A systematic literature mapping of goal and non‑goal modelling methods for legal and regulatory compliance

En anglais seulement.

Abstract

Much research is ongoing to assess and improve compliance to laws and regulations. As this domain continues to grow and mature, and with more modelling methods introduced to support compliance tasks, important questions need to be asked. What exactly are these methods used for? Where have they been applied? What benefits do they offer? This paper explores how goal-oriented and non-goal-oriented modelling methods have been used for legal and regulatory compliance, and identifies their main claimed benefits and drawbacks based on the kind of compliance tasks they perform. Using a systematic literature mapping approach, we evaluated 103 articles describing the use of modelling methods obtained from a pool of 286 articles. The results indicate that modelling methods focus on the intent of a law, but goal-oriented modelling methods do so while also reflecting the structure of a law, generally with substantial benefits for all compliance tasks. In addition, whereas modelling methods are used for compliance modelling, checking, analysis and enactment tasks, our analysis indicates that the coverage of these methods is more frequent in the healthcare domain with 55% of the articles reviewed targeting it. In terms of the contexts modelling methods address, privacy has the highest level of attention with a focus from 54% of the reviewed articles. The articles reviewed revealed a total of 60 different laws and regulations from 14 different countries, with 62% focusing on privacy. Moreover, while 82% of the articles reviewed addressed concerns of regulated parties, only 12% addressed the concerns of regulators, and 6% addressed concerns of both regulating and regulated parties. This study highlights the benefits and drawbacks of both types of modelling methods and identifies potential benefits and common drawbacks that will be of interest to researchers and practitioners in the selection of modelling methods or in the identification of selection criteria. Finally, the mapping results emphasize the need for more studies outside of healthcare, that are related to contexts other than privacy, that target compliance enactment tasks or that take the concerns of regulators into consideration.

Ce contenu a été mis à jour le 20 août 2020 à 10 h 12 min.