Towards a
Compliance Meta-Model for
System
Requirements in Contractual Projects
|
Rashed
Nekvi1, Remo Ferrari2 University of Western Ontario mnekvi1,rnferrar2@csd.uwo.ca |
Brian Berenbach Siemens Corporate Research brian.berenbach@siemens.com |
Nazim H. Madhavji University of Western Ontario madhavji@gmail.com |
Comparison Table
|
Characteristic |
Our research |
Ref [2] |
Ref [3] |
Ref [6] |
Ref [10] |
Ref [12] |
|
Paper title |
Towards
compliance meta model |
Why
managing Reqts. is hard |
Compliance
in automotive domain |
Addressing
legal reqts. |
Extracting
rights and obligations |
Contract-based
RE |
|
Type of results (content) |
Basis
for a meta model |
Reqts.
elicitation and management challenges |
State
of practice in the automotive domain |
Survey
of modelling techniques; Indications for how to address legal reqts. |
Method
for extracting rights and obligations from regulations |
Aspects
of contract-based projects (give
2-3 examples – see paper) |
|
Artefact-artefact
relationship type |
|
|
|
|
|
|
|
|
Reference-to
(Contract- to_Reg_ref.) |
|
|
|
|
mentions |
|
|
cross-ref-to (Reg-Reg_ref) |
|
|
mentions |
mentions |
|
|
|
impose |
mentions |
mentions |
mentions |
identification |
mentions |
|
|
Is-derived-from
|
|
|
|
|
mentions |
|
|
Proxy-to |
|
|
|
|
mentions |
|
|
Conform-to |
mentions |
mentions |
mentions |
mentions |
mentions |
|
Use of proxies (proxy as an artefact
also) |
yes |
|
|
|
|
mentions |
|
Proxy (as a rel.) |
proxy |
|
|
|
|
|
|
Artefact
type |
|
|
|
|
|
|
|
|
Contract |
|
|
|
|
identify |
|
|
, PRS, |
mentions |
mentions |
Identification
through experience |
mentions |
identify |
|
|
IPRS, |
|
|
|
|
|
|
|
stds, |
|
mentions |
Identification
through experience |
|
identify |
|
|
reg., |
mentions |
mentions |
Identification
through experience |
Yes
– privacy policies, healthcare act, factsheet |
identify |
|
|
proxy |
|
|
|
|
yes |
|
Quantitative/qualitative |
quantitative |
|
|
|
Rights
and obligations (quantitative) |
|
|
Type of study |
Case
study |
Logical
deduction+ common knowledge |
experience |
Survey
of papers + experience |
3
study (pilot study, case study) |
Experience
+ logical deduction |
|
System scale |
Industrial-scale
|
No
system examined |
No
system examined |
No
system examined |
Four
sections of HIPAA privacy rule |
Contract
based projects in general |
|
Application domain |
Systems
engineering -- Railways |
Information
systems |
Systems
engineering -- Automotive |
General (data
from pape survey) |
Health
care |
Systems
engineering – (general) |
|
Scale of the Data set |
Large
set of requirements (12,000);
Large set of regulatory documents |
No
data set at all |
No
data set at all |
IEEE,
ACM database papers (150) |
Parts
of three diff regulations |
Experience
on large number of reqts. and large set of docs |
|
Challenge observations |
4
different challenges through data analysis (see
paper) |
3
Elicitation and management challenges through opinions |
3
challenges from industrial experience |
3
challenges from experience |
|
9
challenges from industry experience |