CISMET: A Semantic Ontology Framework for Regulatory-Requirements-Compliant Information Systems Development and Its Application in the GDPR Case

Abstract

Compliance to regulatory requirements is a critical concern in information system development projects. Managing this aspect is increasingly challenging while failures impose costly consequence on the organizations world-wide. However, how a legislation may or may not affect information system development projects is often not easily identifiable due to lack of clear understanding and guidelines. This paper presents compliant information system development (CISMET) ontology, exploiting concepts from 21 existing ontologies (regarding regulatory compliance and information system development). The key findings are the six parent classes in the CISMET ontology describing the system development goals, services, process, activities, artifacts, and resources. Also, there are 26 sub classes and 21 class properties that describe various concepts and their relationships in regulatory compliant information system development. The General Data Protection Regulation (GDPR) of the European Union has been instantiated in the proposed framework to indicate how regulatory requirements compliance concepts are mapped to system development projects. Thus, involved stakeholders (information system researchers and system developers) may identify dependencies and actions needed with relation to various rules in the regulation and their link to the system elements through a relevant software application. The latter enables users to easily submit queries towards the backend ontology through a specialized front-end application that can aid in formulating and submitting these queries.