Abstract

In recent years, many governmental regulations have been introduced to protect the privacy of personal information. As a result, organizations must take a systematic approach to ensure that their business processes comply with these regulations. In the past, we introduced a requirements framework that mapped regulations documents and goals to goal and scenario models of organizational processes. The intent was to help organizations document and manage the compliance of their processes in the face of evolutionary changes. In this paper, we extend our framework by incorporating regulation scenario models and by adding the notion of contribution link level to the compliance link types. These extensions result in a frame-work that is more aligned to the needs of an organization when it must evaluate and ensure the legal compliance of its organizational processes.