations and a formal model to
align rights and obligations with requirements. The methodology
includes techniques to systematically reduce complexity, identify
ambiguities and infer implied rights and obligations to improve
requirements coverage. The model employs delegation and
ownership to track the refinement of rights and obligations into
implementable requirements across an organization. The
framework will enable auditors to certify that delegation and
refinement decisions that result in requirements comply with the
intent of the law; thus transferring liability from software
validation to software verification.
}
 }