A systematic review of goal-oriented requirements management frameworks for business process compliance

Abstract

Legal compliance has been an active topic in Software Engineering and Information Systems for many years. However, business analysts and others recently started exploiting Requirements Engineering techniques, and in particular goal-oriented approaches, to model and reason about legal documents in system design and business process management. Many contributions involve extracting legal requirements, providing law-compliant business processes, as well as managing and maintaining compliance. In this paper, we report on a systematic literature review focusing on goal-oriented legal compliance of business processes. 88 papers were selected out of nearly 800 unique papers extracted from five search engines, with manual additions from the Requirements Engineering Journal and four relevant conferences. We grouped these papers in eight categories based on a set of criteria and then highlight their main contributions. We found that the main areas for contributions have been in extracting legal requirements, modeling them with goal modeling languages, and integrating them with business processes. We identify gaps and opportunities for future work in areas related to prioritization to improve compliance, templates for generating law-compliant processes, general links between legal requirements, goal models, and business processes, and semi-automation of legal compliance and analysis.