ODRL Policy Modelling and Compliance Checking

This paper addresses the problem of constructing a policy pipeline that enables compliance checking of business processes against regulatory obligations. Towards this end, we propose an Open Digital Rights Language (ODRL) profile that can be used to capture the semantics of both business policies in the form of sets of required permissions and regulatory requirements in the form of deontic concepts, and present their translation into Answer Set Programming (via the Institutional Action Language (InstAL)) for compliance checking purposes. The result of the compliance checking is either a positive compliance result or an explanation pertaining to the aspects of the policy that are causing the noncompliance. The pipeline is illustrated using two (key) fragments of the General Data Protect Regulation, namely Articles 6 (Lawfulness of processing) and Articles 46 (Transfers subject to appropriate safeguards) and industrially-relevant use cases that involve the specification of sets of permissions that are needed to execute business processes. The core contributions of this paper are the ODRL profile, which is capable of modelling regulatory obligations and business policies, the exercise of modelling elements of GDPR in this semantic formalism, and the operationalisation of the model to demonstrate its capability to support personal data processing compliance checking, and a basis for explaining why the request is deemed compliant or not

Computerising the New Zealand Building Code for automated compliance audit

One key ingredient in the automated compliance audit process is the availability of a computable form of normative requirements (e.g. codes and standards), which are usually written in natural language intended for human interpretation and not readily processable by machines. The predominantly ‘Blackbox’ approach of hardcoding these computable normative rules into a compliance audit system has been reported to be problematic and costly to maintain in response to frequent regulatory changes. The current research sets out to investigate to what extent normative texts can be represented as computable rules for automated compliance audit as well as to ease maintenance in response to changes in the source documents. A set of priority compliance documents supporting the New Zealand Building Code has been selected as the subject for a case study. This paper describes the digitisation and quality assurance process, the knowledge extraction experience, and challenges identified during the study. Furthermore, the paper explores how the legal knowledge captured by the digitised rules can be used effectively in an automated compliance audit environment. The findings from the study suggest that a semi-automated digitisation process is feasible and up to 80% of prescriptive text can be translated and encoded into the open standard LegalRuleML. However, only approximately 50% of these can be used directly in an automated compliance audit environment without any human intervention. The lessons learnt from the study can be used towards improving the digitisation process. Ultimately, this could in turn help to improve the natural language source text in subsequent revisions of the codes

Sharing building information using the IFC data model for FDS fire simulation

This paper describes part of a research project that looks into the potential and challenge of using the Industry Foundation Classes (IFC) open standard building information model in fire engineering design. In particular the paper describes work undertaken to share building geometry and other information with the Fire Dynamics Simulator (FDS) fire simulation model. A commercially available building information modeling (BIM) authoring application has been used to create building geometries and export IFC data files. A web-based conversion tool has been created to generate FDS input data given the output from a dedicated fire engineering IFC parser tool. The capabilities and outcome of data sharing process is illustrated in this paper using a simple test case building

The Relationship Between Requirements Subjectivity and Semantics for Healthcare Design Support Systems

Subjectivity exists in requirements described in the healthcare regulatory framework. This is mainly due to the nature of regulatory requirements and the uniqueness of the design process. Past research identified that subjectivity in regulations is a key issue for automated code and rule checking. The aim of this paper is to discuss how requirements subjectivity could be addressed within building models through semantic enrichment, within the context of automated rule and code compliance checking. The paper presents preliminary findings of a research that follows the Design Science Research approach, framed within the UK healthcare design context. Findings suggest that part of the requirements subjectivity exists due to the implicit relationships between the elements of the healthcare built environment, which also include healthcare services. In order to enable automation, implicit relationships from the regulatory framework should be represented in building models – which could potentially be done through semantic enrichment. The paper discusses some complementarity between relationships identified in regulatory requirements and semantic enrichment operators. Moreover, findings indicate that incorporating semantic relationships in building models can be a promising way to deal with requirements subjectivity, rather than eliminating subjective expressions from regulations