Regulatory Requirements Engineering in Large Enterprises: An Interview Study on the European Accessibility Act
This program is tentative and subject to change.
Context: Regulations, such as the European Accessibility Act (EAA), impact the engineering of software products and services. Assessing and managing that impact effectively while providing meaningful inputs to development teams is one of the emerging requirements engineering challenges.
Problem: Enterprises conduct Regulatory Impact Analysis (RIA) to consider the effects of regulations on software products offered and formulate requirements at an enterprise level. Despite its practical relevance, we are not aware of any studies on this large-scale regulatory requirements engineering process.
Methodology: To better understand companies’ practices and challenges, we conducted an exploratory interview study of RIA in three international enterprises. We focused on how they conduct RIA, emphasizing cross-functional interactions, and using the EAA as an example.
Results: We found out that RIA, as a regulatory requirements engineering process, is conducted to address the needs of executive management and central functions. RIA involves coordination between different functions and levels of enterprise hierarchy. Such coordination is knowledge-intensive. Enterprises use artifacts to support interpretation and communication of the results of RIA. Challenges to RIA are mainly related to the effectiveness of executing such coordination and managing corresponding knowledge.
Conclusion: In practice, RIA in large enterprises demands close coordination of multiple stakeholders and roles at different levels of the enterprise hierarchy. Applying interpretation and compliance artifacts is one approach to support such coordination. However, there are no established practices for creating and managing such artifacts.
This program is tentative and subject to change.
Wed 4 DecDisplayed time zone: Athens change
11:00 - 12:30 | PROFES Session 8: Security, Compliance and Regulatory ComplianceResearch Papers / Short Papers and Posters at UT Library - Room 3 | ||
11:00 18mResearch paper | An Approach to Cognitive Root Cause Analysis of Software Vulnerabilities Research Papers Theo Hytopoulos Western Washington University, Marvin Chan Western Washington University, Keegan Roth Western Washington University, Rylon Wasson Western Washington University, Fuqun Huang Western Washington University | ||
11:18 18mResearch paper | Guidelines for Supporting Software Engineers in Developing Secure Web Applications Research Papers Klara Svensson Chalmers | University of Gothenburg, Drake Axelrod Chalmers | University of Gothenburg, Mazen Mohamad Chalmers | RISE - Research Institutes of Sweden, Rebekka Wohlrab Chalmers University of Technology | ||
11:36 12mShort-paper | Towards Generating Compliance Action Plans: A Discussion of Needs and Opportunities Short Papers and Posters Julio Guzman Reutlingen University, Heiko Doerr UL Method Park GmbH, Thomas Brenner OHB System AG, Rainer Gerlich Dr. Rainer Gerlich System and Software Engineering, Jürgen Münch Reutlingen University, Marco Kuhrmann Reutlingen University | ||
11:48 18mResearch paper | Regulatory Requirements Engineering in Large Enterprises: An Interview Study on the European Accessibility Act Research Papers Oleksandr Kosenkov fortiss GmbH, Michael Unterkalmsteiner Blekinge Institute of Technology, Daniel Mendez Blekinge Institute of Technology and fortiss, Jannik Fischbach Netlight Consulting GmbH and fortiss GmbH | ||
12:06 24mTalk | Session 8 Discussion Research Papers | ||