Systematic Mapping Study on Requirements Engineering for Regulatory Compliance of Software Systems
- URL: http://arxiv.org/abs/2411.01940v2
- Date: Thu, 21 Nov 2024 12:52:48 GMT
- Title: Systematic Mapping Study on Requirements Engineering for Regulatory Compliance of Software Systems
- Authors: Oleksandr Kosenkov, Parisa Elahidoost, Tony Gorschek, Jannik Fischbach, Daniel Mendez, Michael Unterkalmsteiner, Davide Fucci, Rahul Mohanani,
- Abstract summary: As the diversity and complexity of regulations affecting Software-Intensive Products and Services (SIPS) is increasing, software engineers need to address the growing regulatory scrutiny.
As with any other non-negotiable requirements, SIPS compliance should be addressed early in requirements engineering (RE)
This study addresses the pressing need for a structured overview of the state of the art in software RE and its contribution to regulatory compliance of SIPS.
- Score: 17.03076288786146
- License:
- Abstract: Context: As the diversity and complexity of regulations affecting Software-Intensive Products and Services (SIPS) is increasing, software engineers need to address the growing regulatory scrutiny. As with any other non-negotiable requirements, SIPS compliance should be addressed early in SIPS engineering - i.e., during requirements engineering (RE). Objectives: In the conditions of the expanding regulatory landscape, existing research offers scattered insights into regulatory compliance of SIPS. This study addresses the pressing need for a structured overview of the state of the art in software RE and its contribution to regulatory compliance of SIPS. Method: We conducted a systematic mapping study to provide an overview of the current state of research regarding challenges, principles and practices for regulatory compliance of SIPS related to RE. We focused on the role of RE and its contribution to other SIPS lifecycle phases. We retrieved 6914 studies published from 2017 until 2023 from four academic databases, which we filtered down to 280 relevant primary studies. Results: We identified and categorized the RE-related challenges in regulatory compliance of SIPS and their potential connection to six types of principles and practices. We found that about 13.6% of the primary studies considered the involvement of both software engineers and legal experts. About 20.7% of primary studies considered RE in connection to other process areas. Most primary studies focused on a few popular regulation fields and application domains. Our results suggest that there can be differences in terms of challenges and involvement of stakeholders across different fields of regulation. Conclusion: Our findings highlight the need for an in-depth investigation of stakeholders' roles, relationships between process areas, and specific challenges for distinct regulatory fields to guide research and practice.
Related papers
- Regulatory Requirements Engineering in Large Enterprises: An Interview Study on the European Accessibility Act [16.39543253517196]
The European Accessibility Act (EAA) impacts the engineering of software products and services.
Enterprises conduct Regulatory Impact Analysis (RIA) to consider the effects of regulations on software products offered and formulate requirements at an enterprise level.
Despite its practical relevance, we are unaware of any studies on this large-scale regulatory RE process.
arXiv Detail & Related papers (2024-09-11T14:42:35Z) - RegNLP in Action: Facilitating Compliance Through Automated Information Retrieval and Answer Generation [51.998738311700095]
Regulatory documents, characterized by their length, complexity and frequent updates, are challenging to interpret.
RegNLP is a multidisciplinary subfield aimed at simplifying access to and interpretation of regulatory rules and obligations.
ObliQA dataset contains 27,869 questions derived from the Abu Dhabi Global Markets (ADGM) financial regulation document collection.
arXiv Detail & Related papers (2024-09-09T14:44:19Z) - AIR-Bench 2024: A Safety Benchmark Based on Risk Categories from Regulations and Policies [80.90138009539004]
AIR-Bench 2024 is the first AI safety benchmark aligned with emerging government regulations and company policies.
It decomposes 8 government regulations and 16 company policies into a four-tiered safety taxonomy with granular risk categories in the lowest tier.
We evaluate leading language models on AIR-Bench 2024, uncovering insights into their alignment with specified safety concerns.
arXiv Detail & Related papers (2024-07-11T21:16:48Z) - Practices, Challenges, and Opportunities When Inferring Requirements From Regulations in the FinTech Sector - An Industrial Study [1.0936851319953484]
Understanding and interpreting regulatory norms and inferring software requirements from them is a critical step towards regulatory compliance.
This study investigates the complexities of requirement engineering in regulatory contexts, pinpointing various issues and discussing them in detail.
We have identified key practices for managing regulatory requirements in software development, and have pinpointed several challenges.
arXiv Detail & Related papers (2024-05-05T09:39:08Z) - On Developing an Artifact-based Approach to Regulatory Requirements Engineering [18.256422026527986]
Regulatory acts are a challenging source when eliciting, interpreting, and analyzing requirements.
No existing approach considers explicating and managing legal domain knowledge and engineering-legal coordination.
We introduce the first version of our Artifact Model for Regulatory Requirements Engineering (AM4RRE) and its conceptual foundation.
arXiv Detail & Related papers (2024-05-01T09:51:56Z) - Regulation and NLP (RegNLP): Taming Large Language Models [51.41095330188972]
We argue how NLP research can benefit from proximity to regulatory studies and adjacent fields.
We advocate for the development of a new multidisciplinary research space on regulation and NLP.
arXiv Detail & Related papers (2023-10-09T09:22:40Z) - Challenges and Practices in Aligning Requirements with Verification and
Validation: A Case Study of Six Companies [10.508558932045032]
Weak alignment of requirements engineering with verification and validation (VV) may lead to problems in delivering the required products in time with the right quality.
We have performed a multi-unit case study to gain insight into issues around aligning RE and VV by interviewing 30 practitioners from 6 software developing companies.
The results describe current industry challenges and practices in aligning RE with VV, ranging from quality of the individual RE and VV activities, through tracing and tools, to change control and sharing a common understanding at strategy, goal and design level.
arXiv Detail & Related papers (2023-07-24T02:39:53Z) - Challenges in aligning requirements engineering and verification in a
large-scale industrial context [7.92131557859946]
This paper presents preliminary findings of interviews that identify key challenges in aligning requirements and verification processes.
The findings of this study can be used by practitioners as a basis for investigating alignment in their organizations.
arXiv Detail & Related papers (2023-07-23T20:08:49Z) - The right to audit and power asymmetries in algorithm auditing [68.8204255655161]
We elaborate on the challenges and asymmetries mentioned by Sandvig at the IC2S2 2021.
We also contribute a discussion of the asymmetries that were not covered by Sandvig.
We discuss the implications these asymmetries have for algorithm auditing research.
arXiv Detail & Related papers (2023-02-16T13:57:41Z) - Hierarchical Programmatic Reinforcement Learning via Learning to Compose
Programs [58.94569213396991]
We propose a hierarchical programmatic reinforcement learning framework to produce program policies.
By learning to compose programs, our proposed framework can produce program policies that describe out-of-distributionally complex behaviors.
The experimental results in the Karel domain show that our proposed framework outperforms baselines.
arXiv Detail & Related papers (2023-01-30T14:50:46Z) - Fairness in Recommender Systems: Research Landscape and Future
Directions [119.67643184567623]
We review the concepts and notions of fairness that were put forward in the area in the recent past.
We present an overview of how research in this field is currently operationalized.
Overall, our analysis of recent works points to certain research gaps.
arXiv Detail & Related papers (2022-05-23T08:34:25Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.