Engineering of transparency requirements in business information systems

Transparency is defined as the open flow of high quality information in a meaningful and useful manner amongst stakeholders in a business information system. Therefore transparency is a requirement of businesses and their information systems. It is typically linked to positive ethical and economic attributes, such as trust and accountability. Despite its importance, transparency is often studied as a secondary concept and viewed through the lenses of adjacent concepts such as security, privacy and regulatory requirements. This has led to a reduced ability to manage transparency and deal with its peculiarities as a first-class requirement. Ad-hoc introduction of transparency may have adverse effects, such as information overload and reduced collaboration. The thesis contributes to the knowledge on transparency requirements by proposing the following. First, this thesis proposes four reference models for transparency. These reference models are based on an extensive literature study in multiple disciplines and provide a foundation for the engineering of transparency requirements in a business information system. Second, this thesis proposes a modelling language for modelling and analysing transparency requirements amongst stakeholders in a business information system. This modelling language is based on the proposed four reference models for transparency. Third, this thesis proposes a method for the elicitation and adaptation of transparency requirements in a business information system. It covers the entire life cycle of transparency requirements and utilises the transparency modelling language for modelling and analysis of transparency requirements. It benefits from three concepts of crowdsourcing, structured feedback acquisition and social adaptation for the elicitation and adaptation of transparency requirements. The thesis also evaluates the transparency modelling language in terms of its usefulness and quality using two different case studies. Then, the feedback acquisition section in the transparency elicitation and adaptation method is evaluated using a third case study. The results of these case studies illustrate the potentials and applicability of both the modelling language and the method in the engineering of transparency requirements in business information systems

TranspLanMeta: A metamodel for TranspLan modeling language

Transparency and transparent decision making are essential requirements in information systems. To this end, a modeling language called TranspLan has been proposed. TranspLan is a domain-specific modeling language which is designed for the purpose of analysing and modeling transparency requirements in information systems. This paper presents a metamodel for transparency requirements modeling. We are introducing a model-driven approach to TranspLan language specifications to facilitate the use of the language more efficiently in real life cases. Metamodeling is an effective method for formally defining domain specific languages and moving from specifications to computer-aided modeling. In this paper, we propose a metamodel for TranspLan modeling language which is called as TranspLanMeta. The metamodeling process helps us to transfer TranspLan language specifications into a machine-readable format. The metamodel has been developed with GME (Generic Modelling Environment), which is a configurable toolkit for creating domain-specific modeling and program synthesis environments. By developing TranspLanMeta with GME, an automatically-generated modeling tool for TranspLan language is provided as well. In this way, an effective approach for accelerating software development is followed and the auto-generated modeling editor is used to define various models. This work provides a formal and practical solution for transparency modeling and a well-defined basis for using transparency requirements models in the further steps of the business process

Expressing business rules : a fact based approach : a thesis presented in partial fulfilment of the requirements for the degree of Master of Philosophy in Information Systems at Massey University, Palmerston North, New Zealand

Numerous industry surveys have suggested that many IT projects still end in failure. Incomplete, ambiguous and inaccurate specifications are cited as a major causal factor. Traditional techniques for specifying data requirements often lack the expressiveness with which to model subtle but common features within organisations. As a consequence, categories of business rules that determine the structure and behaviour of organisations may not be captured until the latter stages of the systems development lifecycle. A fact-based technique called Object Role Modelling (ORM) has been investigated as an altemative approach for specifying data requirements. The technique's ability to capture and represent a wide range of data requirements rigorously, but still in a form comprehensible to business people, could provide a powerful tool for analysts. In this report, ORM constructs have been synthesised with the concepts and definitions provided by the Business Rules Group (BRG), who have produced a detailed taxonomy of business rule categories. In doing so, business rules discovered in an organisation can be expressed in a form that is meaningful to both analysts and business people. Exploiting the expressive simplicity of a conceptual modelling technique to articulate an organisation's business rules could help to fill a significant requirements gap

Practitioner requirements for integrated Knowledge-Based Engineering in Product Lifecycle Management.

The effective management of knowledge as capital is considered essential to the success of engineering product/service systems. As Knowledge Management (KM) and Product Lifecycle Management (PLM) practice gain industrial adoption, the question of functional overlaps between both the approaches becomes evident. This article explores the interoperability between PLM and Knowledge-Based Engineering (KBE) as a strategy for engineering KM. The opinion of key KBE/PLM practitioners are systematically captured and analysed. A set of ranked business functionalities to be fulfiled by the KBE/PLM systems integration is elicited. The article provides insights for the researchers and the practitioners playing both the user and development roles on the future needs for knowledge systems based on PLM

Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems

Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 644429 and No 780351, MUSA project and ENACT project, respectively. We would also like to acknowledge all the members of the MUSA Consortium and ENACT Consortium for their valuable help

A Framework to Analyze Data Governance of Swiss Population Registers

In June 2006 the Swiss Parliament adopted a new law on population registers' harmonization in order to simplify statistical data collection and data exchange from around 4'000 decentralized registers. Besides there are more than 2'000 administrative services delivered to Swiss citizens and businesses, of which hundreds could potentially use data from population registers. The law is rather vague about the implementation of this harmonization and even though many projects are currently being undertaken in this domain, most of them are quite technical. We believe there is a need for analysis tools and therefore in this paper we propose a conceptual framework to analyse data governance of these populations registers, with a strong focus on information requirements and identity management. In order to develop this framework we built on existing approaches to define its building blocks: data consumers, data sources, identity in a given context, requirements, and data sets.governance; data; identity; population registers; modelling; framework