[ecoop-info] CFP: IEEE Software -- Special Issue on Software Engineering for Compliance

[Uwe Zdun]

Call for Papers: IEEE Software

Special Issue on Software Engineering for Compliance

Final submissions due: 1 October 2011
Publication date: May/June 2012

***

Compliance, in the context of information systems, generally means 
ensuring that an organization’s software and systems comply with 
multiple laws, regulations, and business policies. Compliance is a major 
issue in many organizations because compliance violations can lead to 
severe financial penalties and reputational risks.

Organizations have to deal with an increasing number of diverse sources 
of regulation, such as the Basel II Accord, the International Financial 
Reporting Standards (IFRS), the Markets in Financial Instruments 
Directive (MiFID), the French financial security law (LSF), the US Title 
21 CFR Part 11 (privacy issues in electronic record-keeping), the Health 
Insurance Portability and Accountability Act (HIPAA), The Netherland’s 
Tabaksblat, Anti Money Laundering provisions of the US Bank Secrecy Act, 
or the Sarbanes-Oxley Act (SOX), to name just a few. One of the more 
recent regulations facing the business community is the Dodd-Frank Act. 
The implications for data reporting under this new regulation likely 
will require significant IT investment.

The regulators generally prescribe business practices for a wide range 
of compliance domains, such as risk management, financial auditing, 
health care, change management, privacy, safety, security, social media, 
quality of services, intellectual property, or licensing. There is no 
one-size-fits-all model that can accommodate the diverse sources of 
compliance regulations. Instead, in current practice, compliance 
concerns are implemented on a per-case basis using ad hoc, hard-coded 
solutions. This is undesirable because the resulting solutions are hard 
to maintain, hard to evolve or change, hard to reuse, and hard to 
understand. Moreover, this also makes it difficult and expensive to 
systematically and quickly keep up with constant changes in regulations, 
laws, and business policies.

Compliance cannot be implemented and enacted by business experts, 
compliance experts, or IT experts alone, but rather must involve an 
enterprise-wide scope. The fact that compliance sources are typically 
specified in highly abstract legal writing requires a business expert or 
compliance expert to interpret and translate them into concrete 
requirements. Subsequently, IT experts such as software engineers or 
system administrators must ensure that their software and systems meet 
these requirements. The implementation process must be documented and 
periodically reported to the executive boards or the auditors, and at 
times the regulators themselves. Unfortunately, each stakeholder group 
has a different set of interests, knowledge, and expertise, so the work 
is often performed at very different abstraction levels.


*** The Special Issue ***

This special issue will cover all aspects of compliance in the context 
of information systems. Topics for the special issue include (but are 
not restricted to)

•	Compliance of business processes
•	Compliance management and governance
•	Monitoring of compliance rules
•	Compliance in services-oriented architectures
•	Model-driven approaches for compliance
•	Domain-specific languages for compliance
•	Verification and validation of compliance rules
•	Key compliance indicators
•	Security compliance
•	Software engineering support for compliance auditing
•	Cost of compliance
•	Process optimization and compliance
•	Measurement of software risk
•	Tools for software compliance
•	Organizational implications of compliance


*** Questions? ***

Contact the guest editors:

•	Ayse Basar Bener, Ryerson University, ayse.bener at ryerson.ca
•	Erlinda Olalia-Carin, KPMG Canada, eolaliacarin at kpmg.ca
•	Uwe Zdun, University of Vienna, uwe.zdun at univie.ac.at

*** Submission Guidelines ***
Manuscripts must not exceed 4,700 words including figures and tables, 
which count for 200 words each. Submissions in excess of these limits 
may be rejected without refereeing. The articles we deem within the 
theme's scope will be peer reviewed and are subject to editing for 
magazine style, clarity, organization, and space. We reserve the right 
to edit the title of all submissions. Be sure to include the name of the 
theme or special issue you are submitting for.

Articles should have a practical orientation and be written in a style 
accessible to practitioners. Overly complex, purely research-oriented or 
theoretical treatments are not appropriate. Articles should be novel. 
IEEE Software does not republish material published previously in other 
venues, including other periodicals and formal conference/workshop 
proceedings, whether previous publication was in print or in electronic 
form.

For full author guidelines: www.computer.org/software/author.htm

For submission details: software at computer.org

To submit an article: https://mc.manuscriptcentral.com/sw-cs