{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,1]],"date-time":"2026-03-01T05:23:39Z","timestamp":1772342619245,"version":"3.50.1"},"publisher-location":"Cham","reference-count":38,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030641474","type":"print"},{"value":"9783030641481","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-64148-1_24","type":"book-chapter","created":{"date-parts":[[2020,11,20]],"date-time":"2020-11-20T15:11:27Z","timestamp":1605885087000},"page":"385-401","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":17,"title":["Compliance Requirements in Large-Scale Software Development: An Industrial Case Study"],"prefix":"10.1007","author":[{"given":"Muhammad","family":"Usman","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michael","family":"Felderer","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michael","family":"Unterkalmsteiner","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Eriks","family":"Klotins","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Daniel","family":"Mendez","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Emil","family":"Al\u00e9groth","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,11,21]]},"reference":[{"key":"24_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"251","DOI":"10.1007\/978-3-642-13094-6_21","volume-title":"Advanced Information Systems Engineering","author":"N Syed Abdullah","year":"2010","unstructured":"Syed Abdullah, N., Sadiq, S., Indulska, M.: Emerging challenges in information systems research for regulatory compliance management. In: Pernici, B. (ed.) CAiSE 2010. LNCS, vol. 6051, pp. 251\u2013265. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-13094-6_21"},{"issue":"4","key":"24_CR2","doi-asserted-by":"publisher","first-page":"459","DOI":"10.1007\/s00766-018-0294-1","volume":"24","author":"O Akhigbe","year":"2018","unstructured":"Akhigbe, O., Amyot, D., Richards, G.: A systematic literature mapping of goal and non-goal modelling methods for legal and regulatory compliance. Requirements Eng. 24(4), 459\u2013481 (2018). https:\/\/doi.org\/10.1007\/s00766-018-0294-1","journal-title":"Requirements Eng."},{"issue":"1","key":"24_CR3","doi-asserted-by":"publisher","first-page":"23","DOI":"10.4018\/jthi.2005010102","volume":"1","author":"IF Alexander","year":"2005","unstructured":"Alexander, I.F.: A taxonomy of stakeholders: human roles in system development. Int. J. Technol. Hum. Inter. (IJTHI) 1(1), 23\u201359 (2005)","journal-title":"Int. J. Technol. Hum. Inter. (IJTHI)"},{"key":"24_CR4","doi-asserted-by":"crossref","unstructured":"Arthasartsri, S., Ren, H.: Validation and verification methodologies in a380 aircraft reliability program. In: 2009 8th International Conference on Reliability, Maintainability and Safety, pp. 1356\u20131363. IEEE (2009)","DOI":"10.1109\/ICRMS.2009.5270030"},{"key":"24_CR5","unstructured":"Avizienis, A., Laprie, J.C., Randell, B., et al.: Fundamental concepts of dependability. University of Newcastle upon Tyne, Computing Science (2001)"},{"key":"24_CR6","doi-asserted-by":"crossref","unstructured":"Boella, G., Janssen, M., Hulstijn, J., Humphreys, L., Van Der Torre, L.: Managing legal interpretation in regulatory compliance. In: Proceedings of the 14th International Conference on Artificial Intelligence and Law, pp. 23\u201332 (2013)","DOI":"10.1145\/2514601.2514605"},{"key":"24_CR7","unstructured":"Breaux, T.D., Anton, A.I.: An algorithm to generate compliance monitors from regulations. Technical report, North Carolina State University, Department of Computer Science (2006)"},{"key":"24_CR8","doi-asserted-by":"crossref","unstructured":"Conmy, P., Paige, R.F.: Challenges when using model driven architecture in the development of safety critical software. In: 4th International Workshop on Model-Based Methodologies for Pervasive and Embedded Software, MOMPES 2007, pp. 127\u2013136. IEEE (2007)","DOI":"10.1109\/MOMPES.2007.4"},{"key":"24_CR9","doi-asserted-by":"publisher","first-page":"176","DOI":"10.1016\/j.jss.2015.06.063","volume":"123","author":"B Fitzgerald","year":"2017","unstructured":"Fitzgerald, B., Stol, K.J.: Continuous software engineering: a roadmap and agenda. J. Syst. Softw. 123, 176\u2013189 (2017)","journal-title":"J. Syst. Softw."},{"key":"24_CR10","doi-asserted-by":"crossref","unstructured":"Ghanavati, S., Amyot, D., Peyton, L.: A systematic review of goal-oriented requirements management frameworks for business process compliance. In: 2011 4th International Workshop on Requirements Engineering and Law, pp. 25\u201334. IEEE (2011)","DOI":"10.1109\/RELAW.2011.6050270"},{"key":"24_CR11","doi-asserted-by":"crossref","unstructured":"Ghanavati, S., Hulstijn, J.: Impact of legal interpretation in business process compliance. In: 2015 IEEE\/ACM 1st International Workshop on TEchnical and LEgal aspects of data pRivacy and SEcurity, pp. 26\u201331. IEEE (2015)","DOI":"10.1109\/TELERISE.2015.13"},{"key":"24_CR12","series-title":"Lecture Notes in Business Information Processing","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1007\/978-3-642-00328-8_2","volume-title":"Business Process Management Workshops","author":"G Governatori","year":"2009","unstructured":"Governatori, G., Hoffmann, J., Sadiq, S., Weber, I.: Detecting regulatory compliance for business process models through semantic annotations. In: Ardagna, D., Mecella, M., Yang, J. (eds.) BPM 2008. LNBIP, vol. 17, pp. 5\u201317. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-00328-8_2"},{"key":"24_CR13","unstructured":"Hamou-Lhadj, A., Hamou-Lhadj, A.: Towards a compliance support framework for global software companies. In: Proceedings of the Software Engineering Conference, p. 2 (2007)"},{"key":"24_CR14","unstructured":"Hamou-Lhadj, A.: Regulatory compliance and its impact on software development. Software Compliance Research Group, Department of Electrical and Computer Engineering (2015)"},{"issue":"1","key":"24_CR15","doi-asserted-by":"publisher","first-page":"79","DOI":"10.1007\/s10115-017-1142-1","volume":"57","author":"M Hashmi","year":"2018","unstructured":"Hashmi, M., Governatori, G., Lam, H.-P., Wynn, M.T.: Are we done with business process compliance: state of the art and challenges ahead. Knowl. Inf. Syst. 57(1), 79\u2013133 (2018). https:\/\/doi.org\/10.1007\/s10115-017-1142-1","journal-title":"Knowl. Inf. Syst."},{"key":"24_CR16","unstructured":"Hassan, W., Logrippo, L.: Validating compliance with privacy legislation (2008, submitted)"},{"key":"24_CR17","doi-asserted-by":"crossref","unstructured":"Hassan, W., Logrippo, L.: Governance requirements extraction model for legal compliance validation. In: 2009 2nd International Workshop on Requirements Engineering and Law, pp. 7\u201312. IEEE (2009)","DOI":"10.1109\/RELAW.2009.4"},{"key":"24_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"132","DOI":"10.1007\/978-3-642-04468-7_12","volume-title":"Computer Safety, Reliability, and Security","author":"Z Hu","year":"2009","unstructured":"Hu, Z., Bilich, C.G.: Experience with establishment of reusable and certifiable safety lifecycle model within ABB. In: Buth, B., Rabe, G., Seyfarth, T. (eds.) SAFECOMP 2009. LNCS, vol. 5775, pp. 132\u2013144. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-04468-7_12"},{"key":"24_CR19","doi-asserted-by":"publisher","first-page":"279","DOI":"10.1016\/j.datak.2012.12.004","volume":"87","author":"S Ingolfo","year":"2013","unstructured":"Ingolfo, S., Siena, A., Mylopoulos, J., Susi, A., Perini, A.: Arguing regulatory compliance of software requirements. Data Knowl. Eng. 87, 279\u2013296 (2013)","journal-title":"Data Knowl. Eng."},{"issue":"1","key":"24_CR20","doi-asserted-by":"publisher","first-page":"119","DOI":"10.1007\/s00766-009-0089-5","volume":"15","author":"AK Massey","year":"2010","unstructured":"Massey, A.K., Otto, P.N., Hayward, L.J., Ant\u00f3n, A.I.: Evaluating existing security and privacy requirements for legal compliance. Requirements Eng. 15(1), 119\u2013137 (2010)","journal-title":"Requirements Eng."},{"key":"24_CR21","doi-asserted-by":"crossref","unstructured":"Maxwell, J.C., Ant\u00f3n, A.I.: Checking existing requirements for compliance with law using a production rule model. In: 2009 2nd International Workshop on Requirements Engineering and Law, pp. 1\u20136. IEEE (2009)","DOI":"10.1109\/RELAW.2009.3"},{"key":"24_CR22","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"141","DOI":"10.1007\/978-3-642-30439-2_13","volume-title":"Software Process Improvement and Capability Determination","author":"M McHugh","year":"2012","unstructured":"McHugh, M., McCaffery, F., Casey, V.: Barriers to adopting agile practices when developing medical device software. In: Mas, A., Mesquida, A., Rout, T., O\u2019Connor, R.V., Dorling, A. (eds.) SPICE 2012. CCIS, vol. 290, pp. 141\u2013147. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-30439-2_13"},{"issue":"1","key":"24_CR23","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1007\/BF01060044","volume":"5","author":"G Midgley","year":"1992","unstructured":"Midgley, G.: The sacred and profane in critical systems thinking. Syst. Pract. 5(1), 5\u201316 (1992)","journal-title":"Syst. Pract."},{"key":"24_CR24","volume-title":"Qualitative Data Analysis: An Expanded Sourcebook","author":"MB Miles","year":"1994","unstructured":"Miles, M.B., Huberman, A.M., Huberman, M.A., Huberman, M.: Qualitative Data Analysis: An Expanded Sourcebook. Sage, Thousand Oaks (1994)"},{"key":"24_CR25","doi-asserted-by":"crossref","unstructured":"Miseldine, P.L., Flegel, U., Schaad, A.: Supporting evidence-based compliance evaluation for partial business process outsourcing scenarios. In: 2008 Requirements Engineering and Law, pp. 31\u201334. IEEE (2008)","DOI":"10.1109\/RELAW.2008.9"},{"key":"24_CR26","unstructured":"Mishra, S., Weistroffer, H.R.: Issues with incorporating regulatory compliance into agile development: a critical analysis. Southern Association for Information Systems (SAIS) (2008)"},{"key":"24_CR27","doi-asserted-by":"crossref","unstructured":"Muthuri, R., Boella, G., Hulstijn, J., Humphreys, L.: Argumentation-based legal requirements engineering: the role of legal interpretation in requirements acquisition. In: 2016 IEEE 24th International Requirements Engineering Conference Workshops (REW), pp. 249\u2013258. IEEE (2016)","DOI":"10.1109\/REW.2016.048"},{"issue":"7","key":"24_CR28","doi-asserted-by":"publisher","first-page":"689","DOI":"10.1016\/j.infsof.2014.03.001","volume":"56","author":"S Nair","year":"2014","unstructured":"Nair, S., De La Vara, J.L., Sabetzadeh, M., Briand, L.: An extended systematic literature review on provision of evidence for safety certification. Inf. Softw. Technol. 56(7), 689\u2013717 (2014)","journal-title":"Inf. Softw. Technol."},{"issue":"3","key":"24_CR29","first-page":"1","volume":"5","author":"MRI Nekvi","year":"2014","unstructured":"Nekvi, M.R.I., Madhavji, N.H.: Impediments to regulatory compliance of requirements in contractual systems engineering projects: a case study. ACM Trans. Manage. Inf. Syst. (TMIS) 5(3), 1\u201335 (2014)","journal-title":"ACM Trans. Manage. Inf. Syst. (TMIS)"},{"key":"24_CR30","doi-asserted-by":"crossref","unstructured":"Penzenstadler, B., Leuser, J.: Complying with law for RE in the automotive domain. In: 2008 Requirements Engineering and Law, pp. 11\u201315. IEEE (2008)","DOI":"10.1109\/RELAW.2008.3"},{"key":"24_CR31","unstructured":"PWC: Moving Beyond the Baseline: Leveraging the Compliance Function to Gain a Competitive Edge (2015)"},{"issue":"2","key":"24_CR32","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1007\/s10664-008-9102-8","volume":"14","author":"P Runeson","year":"2009","unstructured":"Runeson, P., H\u00f6st, M.: Guidelines for conducting and reporting case study research in software engineering. Empir. Softw. Eng. 14(2), 131 (2009)","journal-title":"Empir. Softw. Eng."},{"key":"24_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"409","DOI":"10.1007\/978-3-319-98648-7_24","volume-title":"Business Process Management","author":"S Sackmann","year":"2018","unstructured":"Sackmann, S., Kuehnel, S., Seyffarth, T.: Using business process compliance approaches for compliance management with regard to digitization: evidence from a systematic literature review. In: Weske, M., Montali, M., Weber, I., vom Brocke, J. (eds.) BPM 2018. LNCS, vol. 11080, pp. 409\u2013425. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-98648-7_24"},{"key":"24_CR34","series-title":"Lecture Notes in Business Information Processing","doi-asserted-by":"publisher","first-page":"228","DOI":"10.1007\/978-3-642-22056-2_25","volume-title":"Advanced Information Systems Engineering Workshops","author":"A Shamsaei","year":"2011","unstructured":"Shamsaei, A., Amyot, D., Pourshahid, A.: A systematic review of compliance measurement based on goals and indicators. In: Salinesi, C., Pastor, O. (eds.) CAiSE 2011. LNBIP, vol. 83, pp. 228\u2013237. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-22056-2_25"},{"key":"24_CR35","doi-asserted-by":"crossref","unstructured":"da Silva Barboza, L., Gilberto Filho, A.A., de Souza, R.A.: Towards a legal compliance verification approach on the procurement process of it solutions for the Brazilian federal public administration. In: 2014 IEEE 7th International Workshop on Requirements Engineering and Law (RELAW), pp. 39\u201340. IEEE (2014)","DOI":"10.1109\/RELAW.2014.6893481"},{"key":"24_CR36","doi-asserted-by":"crossref","unstructured":"Soltana, G., Sabetzadeh, M., Briand, L.C.: Model-based simulation of legal requirements: experience from tax policy simulation. In: 2016 IEEE 24th International Requirements Engineering Conference (RE), pp. 303\u2013312. IEEE (2016)","DOI":"10.1109\/RE.2016.11"},{"key":"24_CR37","doi-asserted-by":"crossref","unstructured":"Torre, D., Soltana, G., Sabetzadeh, M., Briand, L.C., Auffinger, Y., Goes, P.: Using models to enable compliance checking against the GDPR: an experience report. In: 2019 ACM\/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems (MODELS), pp. 1\u201311. IEEE (2019)","DOI":"10.1109\/MODELS.2019.00-20"},{"issue":"6","key":"24_CR38","doi-asserted-by":"publisher","first-page":"958","DOI":"10.1109\/TSC.2014.2341236","volume":"8","author":"SC Tosatto","year":"2014","unstructured":"Tosatto, S.C., Governatori, G., Kelsen, P.: Business process regulatory compliance is hard. IEEE Trans. Serv. Comput. 8(6), 958\u2013970 (2014)","journal-title":"IEEE Trans. Serv. Comput."}],"container-title":["Lecture Notes in Computer Science","Product-Focused Software Process Improvement"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-64148-1_24","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,24]],"date-time":"2021-04-24T19:55:32Z","timestamp":1619294132000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-64148-1_24"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030641474","9783030641481"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-64148-1_24","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"21 November 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"PROFES","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Product-Focused Software Process Improvement","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Turin","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Italy","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 November 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 November 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"profes2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/softeng.polito.it\/profes2020\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"68","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"28% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Due to COVID-19 pandemic the conference was held virtually","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}