Sepideh Ghanavati

Business process management with the user requirements notation

A number of recent initiatives in both academia and industry have sought to achieve improvements in e-businesses through the utilization of Business Process Management (BPM) methodologies and tools. However there are still some inadequacies that need to be addressed when it comes to achieving alignment between business goals and business processes. The User Requirements Notation (URN), recently standardized by ITU-T, has some unique features and capabilities beyond what is available in other notations that can help address alignment issues. In this paper, a URN-based framework and its supporting toolset are introduced which provide business process monitoring and performance management capabilities integrated across the BPM lifecycle. The framework extends the URN notation with Key Performance Indicators (KPIs) and other concepts to measure and align processes and goals. An example process for controlling access to a healthcare data warehouse is used to illustrate and evaluate the framework. Early results indicate the feasibility of the approach.

Towards a framework for tracking legal compliance in healthcare

Hospitals strive to improve the quality of the healthcare they provide. To achieve this, they require access to health data. These data are sensitive since they contain personal information. Governments have legislation to ensure that privacy is respected and hospitals must comply with it. Unfortunately, most of the procedures meant to control access to health information remain paper-based, making it difficult to trace. In this paper, we introduce a framework based on the User Requirements Notation that models the business processes of a hospital and links them with legislation such as the Ontario Personal Health Information Privacy Act (PHIPA). We analyze different types of links, their functionality, and usefulness in complying with privacy law. This framework will help health information custodians track compliance and indicate how their business processes can be improved.

Compliance Analysis Based on a Goal-oriented Requirement Language Evaluation Methodology

In recent years, many governmental regulations have been introduced to protect the privacy of person-al information. As a result, organizations must take a systematic approach to ensure that their business processes comply with these regulations. In the past, we introduced a requirements framework that mapped regulations documents and goals to goal and scenario models of organizational processes. The intent was to help organizations document and manage the compliance of their processes in the face of evolutionary changes. In this paper, we extend our framework by incorporating regulation scenario models and by adding the notion of contribution link level to the compliance link types. These extensions result in a frame-work that is more aligned to the needs of an organization when it must evaluate and ensure the legal compliance of its organizational processes.

A systematic review of goal-oriented requirements management frameworks for business process compliance

Legal compliance has been an active topic in Software Engineering and Information Systems for many years. However, business analysts and others recently started exploiting Requirements Engineering techniques, and in particular goal-oriented approaches, to model and reason about legal documents in system design and business process management. Many contributions involve extracting legal requirements, providing law-compliant business processes, as well as managing and maintaining compliance. In this paper, we report on a systematic literature review focusing on goal-oriented legal compliance of business processes. 88 papers were selected out of nearly 800 unique papers extracted from five search engines, with manual additions from the Requirements Engineering Journal and four relevant conferences. We grouped these papers in eight categories based on a set of criteria and then highlight their main contributions. We found that the main areas for contributions have been in extracting legal requirements, modeling them with goal modeling languages, and integrating them with business processes. We identify gaps and opportunities for future work in areas related to prioritization to improve compliance, templates for generating law-compliant processes, general links between legal requirements, goal models, and business processes, and semi-automation of legal compliance and analysis.

Rationalization of goal models in GRL using formal argumentation

We apply an existing formal framework for practical reasoning with arguments and evidence to the Goal-oriented Requirements Language (GRL), which is part of the User Requirements Notation (URN). This formal framework serves as a rationalization for elements in a GRL model: using attack relations between arguments we can automatically compute the acceptability status of elements in a GRL model, based on the acceptability status of their underlying arguments and the evidence. We integrate the formal framework into the GRL metamodel and we set out a research to further develop this framework.

Formalizing and Modeling Enterprise Architecture (EA) Principles with Goal-oriented Requirements Language (GRL)

Enterprise Architecture (EA) principles are normally written in natural language which makes them informal, hard to evaluate and complicates tracing them to the actual goals of the organization. In this paper, we present a set of requirements for improving the clarity of definitions and develop a framework to formalize EA principles with a semi-formal language, namely the Goal-oriented Requirements Language (GRL). We introduce an extension of the language with the required constructs and establish modeling rules and constraints. This allows us to automatically reason about the soundness, completeness and consistency of a set of EA principles. We demonstrate our methodology with a case study from a governmental organization. Moreover, we extend an Eclipse-based tool.

RationalGRL: A Framework for Rationalizing Goal Models Using Argument Diagrams

Goal modeling languages, such as i* and the Goal-oriented Requirements Language (GRL), capture and analyze high-level goals and their relationships with lower level goals and tasks. However, in such models, the rationalization behind these goals and tasks and the selection of alternatives are usually left implicit. To better integrate goal models and their rationalization, we develop the RationalGRL framework, in which argument diagrams can be mapped to goal models. Moreover, we integrate the result of the evaluation of arguments and their counterarguments with GRL initial satisfaction values. We develop an interface between the argument web tools OVA and TOAST and the Eclipse-based tool for GRL called jUCMNav. We demonstrate our methodology with a case study from the Schiphol Group.

Measuring and managing the design restriction of enterprise architecture (EA) principles on EA models

Implementation and formalisation, alongside with creation, adoption and usage of Enterprise Architecture (EA) principles are hot topics of the current years of EA research. However, the EA community, both academic and professional, misses a consensus on the definitions and use of principles. Furthermore, not much research is done in the direction of measuring the impact (e.g. design restriction) of EA principles. We aim to create a formal framework for measuring and managing this impact manifested by the EA principles on the EA models. Studying the current literature, we noticed there are similarities and differences between EA principles and regulations. The two concepts resemble each other given first, the purpose (both providing a normative guidance on the evolution of the enterprise) and second, the natural language representation and the structural definition (even if most of the time the principles are company specific, they all seem to have common fields in their definition). Principles behave mostly like soft-laws and being non-compliant with them results in fewer penalties and consequences compared to non-compliance with regulations. To that end, we investigate and adapt methods similar to the ones that can be found in requirements engineering for checking and managing regulatory compliance.

Toward an Integrated User Requirements Notation Framework and Tool forBusiness Process Management

A number of recent initiatives in both academia and industry have sought to achieve improvements in e- businesses through the utilization of Business Process Management (BPM) methodologies and tools. However there are still some inadequacies that need to be addressed when it comes to achieving alignment between business goals and business processes. The User Requirements Notation (URN) has some unique features and capabilities beyond what is available in other notations that can help address alignment issues. In this paper, a URN-based framework and its supporting toolset are introduced which provide business process monitoring and performance management capabilities integrated across the BPM lifecycle. The framework extends the URN notation with Key Performance Indicators (KPI) and other concepts to measure, and align processes and goals. A healthcare case study is used to illustrate and evaluate the framework. Early results indicate the feasibility of the approach.

Legal goal-oriented requirement language (legal GRL) for modeling regulations

Every year, governments introduce new or revised regulations that are imposing new types of requirements on software development. Analyzing and modeling these legal requirements is time consuming, challenging and cumbersome for software and requirements engineers. Having regulation models can help understand regulations and converge toward better compliance levels for software and systems. This paper introduces a systematic method to extract legal requirements from regulations by mapping the latter to the Legal Profile for Goal-oriented Requirements Language (GRL) (Legal GRL). This profile provides a conceptual meta-model for the anatomy of regulations and maps its elements to standard GRL with specialized annotations and links, with analysis techniques that exploit this additional information. The paper also illustrates examples of Legal GRL models for The Privacy and Electronic Communications Regulations. Existing tool support (jUCMNav) is also extended to support Legal GRL modeling.