https://www.mdu.se/

mdu.sePublications
Planned maintenance
A system upgrade is planned for 10/12-2024, at 12:00-13:00. During this time DiVA will be unavailable.
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Systematic Literature Review of Compliance Checking Approaches for Software Processes
Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. (Certifiable Evidences & Justification Engineering)ORCID iD: 0000-0001-9970-7580
Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.ORCID iD: 0000-0002-6952-1053
Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
2021 (English)Report (Other academic)
Abstract [en]

Context: Software processes have increased demands coming from normative requirements. Organizations developing software comply with such demands to be in line with the market and the law. The state-of-the-art provides means to automatically check whether a software process complies with a set of normative requirements. However, no comprehensive and systematic review has been conducted to characterize such works. Objective: We characterize the current research on this topic, including an account of the used techniques, their potential impacts, and challenges. Method: We undertake a Systematic Literature Review (SLR) of primary studies reporting techniques for automated compliance checking of software processes. Results: We identified 41 papers reporting solutions focused on limited normative frameworks. Such solutions use specific languages for the processes and normative representation. Thus, the artifacts represented vary from one solution to the other. The level of automation, which in most methods requires tool-support concretization, focuses mostly on the reasoning process and requires human intervention, e.g., for creating the inputs for such reasoning. In addition, only a few contemplate agile environments and standards evolution. Conclusions: Our findings outline compelling areas for future research. In particular, there is a need to consolidate existing languages for process and normative representation, compile efforts in a generic and normative-agnostic solution, increase automation and tool support, and incorporate a layer of trust to guarantee that rules are correctly derived from the normative requirements.

Place, publisher, year, edition, pages
Västerås, 2021. , p. 55
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:mdh:diva-55079ISRN: MDH-MRTC-336/2021-1-SEOAI: oai:DiVA.org:mdh-55079DiVA, id: diva2:1571632
Available from: 2021-06-22 Created: 2021-06-22 Last updated: 2021-06-24Bibliographically approved
In thesis
1. A Safety-centered Planning-time Framework for Automated Process Compliance Checking
Open this publication in new window or tab >>A Safety-centered Planning-time Framework for Automated Process Compliance Checking
2021 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Safety-critical systems, whose failure could lead to catastrophic consequences, are everywhere. Not only environments with high-risk functions, e.g., nuclear power plants, are safety-critical systems. Our vehicles, medical devices that perform different kinds of treatments, airplanes, and industrial robots, are also safety-critical systems. The more harm the system can cause, the more careful the system has to be designed, implemented, and maintained. By following practices of reasonable care, typically collected within industry standards, manufacturers demonstrate that they aim at preventing safety-critical systems from failing or causing various types of damage. Thus, compliance with standards, especially safety standards, is a must-do for manufacturers of safety-critical systems.

Industry standards often adopt a prescriptive approach, which focuses on process-related requirements. To comply with such standards, manufacturers have to carefully prepare process plans that properly address the applicable requirements. A compliant process plan should include the sequence of tasks mandated by applicable standards as well as the resources allocated to such tasks, e.g., personnel, work products, required tools, and methods, which are also framed with key properties. The planning task could be supported by checking that planned processes fulfill the properties set down by standards at given points.

Compliance checking of process plans is rarely done for just one standard. In automotive, for instance, it is recommended that manufacturers follow at least standards for functional safety, cybersecurity, and software process improvements. Manufacturers also need to perform tailoring, i.e., select and modify requirements depending on the individual project. In safety standards, tailoring is often performed by taking into account existing safety criticality levels. Moreover, new versions of the standards, which are frequently released, demand recertification. In addition, compliance checking is not only done to one process plan. Companies commonly need to plan several processes simultaneously. Consequently, it is not easy to manually check that process plans comply with the requirements of standards.

Automated compliance checking could help process engineers in such organizations to detect compliance violations and enforce compliance at planning time. Thus, the main goal of this dissertation is to facilitate automated compliance checking of the process plans used to engineer safety-critical systems against the standards mandated (or recommended) in the safety-critical context. To reach our goal, we adopt modern methods and tools, adapt them by mainly focusing on software and risk analysis process plans, and contribute to the state-of-the-art as follows:

1. We identify aspects that make compliance checking of process plans demanding and formulate requirements for a technical solution to these problems. 

2. We introduce ACCEPT (Automated Compliance Checking of Engineering Process plans against sTandards), an iterative and comprehensible framework for supporting process engineers to check and enforce process plan compliance. 

3. We propose mechanisms for facilitating the creation and reuse of the specifications required to check process plan compliance.

4. We investigate the significance of our proposed solutions by applying different validation mechanisms. As a result, our solutions show to be useful to support process engineers in the compliance checking tasks required during process planning.

This dissertation's contributions aim at planting the seeds for the future development of tools that support process engineers moving towards automated compliance checking practices. 

Place, publisher, year, edition, pages
Västerås: Mälardalen University, 2021
Series
Mälardalen University Press Dissertations, ISSN 1651-4238 ; 337
Keywords
Automated Compliance Checking, Safety-critical Systems, Process Reference Models, Industry Standards, Formal Contract Logic, SPEM 2.0.
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-55086 (URN)978-91-7485-511-1 (ISBN)
Public defence
2021-09-29, Delta och on-line via Zoom/Teams, Mälardalens högskola, Västerås, 13:15 (English)
Opponent
Supervisors
Projects
AMASS
Available from: 2021-06-24 Created: 2021-06-23 Last updated: 2021-09-08Bibliographically approved

Open Access in DiVA

No full text in DiVA

Authority records

Castellanos Ardila, Julieth PatriciaGallina, BarbaraUL Muram, Faiz

Search in DiVA

By author/editor
Castellanos Ardila, Julieth PatriciaGallina, BarbaraUL Muram, Faiz
By organisation
Embedded Systems
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 241 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf