Systematic mapping study on requirements engineering for regulatory compliance of software systems

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS Information and Software Technology Pub Date : 2024-11-10 DOI:10.1016/j.infsof.2024.107622

Oleksandr Kosenkov , Parisa Elahidoost , Tony Gorschek , Jannik Fischbach , Daniel Mendez , Michael Unterkalmsteiner , Davide Fucci , Rahul Mohanani

{"title":"Systematic mapping study on requirements engineering for regulatory compliance of software systems","authors":"Oleksandr Kosenkov , Parisa Elahidoost , Tony Gorschek , Jannik Fischbach , Daniel Mendez , Michael Unterkalmsteiner , Davide Fucci , Rahul Mohanani","doi":"10.1016/j.infsof.2024.107622","DOIUrl":null,"url":null,"abstract":"<div><h3>Context:</h3><div>As the diversity and complexity of regulations affecting Software-Intensive Products and Services (SIPS) is increasing, software engineers need to address the growing regulatory scrutiny. We argue that, as with any other non-negotiable requirements, SIPS compliance should be addressed early in SIPS engineering—i.e., during requirements engineering (RE).</div></div><div><h3>Objectives:</h3><div>In the conditions of the expanding regulatory landscape, existing research offers scattered insights into regulatory compliance of SIPS. This study addresses the pressing need for a structured overview of the state of the art in software RE and its contribution to regulatory compliance of SIPS.</div></div><div><h3>Method:</h3><div>We conducted a systematic mapping study to provide an overview of the current state of research regarding challenges, principles, and practices for regulatory compliance of SIPS related to RE. We focused on the role of RE and its contribution to other SIPS lifecycle process areas. We retrieved 6914 studies published from 2017 (January 1) until 2023 (December 31) from four academic databases, which we filtered down to 280 relevant primary studies.</div></div><div><h3>Results:</h3><div>We identified and categorized the RE-related challenges in regulatory compliance of SIPS and their potential connection to six types of principles and practices addressing challenges. We found that about 13.6% of the primary studies considered the involvement of both software engineers and legal experts in developing principles and practices. About 20.7% of primary studies considered RE in connection to other process areas. Most primary studies focused on a few popular regulation fields (privacy, quality) and application domains (healthcare, software development, avionics). Our results suggest that there can be differences in terms of challenges and involvement of stakeholders across different fields of regulation.</div></div><div><h3>Conclusion:</h3><div>Our findings highlight the need for an in-depth investigation of stakeholders’ roles, relationships between process areas, and specific challenges for distinct regulatory fields to guide research and practice.</div></div>","PeriodicalId":54983,"journal":{"name":"Information and Software Technology","volume":"178 ","pages":"Article 107622"},"PeriodicalIF":3.8000,"publicationDate":"2024-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information and Software Technology","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0950584924002271","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Context:

As the diversity and complexity of regulations affecting Software-Intensive Products and Services (SIPS) is increasing, software engineers need to address the growing regulatory scrutiny. We argue that, as with any other non-negotiable requirements, SIPS compliance should be addressed early in SIPS engineering—i.e., during requirements engineering (RE).

Objectives:

In the conditions of the expanding regulatory landscape, existing research offers scattered insights into regulatory compliance of SIPS. This study addresses the pressing need for a structured overview of the state of the art in software RE and its contribution to regulatory compliance of SIPS.

Method:

We conducted a systematic mapping study to provide an overview of the current state of research regarding challenges, principles, and practices for regulatory compliance of SIPS related to RE. We focused on the role of RE and its contribution to other SIPS lifecycle process areas. We retrieved 6914 studies published from 2017 (January 1) until 2023 (December 31) from four academic databases, which we filtered down to 280 relevant primary studies.

Results:

We identified and categorized the RE-related challenges in regulatory compliance of SIPS and their potential connection to six types of principles and practices addressing challenges. We found that about 13.6% of the primary studies considered the involvement of both software engineers and legal experts in developing principles and practices. About 20.7% of primary studies considered RE in connection to other process areas. Most primary studies focused on a few popular regulation fields (privacy, quality) and application domains (healthcare, software development, avionics). Our results suggest that there can be differences in terms of challenges and involvement of stakeholders across different fields of regulation.

Conclusion:

Our findings highlight the need for an in-depth investigation of stakeholders’ roles, relationships between process areas, and specific challenges for distinct regulatory fields to guide research and practice.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

关于软件系统合规性要求工程的系统映射研究

背景：随着影响软件密集型产品和服务（SIPS）的法规的多样性和复杂性不断增加，软件工程师需要应对日益严格的法规审查。我们认为，与其他任何不可协商的要求一样，SIPS 的合规性问题应在 SIPS 工程的早期--即在需求工程（RE）期间--加以解决。方法：我们进行了一项系统性的摸底研究，概述了与 RE 相关的 SIPS 法规遵从性挑战、原则和实践方面的研究现状。我们重点研究了可再生能源的作用及其对其他 SIPS 生命周期流程领域的贡献。我们从四个学术数据库中检索了从 2017 年（1 月 1 日）到 2023 年（12 月 31 日）发表的 6914 项研究，并筛选出 280 项相关的主要研究。结果：我们识别并分类了 SIPS 监管合规中与可再生能源相关的挑战，以及它们与应对挑战的六类原则和实践之间的潜在联系。我们发现，约 13.6% 的主要研究考虑了软件工程师和法律专家共同参与制定原则和实践。约 20.7% 的主要研究考虑了 RE 与其他流程领域的联系。大多数主要研究都集中在一些流行的法规领域（隐私、质量）和应用领域（医疗保健、软件开发、航空电子）。我们的研究结果表明，在不同的监管领域，利益相关者面临的挑战和参与程度可能存在差异。结论：我们的研究结果突出表明，有必要深入调查利益相关者的角色、流程领域之间的关系以及不同监管领域面临的具体挑战，以指导研究和实践。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Information and Software Technology 工程技术-计算机：软件工程

CiteScore

9.10

自引率

7.70%

发文量

164

审稿时长

9.6 weeks

期刊介绍： Information and Software Technology is the international archival journal focusing on research and experience that contributes to the improvement of software development practices. The journal''s scope includes methods and techniques to better engineer software and manage its development. Articles submitted for review should have a clear component of software engineering or address ways to improve the engineering and management of software development. Areas covered by the journal include: • Software management, quality and metrics, • Software processes, • Software architecture, modelling, specification, design and programming • Functional and non-functional software requirements • Software testing and verification & validation • Empirical studies of all aspects of engineering and managing software development Short Communications is a new section dedicated to short papers addressing new ideas, controversial opinions, "Negative" results and much more. Read the Guide for authors for more information. The journal encourages and welcomes submissions of systematic literature studies (reviews and maps) within the scope of the journal. Information and Software Technology is the premiere outlet for systematic literature studies in software engineering.