SlideShare uma empresa Scribd logo

Iv 4 Sp 12 Presentation 001

IESS
IESS

Compliance in e-government service engineering State-of-the-art Slim Turki, Marija Bjeković-Obradović CRP Henri Tudor, Luxembourg

Educação
1 de 12
Baixar para ler offline
IESS 1.0 - First International Conference on Exploring Services Sciences 17-18-19 February 2010, Geneva, Switzerland Compliance in e-government service engineering State-of-the-art Slim Turki, Marija Bjeković-Obradović {slim.turki, marija.bjekovic}@tudor.lu CRP Henri Tudor, Luxembourg 2/18/10 IESS 1.0 1
Context ➤  Organisations faced with need to conform to various laws and regulations governing their domain of activity ➤  Obligation of compliance particularly stressed in e-government. ➤  e-government: “the use of ICT systems and tools to provide better public services to citizens and other businesses” [EC] ➤  administrative laws regulate the activities and decision-making of governmental institutions. ➤  Regulation ➤  extensive source of requirements to be respected when designing IS that support institutional activities and (e-)services to public. ➤  Approaches aiming to achieve and maintain regulatory compliance of IS and services with given regulations 2/18/10 IESS 1.0 2
Overview ➤  Compliance in the business process research area ➤  Extracting compliance requirements from legal texts ➤  Deontic logic - Extracting rights and obligations ➤  Modeling regulations with goal-oriented models ➤  Traceability support for compliance 2/18/10 IESS 1.0 3
Compliance in the business process research area ➤  (Kharbili et al., 2008) ●  Ontologies for formal modeling of regulations, to resolve inconsistency of legal definitions and regulatory information fragments. ●  Coupled with business processes, basis for compliance management framework, to manage evolution in both business process and legislation. ➤  (Karagiannis et al., 2007, 2008) ●  Meta-modeling based approach: regulatory aspects expressed in models, and included into business processes models, to improve or redesign them for compliance with corresponding regulations. ●  Applied to Sarbanes-Oxley (SOX) act. 2/18/10 IESS 1.0 4
Compliance in the business process research area ➤  (Rifaut, 2005) ●  PRM / PAM ●  Support for financial business process design (compliant to Basel II), and for assessment of compliance and its improvement. ●  Goal-oriented models and ISO/IEC 15504 process assessment standard used for structuring requirements for business process, and together compose a formal framework according to which compliance of business process is assessed. 2/18/10 IESS 1.0 5
Deontic logic (1/2) ➤  Extracting rights and obligations from regulations ➤  (Kiyavitskaya et al., 2007) (Zeni et al., 2008) ●  Extraction of “objects of concern” (right, anti-right, obligation, anti- obligation, and exception) from legal texts ●  Semantic annotation tool Cerno: Obligations, constraints and condition keywords are highlighted in a regulation and a list of constraints and obligations are obtained (including traceability markers). ➤  (Biagioli et al.) (Palmirani, 2003) ●  Automated extraction of normative references, such as specific rights and obligations, detailed in legal texts ●  Address problem of law’s evolution by tracking changes over time. 2/18/10 IESS 1.0 6
Deontic logic (2/2) ➤  (Breaux and Antón, 2006), (Breaux and Antón , 2008) ●  Extract and balance formal descriptions of rules (rights and obligations) that govern actors' actions from regulation. ●  Combines goal-oriented analysis of legal documents and techniques for extracting rights, obligations, constraints, rules from natural language statements in legal text. ●  Strength: resolving the problems of ambiguity, polysemy, cross- references when analyzing legal text, and maintaining traceability across all the artefacts in the process. ●  Has been applied to US regulation governing information privacy in health care domain. 2/18/10 IESS 1.0 7
Modeling regulations with goal- oriented models ➤  SecureTropos (Giorgini et al., 2005) ●  Goal-oriented techniques to model security requirements ●  Assessing organization's compliance with Italian Data Protection Act. ●  Manual extraction of concepts from law, coverage of legal documents limited only to security aspect. ➤  (Ghanavati et al., 2007) ●  Tracking compliance of business processes to legislation, ●  Combines goal-oriented requirement language (GRL), user requirements notation (URN), and use case maps (UCM). ●  Links between models of legislation, organisation policy and processes, to enable examining the influence of evolving legislations on organizational policies and business processes.. ●  Applied in the domain of information privacy in healthcare in Canada. 2/18/10 IESS 1.0 8
Extracting compliance requirements from legal texts - Challenges ➤  Modeling regulations and extracting key concepts recognized as challenging tasks for requirements engineers, system developers and compliance auditors (Otto et Antón, 2007) (Kiavitskaya et al., 2008) ●  the very nature of language in which laws are written, containing many ambiguities, cross-references, domain-specific definitions, acronyms etc., ●  overlapping or complementing regulations at different level of authority, ●  frequent changes or amendment of regulations over time, etc. ➤  Law analysis prone to interpretations and misunderstandings 2/18/10 IESS 1.0 9
Traceability support for compliance ➤  Traceability gaining on significance ●  Ability to maintain links between originating laws and derived artefacts (requirements, IS specifications etc.) as measure to enable better understanding of legal documents and to prevent non-compliance of produced specifications. ➤  (Ghanavati et al., 2007) ●  Set of links to establish between legislation and organizational models. ➤  (Breaux and Antón) ●  Traceability maintained across all the artefacts produced from legal text to the corresponding software requirements. ●  Most of the traceability links to be established manually. 2/18/10 IESS 1.0 10
Conclusion ➤  RE community ●  Elaborated techniques, concepts and tool support. ●  Assumption: compliance can be achieved at the requirements level, through the harmonization between IS requirements and those derived from legislation. ●  Address compliance regarding specific security and privacy regulations. ➤  Approaches centred on business process ●  More at the level of organization, its strategy, policies and process, rather than on the underlying IS level. ●  Including requirements imposed by specific regulation, to existing business processes, to ensure or assess their compliance. ●  Focus on modeling dynamic aspects of organization ●  Service engineering requires more aspects, not only business processes, be covered. ➤  No method, in the literature, specific to the design of compliant e-government services. 2/18/10 IESS 1.0 11
IESS 1.0 - First International Conference on Exploring Services Sciences 17-18-19 February 2010, Geneva, Switzerland Compliance in e-government service engineering State-of-the-art Thank you for your attention! Slim Turki, Marija Bjeković-Obradović {slim.turki, marija.bjekovic}@tudor.lu CRP Henri Tudor, Luxembourg 2/18/10 IESS 1.0 12

Recomendados

Service systems and value modeling from an appreciative system perspective
Service systems and value modeling from an appreciative system perspectiveService systems and value modeling from an appreciative system perspective
Service systems and value modeling from an appreciative system perspective
IESS
 
Business process flexibility in service composition
Business process flexibility in service compositionBusiness process flexibility in service composition
Business process flexibility in service composition
IESS
 
Towards an ontological foundation of service dominant logic
Towards an ontological foundation of service dominant logicTowards an ontological foundation of service dominant logic
Towards an ontological foundation of service dominant logic
IESS
 
Strategy based service business development for sm es
Strategy based service business development for sm esStrategy based service business development for sm es
Strategy based service business development for sm es
IESS
 
Designing a dynamic competency framework for the service system innovation ar...
Designing a dynamic competency framework for the service system innovation ar...Designing a dynamic competency framework for the service system innovation ar...
Designing a dynamic competency framework for the service system innovation ar...
IESS
 
Vi 1 Presentation Iess 2010 Thang Le Dinh Feb 18
Vi 1 Presentation Iess 2010 Thang Le Dinh Feb 18Vi 1 Presentation Iess 2010 Thang Le Dinh Feb 18
Vi 1 Presentation Iess 2010 Thang Le Dinh Feb 18
IESS
 
Iess11 closing session
Iess11 closing sessionIess11 closing session
Iess11 closing session
IESS
 
Comparison of research based vs industry developed pss models
Comparison of research based vs industry developed pss modelsComparison of research based vs industry developed pss models
Comparison of research based vs industry developed pss models
IESS
 

Recomendados

Service systems and value modeling from an appreciative system perspective
Service systems and value modeling from an appreciative system perspectiveService systems and value modeling from an appreciative system perspective
Service systems and value modeling from an appreciative system perspective
IESS
 
Business process flexibility in service composition
Business process flexibility in service compositionBusiness process flexibility in service composition
Business process flexibility in service composition
IESS
 
Towards an ontological foundation of service dominant logic
Towards an ontological foundation of service dominant logicTowards an ontological foundation of service dominant logic
Towards an ontological foundation of service dominant logic
IESS
 
Strategy based service business development for sm es
Strategy based service business development for sm esStrategy based service business development for sm es
Strategy based service business development for sm es
IESS
 
Designing a dynamic competency framework for the service system innovation ar...
Designing a dynamic competency framework for the service system innovation ar...Designing a dynamic competency framework for the service system innovation ar...
Designing a dynamic competency framework for the service system innovation ar...
IESS
 
Vi 1 Presentation Iess 2010 Thang Le Dinh Feb 18
Vi 1 Presentation Iess 2010 Thang Le Dinh Feb 18Vi 1 Presentation Iess 2010 Thang Le Dinh Feb 18
Vi 1 Presentation Iess 2010 Thang Le Dinh Feb 18
IESS
 
Iess11 closing session
Iess11 closing sessionIess11 closing session
Iess11 closing session
IESS
 
Comparison of research based vs industry developed pss models
Comparison of research based vs industry developed pss modelsComparison of research based vs industry developed pss models
Comparison of research based vs industry developed pss models
IESS
 
Compliance In e-government Service Engineering
Compliance In e-government Service EngineeringCompliance In e-government Service Engineering
Compliance In e-government Service Engineering
Slim Turki, Dr.
 
Case study of rules as relational data
Case study of rules as relational dataCase study of rules as relational data
Case study of rules as relational data
Jeff Long
 
Case study of rules as relational data
Case study of rules as relational dataCase study of rules as relational data
Case study of rules as relational data
Jeff Long
 
IoT, Big Data and AI Applications in the Law Enforcement and Legal System: A ...
IoT, Big Data and AI Applications in the Law Enforcement and Legal System: A ...IoT, Big Data and AI Applications in the Law Enforcement and Legal System: A ...
IoT, Big Data and AI Applications in the Law Enforcement and Legal System: A ...
IRJET Journal
 
IoT, Big Data and AI Applications in the Law Enforcement and Legal System: A ...
IoT, Big Data and AI Applications in the Law Enforcement and Legal System: A ...IoT, Big Data and AI Applications in the Law Enforcement and Legal System: A ...
IoT, Big Data and AI Applications in the Law Enforcement and Legal System: A ...
IRJET Journal
 
8 Steps To Develop A Taxomnomy
8 Steps To Develop A Taxomnomy8 Steps To Develop A Taxomnomy
8 Steps To Develop A Taxomnomy
annmariewinston
 
Business process compliance
Business process compliance Business process compliance
Business process compliance
Hugo Andrés López
 
Deloitte India - Deloitte Construction Summit
Deloitte India - Deloitte Construction SummitDeloitte India - Deloitte Construction Summit
Deloitte India - Deloitte Construction Summit
aakash malhotra
 
IT Control Framework
IT Control FrameworkIT Control Framework
IT Control Framework
Marc-Andre Heroux
 
ITS 833 – INFORMATION GOVERNANCEChapter 9Information Gover.docx
ITS 833 – INFORMATION GOVERNANCEChapter 9Information Gover.docxITS 833 – INFORMATION GOVERNANCEChapter 9Information Gover.docx
ITS 833 – INFORMATION GOVERNANCEChapter 9Information Gover.docx
vrickens
 
Comparative Analysis of Information Security Governance Fram
Comparative Analysis of Information Security Governance FramComparative Analysis of Information Security Governance Fram
Comparative Analysis of Information Security Governance Fram
LynellBull52
 
Framework for information systems adaptation to security policies PCI DSS, SO...
Framework for information systems adaptation to security policies PCI DSS, SO...Framework for information systems adaptation to security policies PCI DSS, SO...
Framework for information systems adaptation to security policies PCI DSS, SO...
Jesús Vázquez González
 
In order to have a successful IG program, one of the eight (8) I
In order to have a successful IG program, one of the eight (8) IIn order to have a successful IG program, one of the eight (8) I
In order to have a successful IG program, one of the eight (8) I
MalikPinckney86
 
Guidebook To Long-Term Retention Part 1: Challenges And Effective Approaches
Guidebook To Long-Term Retention Part 1: Challenges And Effective ApproachesGuidebook To Long-Term Retention Part 1: Challenges And Effective Approaches
Guidebook To Long-Term Retention Part 1: Challenges And Effective Approaches
Iron Mountain
 
Digital Records Management & Preservation
Digital Records Management & PreservationDigital Records Management & Preservation
Digital Records Management & Preservation
victor Nduna
 
2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx
2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx
2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx
lorainedeserre
 
2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx
2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx
2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx
RAJU852744
 
Business Rule Management Framework for N-Tier E-Business Applications
Business Rule Management Framework for N-Tier E-Business ApplicationsBusiness Rule Management Framework for N-Tier E-Business Applications
Business Rule Management Framework for N-Tier E-Business Applications
ijmpict
 
systemic contract EURoMA 2013
systemic contract EURoMA 2013 systemic contract EURoMA 2013
systemic contract EURoMA 2013
Maria Kapsali (PhD)
 
A Methodology for Managing Large-Scale IT Projects
A Methodology for Managing Large-Scale IT ProjectsA Methodology for Managing Large-Scale IT Projects
A Methodology for Managing Large-Scale IT Projects
Arab Federation for Digital Economy
 
Service science filling the gap between knowledge and needs
Service science filling the gap between knowledge and needsService science filling the gap between knowledge and needs
Service science filling the gap between knowledge and needs
IESS
 
The paradox of service industrialization
The paradox of service industrializationThe paradox of service industrialization
The paradox of service industrialization
IESS
 

Mais conteúdo relacionado

Semelhante a Iv 4 Sp 12 Presentation 001

Case study of rules as relational data
Case study of rules as relational dataCase study of rules as relational data
Case study of rules as relational data
Jeff Long
 
8 Steps To Develop A Taxomnomy
8 Steps To Develop A Taxomnomy8 Steps To Develop A Taxomnomy
8 Steps To Develop A Taxomnomy
annmariewinston
 
ITS 833 – INFORMATION GOVERNANCEChapter 9Information Gover.docx
ITS 833 – INFORMATION GOVERNANCEChapter 9Information Gover.docxITS 833 – INFORMATION GOVERNANCEChapter 9Information Gover.docx
ITS 833 – INFORMATION GOVERNANCEChapter 9Information Gover.docx
vrickens
 
Comparative Analysis of Information Security Governance Fram
Comparative Analysis of Information Security Governance FramComparative Analysis of Information Security Governance Fram
Comparative Analysis of Information Security Governance Fram
LynellBull52
 
In order to have a successful IG program, one of the eight (8) I
In order to have a successful IG program, one of the eight (8) IIn order to have a successful IG program, one of the eight (8) I
In order to have a successful IG program, one of the eight (8) I
MalikPinckney86
 
Digital Records Management & Preservation
Digital Records Management & PreservationDigital Records Management & Preservation
Digital Records Management & Preservation
victor Nduna
 
2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx
2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx
2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx
lorainedeserre
 
2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx
2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx
2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx
RAJU852744
 
Business Rule Management Framework for N-Tier E-Business Applications
Business Rule Management Framework for N-Tier E-Business ApplicationsBusiness Rule Management Framework for N-Tier E-Business Applications
Business Rule Management Framework for N-Tier E-Business Applications
ijmpict
 
A Methodology for Managing Large-Scale IT Projects
A Methodology for Managing Large-Scale IT ProjectsA Methodology for Managing Large-Scale IT Projects
A Methodology for Managing Large-Scale IT Projects
Arab Federation for Digital Economy
 

Semelhante a Iv 4 Sp 12 Presentation 001 (20)

Compliance In e-government Service Engineering
Compliance In e-government Service EngineeringCompliance In e-government Service Engineering
Compliance In e-government Service Engineering
 
Case study of rules as relational data
Case study of rules as relational dataCase study of rules as relational data
Case study of rules as relational data
 
Case study of rules as relational data
Case study of rules as relational dataCase study of rules as relational data
Case study of rules as relational data
 
IoT, Big Data and AI Applications in the Law Enforcement and Legal System: A ...
IoT, Big Data and AI Applications in the Law Enforcement and Legal System: A ...IoT, Big Data and AI Applications in the Law Enforcement and Legal System: A ...
IoT, Big Data and AI Applications in the Law Enforcement and Legal System: A ...
 
IoT, Big Data and AI Applications in the Law Enforcement and Legal System: A ...
IoT, Big Data and AI Applications in the Law Enforcement and Legal System: A ...IoT, Big Data and AI Applications in the Law Enforcement and Legal System: A ...
IoT, Big Data and AI Applications in the Law Enforcement and Legal System: A ...
 
8 Steps To Develop A Taxomnomy
8 Steps To Develop A Taxomnomy8 Steps To Develop A Taxomnomy
8 Steps To Develop A Taxomnomy
 
Business process compliance
Business process compliance Business process compliance
Business process compliance
 
Deloitte India - Deloitte Construction Summit
Deloitte India - Deloitte Construction SummitDeloitte India - Deloitte Construction Summit
Deloitte India - Deloitte Construction Summit
 
IT Control Framework
IT Control FrameworkIT Control Framework
IT Control Framework
 
ITS 833 – INFORMATION GOVERNANCEChapter 9Information Gover.docx
ITS 833 – INFORMATION GOVERNANCEChapter 9Information Gover.docxITS 833 – INFORMATION GOVERNANCEChapter 9Information Gover.docx
ITS 833 – INFORMATION GOVERNANCEChapter 9Information Gover.docx
 
Comparative Analysis of Information Security Governance Fram
Comparative Analysis of Information Security Governance FramComparative Analysis of Information Security Governance Fram
Comparative Analysis of Information Security Governance Fram
 
Framework for information systems adaptation to security policies PCI DSS, SO...
Framework for information systems adaptation to security policies PCI DSS, SO...Framework for information systems adaptation to security policies PCI DSS, SO...
Framework for information systems adaptation to security policies PCI DSS, SO...
 
In order to have a successful IG program, one of the eight (8) I
In order to have a successful IG program, one of the eight (8) IIn order to have a successful IG program, one of the eight (8) I
In order to have a successful IG program, one of the eight (8) I
 
Guidebook To Long-Term Retention Part 1: Challenges And Effective Approaches
Guidebook To Long-Term Retention Part 1: Challenges And Effective ApproachesGuidebook To Long-Term Retention Part 1: Challenges And Effective Approaches
Guidebook To Long-Term Retention Part 1: Challenges And Effective Approaches
 
Digital Records Management & Preservation
Digital Records Management & PreservationDigital Records Management & Preservation
Digital Records Management & Preservation
 
2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx
2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx
2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx
 
2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx
2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx
2 days agoShravani Kasturi DiscussionCOLLAPSETop of Form.docx
 
Business Rule Management Framework for N-Tier E-Business Applications
Business Rule Management Framework for N-Tier E-Business ApplicationsBusiness Rule Management Framework for N-Tier E-Business Applications
Business Rule Management Framework for N-Tier E-Business Applications
 
systemic contract EURoMA 2013
systemic contract EURoMA 2013 systemic contract EURoMA 2013
systemic contract EURoMA 2013
 
A Methodology for Managing Large-Scale IT Projects
A Methodology for Managing Large-Scale IT ProjectsA Methodology for Managing Large-Scale IT Projects
A Methodology for Managing Large-Scale IT Projects
 

Mais de IESS

Service science filling the gap between knowledge and needs
Service science filling the gap between knowledge and needsService science filling the gap between knowledge and needs
Service science filling the gap between knowledge and needs
IESS
 
The paradox of service industrialization
The paradox of service industrializationThe paradox of service industrialization
The paradox of service industrialization
IESS
 
A model based method for the design of services in collaborative business env...
A model based method for the design of services in collaborative business env...A model based method for the design of services in collaborative business env...
A model based method for the design of services in collaborative business env...
IESS
 
Profile based security assurance for service
Profile based security assurance for serviceProfile based security assurance for service
Profile based security assurance for service
IESS
 
An approach to extract the business value from soa services
An approach to extract the business value from soa servicesAn approach to extract the business value from soa services
An approach to extract the business value from soa services
IESS
 
Impact analysis of process improvement on it service quality
Impact analysis of process improvement on it service qualityImpact analysis of process improvement on it service quality
Impact analysis of process improvement on it service quality
IESS
 
Seffah iess11 keynote the human side of service science
Seffah iess11 keynote the human side of service scienceSeffah iess11 keynote the human side of service science
Seffah iess11 keynote the human side of service science
IESS
 
On viable service systems
On viable service systemsOn viable service systems
On viable service systems
IESS
 
Spider maps for location based services improvement
Spider maps for location based services improvementSpider maps for location based services improvement
Spider maps for location based services improvement
IESS
 

Mais de IESS (20)

Service science filling the gap between knowledge and needs
Service science filling the gap between knowledge and needsService science filling the gap between knowledge and needs
Service science filling the gap between knowledge and needs
 
The paradox of service industrialization
The paradox of service industrializationThe paradox of service industrialization
The paradox of service industrialization
 
Implementing a request fulfillment process
Implementing a request fulfillment processImplementing a request fulfillment process
Implementing a request fulfillment process
 
Sustainable service innovation
Sustainable service innovationSustainable service innovation
Sustainable service innovation
 
Mining customer loyalty card programs
Mining customer loyalty card programsMining customer loyalty card programs
Mining customer loyalty card programs
 
A model based method for the design of services in collaborative business env...
A model based method for the design of services in collaborative business env...A model based method for the design of services in collaborative business env...
A model based method for the design of services in collaborative business env...
 
Profile based security assurance for service
Profile based security assurance for serviceProfile based security assurance for service
Profile based security assurance for service
 
An approach to extract the business value from soa services
An approach to extract the business value from soa servicesAn approach to extract the business value from soa services
An approach to extract the business value from soa services
 
Impact analysis of process improvement on it service quality
Impact analysis of process improvement on it service qualityImpact analysis of process improvement on it service quality
Impact analysis of process improvement on it service quality
 
Seffah iess11 keynote the human side of service science
Seffah iess11 keynote the human side of service scienceSeffah iess11 keynote the human side of service science
Seffah iess11 keynote the human side of service science
 
On viable service systems
On viable service systemsOn viable service systems
On viable service systems
 
Spider maps for location based services improvement
Spider maps for location based services improvementSpider maps for location based services improvement
Spider maps for location based services improvement
 
IESS 1.1 intro
IESS 1.1 introIESS 1.1 intro
IESS 1.1 intro
 
Iess10 Closing
Iess10 ClosingIess10 Closing
Iess10 Closing
 
Vii 4 Sh17 Sorathia
Vii 4 Sh17 SorathiaVii 4 Sh17 Sorathia
Vii 4 Sh17 Sorathia
 
Vii 3 Iess 2010 Ta Dr
Vii 3 Iess 2010 Ta DrVii 3 Iess 2010 Ta Dr
Vii 3 Iess 2010 Ta Dr
 
Vii 2 Z Final Slides Os Gi Iess 2010
Vii 2 Z Final Slides Os Gi Iess 2010Vii 2 Z Final Slides Os Gi Iess 2010
Vii 2 Z Final Slides Os Gi Iess 2010
 
Vii 1 Resource Service System
Vii 1 Resource Service SystemVii 1 Resource Service System
Vii 1 Resource Service System
 
Vi 3 Iess2010 Vi 3 Xiaofei Xu
Vi 3 Iess2010 Vi 3 Xiaofei XuVi 3 Iess2010 Vi 3 Xiaofei Xu
Vi 3 Iess2010 Vi 3 Xiaofei Xu
 
Vi 2 2010 2 10 Ponencia Services Design For People
Vi 2 2010 2 10 Ponencia Services Design For PeopleVi 2 2010 2 10 Ponencia Services Design For People
Vi 2 2010 2 10 Ponencia Services Design For People
 

Último

Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 

Último (20)

Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 

Iv 4 Sp 12 Presentation 001

  • 1. IESS 1.0 - First International Conference on Exploring Services Sciences 17-18-19 February 2010, Geneva, Switzerland Compliance in e-government service engineering State-of-the-art Slim Turki, Marija Bjeković-Obradović {slim.turki, marija.bjekovic}@tudor.lu CRP Henri Tudor, Luxembourg 2/18/10 IESS 1.0 1
  • 2. Context ➤  Organisations faced with need to conform to various laws and regulations governing their domain of activity ➤  Obligation of compliance particularly stressed in e-government. ➤  e-government: “the use of ICT systems and tools to provide better public services to citizens and other businesses” [EC] ➤  administrative laws regulate the activities and decision-making of governmental institutions. ➤  Regulation ➤  extensive source of requirements to be respected when designing IS that support institutional activities and (e-)services to public. ➤  Approaches aiming to achieve and maintain regulatory compliance of IS and services with given regulations 2/18/10 IESS 1.0 2
  • 3. Overview ➤  Compliance in the business process research area ➤  Extracting compliance requirements from legal texts ➤  Deontic logic - Extracting rights and obligations ➤  Modeling regulations with goal-oriented models ➤  Traceability support for compliance 2/18/10 IESS 1.0 3
  • 4. Compliance in the business process research area ➤  (Kharbili et al., 2008) ●  Ontologies for formal modeling of regulations, to resolve inconsistency of legal definitions and regulatory information fragments. ●  Coupled with business processes, basis for compliance management framework, to manage evolution in both business process and legislation. ➤  (Karagiannis et al., 2007, 2008) ●  Meta-modeling based approach: regulatory aspects expressed in models, and included into business processes models, to improve or redesign them for compliance with corresponding regulations. ●  Applied to Sarbanes-Oxley (SOX) act. 2/18/10 IESS 1.0 4
  • 5. Compliance in the business process research area ➤  (Rifaut, 2005) ●  PRM / PAM ●  Support for financial business process design (compliant to Basel II), and for assessment of compliance and its improvement. ●  Goal-oriented models and ISO/IEC 15504 process assessment standard used for structuring requirements for business process, and together compose a formal framework according to which compliance of business process is assessed. 2/18/10 IESS 1.0 5
  • 6. Deontic logic (1/2) ➤  Extracting rights and obligations from regulations ➤  (Kiyavitskaya et al., 2007) (Zeni et al., 2008) ●  Extraction of “objects of concern” (right, anti-right, obligation, anti- obligation, and exception) from legal texts ●  Semantic annotation tool Cerno: Obligations, constraints and condition keywords are highlighted in a regulation and a list of constraints and obligations are obtained (including traceability markers). ➤  (Biagioli et al.) (Palmirani, 2003) ●  Automated extraction of normative references, such as specific rights and obligations, detailed in legal texts ●  Address problem of law’s evolution by tracking changes over time. 2/18/10 IESS 1.0 6
  • 7. Deontic logic (2/2) ➤  (Breaux and Antón, 2006), (Breaux and Antón , 2008) ●  Extract and balance formal descriptions of rules (rights and obligations) that govern actors' actions from regulation. ●  Combines goal-oriented analysis of legal documents and techniques for extracting rights, obligations, constraints, rules from natural language statements in legal text. ●  Strength: resolving the problems of ambiguity, polysemy, cross- references when analyzing legal text, and maintaining traceability across all the artefacts in the process. ●  Has been applied to US regulation governing information privacy in health care domain. 2/18/10 IESS 1.0 7
  • 8. Modeling regulations with goal- oriented models ➤  SecureTropos (Giorgini et al., 2005) ●  Goal-oriented techniques to model security requirements ●  Assessing organization's compliance with Italian Data Protection Act. ●  Manual extraction of concepts from law, coverage of legal documents limited only to security aspect. ➤  (Ghanavati et al., 2007) ●  Tracking compliance of business processes to legislation, ●  Combines goal-oriented requirement language (GRL), user requirements notation (URN), and use case maps (UCM). ●  Links between models of legislation, organisation policy and processes, to enable examining the influence of evolving legislations on organizational policies and business processes.. ●  Applied in the domain of information privacy in healthcare in Canada. 2/18/10 IESS 1.0 8
  • 9. Extracting compliance requirements from legal texts - Challenges ➤  Modeling regulations and extracting key concepts recognized as challenging tasks for requirements engineers, system developers and compliance auditors (Otto et Antón, 2007) (Kiavitskaya et al., 2008) ●  the very nature of language in which laws are written, containing many ambiguities, cross-references, domain-specific definitions, acronyms etc., ●  overlapping or complementing regulations at different level of authority, ●  frequent changes or amendment of regulations over time, etc. ➤  Law analysis prone to interpretations and misunderstandings 2/18/10 IESS 1.0 9
  • 10. Traceability support for compliance ➤  Traceability gaining on significance ●  Ability to maintain links between originating laws and derived artefacts (requirements, IS specifications etc.) as measure to enable better understanding of legal documents and to prevent non-compliance of produced specifications. ➤  (Ghanavati et al., 2007) ●  Set of links to establish between legislation and organizational models. ➤  (Breaux and Antón) ●  Traceability maintained across all the artefacts produced from legal text to the corresponding software requirements. ●  Most of the traceability links to be established manually. 2/18/10 IESS 1.0 10
  • 11. Conclusion ➤  RE community ●  Elaborated techniques, concepts and tool support. ●  Assumption: compliance can be achieved at the requirements level, through the harmonization between IS requirements and those derived from legislation. ●  Address compliance regarding specific security and privacy regulations. ➤  Approaches centred on business process ●  More at the level of organization, its strategy, policies and process, rather than on the underlying IS level. ●  Including requirements imposed by specific regulation, to existing business processes, to ensure or assess their compliance. ●  Focus on modeling dynamic aspects of organization ●  Service engineering requires more aspects, not only business processes, be covered. ➤  No method, in the literature, specific to the design of compliant e-government services. 2/18/10 IESS 1.0 11
  • 12. IESS 1.0 - First International Conference on Exploring Services Sciences 17-18-19 February 2010, Geneva, Switzerland Compliance in e-government service engineering State-of-the-art Thank you for your attention! Slim Turki, Marija Bjeković-Obradović {slim.turki, marija.bjekovic}@tudor.lu CRP Henri Tudor, Luxembourg 2/18/10 IESS 1.0 12