Professor Travis D. Breaux of the Carnegie Mellon University Institute for Software Research and David G. Gordon of the Carnegie Mellon University Department of Engineering and Public Policy have posted Regulatory Requirements as Open Systems: Structures, Patterns and Metrics for the Design of Formal Requirements Specifications (2010), CMU-ISR-11-100. Here is the abstract:
Increasingly, information systems are becoming distributed and pervasive, enabling organizations to deliver services remotely to individuals and to share and store personal information, worldwide. However, system developers face significant challenges in identifying and managing the many laws that govern their services and products in this new multi-jurisdictional environment. To address this challenge, we explore the concept of a computational requirements document expressible using a formal requirements specification language (RSL). The purpose of this document is to make requirements open and available to policy makers, business analysts and software developers, alike. We show how document authors can codify policy and law using the RSL and design, debug, analyze, trace, and visualize relationships among requirements from different policies and regulations. The RSL provides new model-based constructs for expressing multi-jurisdictional, distributed constraints and navigating a regulatory narrative and conditional surface structure. In addition, the RSL makes regulatory specification patterns visually salient and enables metrics to quantitatively measure different compositional styles for writing legal and policy documents. We discovered and validated the RSL using nine U.S. state data breach notification laws that govern transactions of financial and health information of residents of these nine states.