Hamdaqa, M; Hamou-Lhadj, A. 2011. An approach based on citation analysis to support effective handling of regulatory compliance. FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF GRID COMPUTING-THEORY METHODS AND APPLICATIONS 27 (4): 395-410

[Eugene Garfield]

Hamdaqa, M; Hamou-Lhadj, A. 2011. An approach based on citation analysis to 
support effective handling of regulatory compliance. FUTURE GENERATION 
COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF GRID COMPUTING-
THEORY METHODS AND APPLICATIONS 27 (4): 395-410.

Author Full Name(s): Hamdaqa, Mohammad; Hamou-Lhadj, Abdelwahab
Language: English
Document Type: Article

Author Keywords: Software engineering; Regulatory compliance; IT Compliance; 
Citation analysis
KeyWords Plus: WEB; DATABASE

Abstract: For most global software companies with a client base that covers a 
large number of regulated businesses, regulatory compliance represents a 
significant challenge. The world of compliance has become increasingly complex 
due to the overwhelming number of regulations, laws, and standards that are 
introduced every year. These laws may vary significantly in their scope and 
applicability depending on the industry sector and the geographical area of the 
end client. In addition, many of these laws are created by different legislative 
bodies resulting in overlapping and sometimes conflicting provisions. To further 
complicate matters, laws are often created based on existing ones, forming a 
complex set of interdependent rules where changes made in one place can 
propagate to affect, sometimes in an inconsistent manner, many other laws. 
There is clearly a need to investigate techniques and tools that can alleviate IT 
solution providers from the complexity of dealing with regulatory compliance. In 
this paper, we present an approach and a supporting tool that aim to facilitate 
the analysis of multiple regulations. Our approach is based on the exploration of 
the citation relationship that links various laws together. The citation 
relationship is represented by a citation graph that can be used by an analyst 
to navigate through the provisions of various interrelated laws to uncover 
overlaps and possible conflicts or to simply understand the content of specific 
law documents. We also present a tool called CompDSS (Compliance Decision 
Support System) that supports our approach. Finally, we show the 
effectiveness of the presented approach by applying it to three regulations, 
namely, SOX, HIPAA, and GLBA. Crown Copyright (C) 2010 Published by Elsevier 
B.V. All rights reserved.

Addresses: [Hamdaqa, Mohammad; Hamou-Lhadj, Abdelwahab] Concordia Univ, 
Dept Elect & Comp Engn, Montreal, PQ H3G 1M8, Canada
Reprint Address: Hamou-Lhadj, A, Concordia Univ, Dept Elect & Comp Engn, 
1455 Maisonneuve W Blvd, Montreal, PQ H3G 1M8, Canada.

E-mail Address: m_hamdaq at ece.concordia.ca; abdelw at ece.concordia.ca
ISSN: 0167-739X
DOI: 10.1016/j.future.2010.09.007
URL (not open access): http://dx.doi.org/10.1016/j.future.2010.09.007