Implementing Cloud Computing. A Study of the Impact on the IT Department

Master's thesis in Information systems (IS501)Cloud Computing (CC)has become an area of interestamongmany organizations. Manyhave started to prioritize the development of both public and private Cloudsfor storing the increased volumes of data,andto exploit the benefits of the phenomena.With the new benefits of publicCloud, it is inevitable that some of thetasks the traditional IT departments have provisionedare being outsourced to a third party, and will be contributing to some sort of organizational and managerial change for them.Based on this, the study has its purpose of researchinghow the IT department is impacted in organizations based on CC adoption. Toinvestigatethis topic,wedevelopedthe following research question; “What impactdoes Cloud Computing have on the IT department andits IT governance mechanisms?”. Answering the proposed RQwill help us identifyhow the IT department has been impacted, as well as identifying the change in its IT governance mechanisms. To assist in answering the question above, we developed two sub-questions;“How will the role of the IT department within an organization change after adopting CC services?”and “How will CC affect the managerial responsibilities within the IT department?”. Thesewill provide further informationandanswer ourpresented RQ, as well as providing a broaderspecter of information

Regulatory Compliance-oriented Impediments and Associated Effort Estimation Metrics in Requirements Engineering for Contractual Systems Engineering Projects

Large-scale contractual systems engineering projects often need to comply with a myriad of government regulations and standards as part of contractual fulfillment. A key activity in the requirements engineering (RE) process for such a project is to elicit appropriate requirements from the regulations and standards that apply to the target system. However, there are impediments in achieving compliance due to such factors as: the voluminous contract and its high-level specifications, large number of regulatory documents, and multiple domains of the system. Little empirical research has been conducted on developing a shared understanding of the compliance-oriented complexities involved in such projects, and identifying and developing RE support (such as processes, tools, metrics, and methods) to improve overall performance for compliance projects. Through three studies on an industrial RE project, we investigated a number of issues in RE concerning compliance, leading to the following novel results:(i) a meta-model that captures artefacts-types and their compliance-oriented inter-relationships that exist in RE for contractual systems engineering projects; (ii) discovery of key impediments to requirements-compliance due to: (a) contractual complexities (e.g., regulatory requirements specified non-contiguously with non-regulatory requirements in the contract at the ratio of 1:19), (b) complexities in regulatory documents (e.g., over 300 regulatory documents being relevant to the subject system), and (c) large and complex system (e.g., 40% of the contractual regulatory requirements are cross-cutting); (iii) a method for deriving base metrics for estimating the effort needed to do compliance work during RE and demonstrate how a set of derived metrics can be used to create an effort estimation model for such work; (iv) a framework for structuring diverse regulatory documents and requirements for global product developments. These results lay a foundation in RE research on compliance issues with anticipation for its impact in real-world projects and in RE research

A semantic based framework for software regulatory compliance

Software development market is currently witnessing an increasing demand for software applications conformance with the international regime of GRC for Governance, Risk and Compliance. In this thesis, we propose a compliance requirement analysis method for early stages of software development based on a semantically-rich model, where a mapping can be established from legal and regulatory requirements relevant to system context to software system goals and contexts. This research is an attempt to address the requirement of General Data Protection Regulation (GDPR, Article 25) (European Commission) for implementation of a "privacy by design” approach as part of organizational IT-systems and processes. It requires design of data protection requirements in the development of business processes for products and services. The proposed semantic model consists of a number of ontologies each corresponding to a knowledge component within the developed framework of our approach. Each ontology is a thesaurus of concepts in the compliance and risk assessment domain related to system development along with relationships and rules between concepts that compromise the domain knowledge. The main contribution of the work presented in this paper is a novel ontology-based framework that demonstrates how description-logic reasoning techniques can be used to simulate legal reasoning requirements employed by legal professions against the description of each ontology. The semantic modelling of each component of framework can highly influence the compliance of developing software system and enables the reusability, adaptability and maintainability of these components. Through the discrete modelling of these components, the flexibility and extensibility of compliance systems will be improved. Additionally, enriching ontologies with semantic rules increases the reasoning power and helps to represent rules of laws, regulations and guidelines for compliance, also mapping, refinement and inheriting of different components from each other. This novel approach offers a pedagogically effective and satisfactory learning experience for developers and compliance officers to be trained in area of compliance and query for knowledge in this domain. This thesis offers the theoretical models, design and implementation of a compliance system in accordance with this approach