From standards and regulations to executable rules: A case study in the Building Accessibility domain

Regulatory compliance check in the building industry is a complex task that involves cross-domain national and international standards and regulations. This paper introduces a refined approach to extract SWRL rules from building accessibility regulatory texts and then to transform them into executable rules for semi-automatic compliance checking of Building Information Models. The domain ontology model is a key input to the approach and is enriched by new knowledge extracted from the regulatory text. This semantic technology enhanced rule extraction approach standardized the rule extraction process by covering the whole lifecycle from regulatory text to executable rules. It is based on the open standards and applies open source tools and thereby portable and extendable. It conforms to the open BIM principle to support knowledge sharing cross domains and disciplines. The approach is also adaptable to other types of regulatory rules in the building industry.publishedVersio

Semantic framework for regulatory compliance support

Regulatory Compliance Management (RCM) is a management process, which an organization implements to conform to regulatory guidelines. Some processes that contribute towards automating RCM are: (i) extraction of meaningful entities from the regulatory text and (ii) mapping regulatory guidelines with organisational processes. These processes help in updating the RCM with changes in regulatory guidelines. The update process is still manual since there are comparatively less research in this direction. The Semantic Web technologies are potential candidates in order to make the update process automatic. There are stand-alone frameworks that use Semantic Web technologies such as Information Extraction, Ontology Population, Similarities and Ontology Mapping. However, integration of these innovative approaches in the semantic compliance management has not been explored yet. Considering these two processes as crucial constituents, the aim of this thesis is to automate the processes of RCM. It proposes a framework called, RegCMantic. The proposed framework is designed and developed in two main phases. The first part of the framework extracts the regulatory entities from regulatory guidelines. The extraction of meaningful entities from the regulatory guidelines helps in relating the regulatory guidelines with organisational processes. The proposed framework identifies the document-components and extracts the entities from the document-components. The framework extracts important regulatory entities using four components: (i) parser, (ii) definition terms, (iii) ontological concepts and (iv) rules. The parsers break down a sentence into useful segments. The extraction is carried out by using the definition terms, ontological concepts and the rules in the segments. The entities extracted are the core-entities such as subject, action and obligation, and the aux-entities such as time, place, purpose, procedure and condition. The second part of the framework relates the regulatory guidelines with organisational processes. The proposed framework uses a mapping algorithm, which considers three types of Abstract 3 entities in the regulatory-domain and two types of entities in the process-domains. In the regulatory-domain, the considered entities are regulation-topic, core-entities and aux-entities. Whereas, in the process-domain, the considered entities are subject and action. Using these entities, it computes aggregation of three types of similarity scores: topic-score, core-score and aux-score. The aggregate similarity score determines whether a regulatory guideline is related to an organisational process. The RegCMantic framework is validated through the development of a prototype system. The prototype system implements a case study, which involves regulatory guidelines governing the Pharmaceutical industries in the UK. The evaluation of the results from the case-study has shown improved accuracy in extraction of the regulatory entities and relating regulatory guidelines with organisational processes. This research has contributed in extracting meaningful entities from regulatory guidelines, which are provided in unstructured text and mapping the regulatory guidelines with organisational processes semantically

Coordination & cooperation in financial regulation: Do regulators comply with banking culture?

This paper identifies cultural gaps as a possible stumbling block in the efficient exchange of information and the sharing of problems and goals among regulators and the industry, with respect to the recent innovations introduced in the financial sector, which are orienting the supervisory authorities towards the adoption of new interaction models with the supervised financial intermediares.

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Continuous Process Auditing (CPA): an Audit Rule Ontology Approach to Compliance and Operational Audits

Continuous Auditing (CA) has been investigated over time and it is, somewhat, in practice within nancial and transactional auditing as a part of continuous assurance and monitoring. Enterprise Information Systems (EIS) that run their activities in the form of processes require continuous auditing of a process that invokes the action(s) speci ed in the policies and rules in a continuous manner and/or sometimes in real-time. This leads to the question: How much could continuous auditing mimic the actual auditing procedures performed by auditing professionals? We investigate some of these questions through Continuous Process Auditing (CPA) relying on heterogeneous activities of processes in the EIS, as well as detecting exceptions and evidence in current and historic databases to provide audit assurance

Unpacking Ambiguity in Building Requirements to Support Automated Compliance Checking

In the architecture, engineering, and construction (AEC) industry, manual compliance checking is labor-intensive, time-consuming, expensive, and error-prone. Automated compliance checking (ACC) has been extensively studied in the past 50 years to improve the productivity and accuracy of the compliance checking process. While numerous ACC systems have been proposed, these systems can only deal with requirements that include quantitative metrics or specified properties. This leaves the remaining 53% of building requirements to be checked manually, mainly due to the ambiguity embedded in them. In the literature, little is known about the ambiguity of building requirements, which impedes their accurate interpretation and automated checking. This research thus aims to address this issue and establish a taxonomy of ambiguity. Building requirements in health building notes (HBNs) are analyzed using an inductive approach. The results show that some ambiguous clauses in building requirements reflect regulators’ intention while others are unintentional, resulting from the use of language, tacit knowledge, and ACC-specific reasons. This research is valuable for compliance-checking researchers and practitioners because it unpacks ambiguity in building requirements, laying a solid foundation for addressing ambiguity appropriately

Legal compliance by design (LCbD) and through design (LCtD) : preliminary survey

1st Workshop on Technologies for Regulatory Compliance co-located with the 30th International Conference on Legal Knowledge and Information Systems (JURIX 2017). The purpose of this paper is twofold: (i) carrying out a preliminary survey of the literature and research projects on Compliance by Design (CbD); and (ii) clarifying the double process of (a) extending business managing techniques to other regulatory fields, and (b) converging trends in legal theory, legal technology and Artificial Intelligence. The paper highlights the connections and differences we found across different domains and proposals. We distinguish three different policydriven types of CbD: (i) business, (ii) regulatory, (iii) and legal. The recent deployment of ethical views, and the implementation of general principles of privacy and data protection lead to the conclusion that, in order to appropriately define legal compliance, Compliance through Design (CtD) should be differentiated from CbD

An ontology-based semantic building post-occupancy evaluation framework and its application

This thesis was submitted for the award of Doctor of Philosophy and was awarded by Brunel University LondonCatering to sustainable development in Architecture, Engineering and Construction (AEC) industry, many building performance evaluation (BPE) schemas have been developed to support building assessment and aim to narrow down the performance gap. Post-Occupancy Evaluation (POE), viewed as a sub-process of BPE, is a systematic method to obtain feedback on building performance in use. However, building evaluation is a complex and knowledge-intensive process with scattered and fragmented knowledge, it is time-consuming and error-prone to acquire explicit knowledge. Benefiting from the advantages of Semantic Web technology in knowledge conceptualization, ontology, as the core of the Semantic Web, has been widely taken as an effective method for knowledge management, information representation and extraction, and logical inference in the AEC industry, especially in the BPE field. However, most of the existing ontologies in the AEC industry are lightweight ontologies that mainly focus on building a structured system to represent the specific domain knowledge or information, without developing formal axioms and constraints to provide higher expressivity. Moreover, the research focus of ontology in building assessment is mainly on energy-related fields, and there is not a comprehensive POE ontology yet, especially with the focus on building occupant satisfaction, which is the starting point of this research. This research develops an ontology-based post-occupancy evaluation framework dedicated to building performance assessment, with the ultimate aim of optimizing building operation and improving building occupants' use experience quality and well-being. In the developed framework, a heavyweight ontology is developed to structure the fragmented building performance assessment knowledge in the POE domain. In POE ontology, the building occupants' needs for building performance are generalized and classified, and the corresponded building performance assessment knowledge is formalized. In addition, a set of SWRL (Semantic Web Rule Language) rules and SQWRL (Semantic Query-Enhanced Web Rule Language) query rules are developed based on the benchmarking evaluation axioms to enable automatic rule-based reasoning and query in different identified application scenarios. This ontology model enables effective POE-related knowledge retrieving and sharing, and promotes its implementation in the POE domain. To validate the developed framework, a case study is carried out facilitated by the Building Use Studies (BUS) Methodology to illustrate its feasibility and effectiveness in different application scenarios. This research concludes that the proposed ontology-based POE framework has the capability to conduct a multi-objective and multi-criteria POE assessment at the building operation stage and provide a multi-criteria optimised solution

GDPR Privacy Policies in CLAUDETTE: Challenges of Omission, Context and Multilingualism

The latest developments in natural language processing and machine learning have created new opportunities in legal text analysis. In particular, we look at the texts of online privacy policies after the implementation of the European General Data Protection Regulation (GDPR). We analyse 32 privacy policies to design a methodology for automated detection and assessment of compliance of these documents. Preliminary results confirm the pressing issues with current privacy policies and the beneficial use of this approach in empowering consumers in making more informed decisions. However, we also encountered several serious issues in the process. This paper introduces the challenges through concrete examples of context dependence, omission of information, and multilingualism