An approach based on citation analysis to support effective handling of regulatory compliance

For most global software companies with a client base that covers a large number of regulated businesses, regulatory compliance represents a significant challenge. The world of compliance has become increasingly complex due to the overwhelming number of regulations, laws, and standards that are introduced every year. These laws may vary significantly in their scope and applicability depending on the industry sector and the geographical area of the end client. In addition, many of these laws are created by different legislative bodies resulting in overlapping and sometimes conflicting provisions. To further complicate matters, laws are often created based on existing ones, forming a complex set of interdependent rules where changes made in one place can propagate to affect, sometimes in an inconsistent manner, many other laws. There is clearly a need to investigate techniques and tools that can alleviate IT solution providers from the complexity of dealing with regulatory compliance. In this paper, we present an approach and a supporting tool that aim to facilitate the analysis of multiple regulations. Our approach is based on the exploration of the citation relationship that links various laws together. The citation relationship is represented by a citation graph that can be used by an analyst to navigate through the provisions of various interrelated laws to uncover overlaps and possible conflicts or to simply understand the content of specific law documents. We also present a tool called CompDSS (Compliance Decision Support System) that supports our approach. Finally, we show the effectiveness of the presented approach by applying it to three regulations, namely, SOX, HIPAA, and GLBA.

Research highlights
► Software Behaviour Analysis.
► Software Maintenance and Evolution.
► Software Dependability.
► Software and Business Modeling.
► Business Process Management and Engineering.