{"title":"Assessing regulatory change through legal requirements coverage modeling","authors":"David G. Gordon, T. Breaux","doi":"10.1109/RE.2013.6636714","DOIUrl":null,"url":null,"abstract":"Developing global markets offer companies new opportunities to manufacture and sell information technology (IT) products in ways unforeseen by current laws and regulations. This innovation leads to changing requirements due to changes in product features, laws, or the locality where the product is sold or manufactured. To help developers rationalize these changes, we introduce a preliminary framework and method that can be used by requirements engineers and their legal teams to identify relevant legal requirements and trace changes in requirements coverage. The framework includes a method to translate IT regulations into a legal requirements coverage model used to make coverage assertions about existing or planned IT systems. We evaluated the framework in a case study using three IT laws: California's Confidentiality of Medical Records Act, the U.S. Health Information Portability and Accountability Act (HIPAA) and amendments from the Health Information Technology for Economic and Clinical Health (HITECH) Act, and the India 2011 Information Technology Rules. Further, we demonstrate the framework using three scenarios: new product features are proposed; product-related services are outsourced abroad; and regulations change to address changes in the market.","PeriodicalId":6342,"journal":{"name":"2013 21st IEEE International Requirements Engineering Conference (RE)","volume":"11 1","pages":"145-154"},"PeriodicalIF":0.0000,"publicationDate":"2013-07-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"17","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 21st IEEE International Requirements Engineering Conference (RE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RE.2013.6636714","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 17
Abstract
Developing global markets offer companies new opportunities to manufacture and sell information technology (IT) products in ways unforeseen by current laws and regulations. This innovation leads to changing requirements due to changes in product features, laws, or the locality where the product is sold or manufactured. To help developers rationalize these changes, we introduce a preliminary framework and method that can be used by requirements engineers and their legal teams to identify relevant legal requirements and trace changes in requirements coverage. The framework includes a method to translate IT regulations into a legal requirements coverage model used to make coverage assertions about existing or planned IT systems. We evaluated the framework in a case study using three IT laws: California's Confidentiality of Medical Records Act, the U.S. Health Information Portability and Accountability Act (HIPAA) and amendments from the Health Information Technology for Economic and Clinical Health (HITECH) Act, and the India 2011 Information Technology Rules. Further, we demonstrate the framework using three scenarios: new product features are proposed; product-related services are outsourced abroad; and regulations change to address changes in the market.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
