Software Engineering for Compliance
Submission Deadline: CLOSED
Publication: May/June 2012
Compliance, in the context of information systems, generally means ensuring that an organization's software and systems comply with multiple laws, regulations, and business policies. Compliance is a major issue in many organizations because compliance violations can lead to severe financial penalties and reputational risks. Organizations have to deal with an increasing number of diverse sources of regulation, such as the Basel II Accord, the International Financial Reporting Standards (IFRS), the Markets in Financial Instruments Directive (MiFID), the French financial security law (LSF), the US Title 21 CFR Part 11 (privacy issues in electronic record-keeping), the Health Insurance Portability and Accountability Act (HIPAA), The Netherland's Tabaksblat, Anti Money Laundering provisions of the US Bank Secrecy Act, or the Sarbanes-Oxley Act (SOX), to name just a few. One of the more recent regulations facing the business community is the Dodd-Frank Act. The implications for data reporting under this new regulation likely will require significant IT investment.
The regulators generally prescribe business practices for a wide range of compliance domains, such as risk management, financial auditing, health care, change management, privacy, safety, security, social media, quality of services, intellectual property, or licensing. There is no one-size-fits-all model that can accommodate the diverse sources of compliance regulations. Instead, in current practice, compliance concerns are implemented on a per-case basis using ad hoc, hard-coded solutions. This is undesirable because the resulting solutions are hard to maintain, hard to evolve or change, hard to reuse, and hard to understand. Moreover, this also makes it difficult and expensive to systematically and quickly keep up with constant changes in regulations, laws, and business policies.
Compliance cannot be implemented and enacted by business experts, compliance experts, or IT experts alone, but rather must involve an enterprise-wide scope. The fact that compliance sources are typically specified in highly abstract legal writing requires a business expert or compliance expert to interpret and translate them into concrete requirements. Subsequently, IT experts such as software engineers or system administrators must ensure that their software and systems meet these requirements. The implementation process must be documented and periodically reported to the executive boards or the auditors, and at times the regulators themselves. Unfortunately, each stakeholder group has a different set of interests, knowledge, and expertise, so the work is often performed at very different abstraction levels.
The Special Issue
This special issue will cover all aspects of compliance in the context of information systems. Topics for the special issue include (but are not restricted to)
- Compliance of business processes
- Compliance management and governance
- Monitoring of compliance rules
- Compliance in services-oriented architectures
- Model-driven approaches for compliance
- Domain-specific languages for compliance
- Verification and validation of compliance rules
- Key compliance indicators
- Security compliance
- Software engineering support for compliance auditing
- Cost of compliance
- Process optimization and compliance
- Measurement of software risk
- Tools for software compliance
- Organizational implications of compliance
Questions?
For more information about the focus, contact the Guest Editors:
- Ayse Basar Bener, Ryerson University
- Erlinda Olalia-Carin, KPMG Canada
- Uwe Zdun, University of Vienna
Submission Guidelines
Manuscripts must not exceed 4,700 words including figures and tables, which count for 200 words each. Submissions in excess of these limits may be rejected without refereeing. The articles we deem within the theme's scope will be peer reviewed and are subject to editing for magazine style, clarity, organization, and space. We reserve the right to edit the title of all submissions. Be sure to include the name of the theme or special issue you are submitting for.
Articles should have a practical orientation and be written in a style accessible to practitioners. Overly complex, purely research-oriented or theoretical treatments are not appropriate. Articles should be novel. IEEE Software does not republish material published previously in other venues, including other periodicals and formal conference/workshop proceedings, whether previous publication was in print or in electronic form.
For full author guidelines: www.computer.org/software/author.htm
For submission details: software@computer.org
To submit an article: https://mc.manuscriptcentral.com/sw-cs