A Framework Based on Requirements Engineering to Support Regulatory and Legal Compliance in Computer Systems
regulatory or legal requirement, regulatory and legal compliance, regulatory or legal source, framework
The regulatory and legal universe permeates everything and everyone. Therefore, computer systems need to be from their conception, evolution, or even their maintenance in regulatory and legal compliance with the laws, rules, regulations, bylaws, statutes, standards, among other legal media (named, in this research, from regulatory or legal sources - RLS) that rule your domain, your application context. The objective of this research was to offer a alternative to the Computing professional (e.g., requirements analysts/engineers and project managers) ways to verify and maintain legal and regulatory compliance in their projects, where regulatory or legal sources no longer cover only individuals or legal entities, but also digital people and those RLS can not be only national. Identifying, defining and prioritizing these RLS have become problems for these Computing professionals in different contexts, especially in agile ecosystems of computing systems development. Thus, the following methodological strategies were adopted: systematic literature review; face-to-face and remote interviews; questionnaires; case studies; action research; and organizational ethnography. As a result of this research, it was formalized and evaluated with representatives of the target user audience a framework aimed for assisting Computing professionals, in the deployment and implementation process, and verification (audit) of regulatory or legal compliance in computer systems in agile ecosystems, despite being easily adaptable to any other methodology. Thereby, in addition to creating facilities throughout the work cycle with regulatory or legal requirements, enable computer systems in regulatory and legal compliance with RLS.