Abstract

Compliance with institutional policies, government regulations and applicable legislation is a major concern for any organization when defining its business processes. These regu­ lations are usually complex, hard to understand, and they rarely come with a model or taxonomy. As well, both business processes and regulations are susceptible to change with the potential of introducing non-compliance. This thesis presents a framework that intends to help companies track compliance by leveraging requirements engineering models. Compliance is managed by establishing links between User Requirements Nota­ tion (URN) models of government legislation and organizational business process and tracking how they are affected in a requirements management system. Special attention is paid to maintaining compliance as either the legislation or business processes evolve over time. The framework is evaluated by way of a case study from the healthcare industry. The case study centres on the approval process implemented to control access to a data warehouse at a major Ontario hospital and whether or not this process complies with relevant legislation and hospital guidelines. The relevant legislation in Ontario is the new provincial Personal Health Information Privacy Act (PHIPA). Reproduced with permission of the copyright owner. Further reproduction prohibited without permission. i

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.