A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä
Systematic mapping study on requirements engineering for regulatory compliance of software systems (2025)


Kosenkov, O., Elahidoost, P., Gorschek, T., Fischbach, J., Mendez, D., Unterkalmsteiner, M., Fucci, D., & Mohanani, R. (2025). Systematic mapping study on requirements engineering for regulatory compliance of software systems. Information and Software Technology, 178, Article 107622. https://doi.org/10.1016/j.infsof.2024.107622


JYU-tekijät tai -toimittajat


Julkaisun tiedot

Julkaisun kaikki tekijät tai toimittajatKosenkov, Oleksandr; Elahidoost, Parisa; Gorschek, Tony; Fischbach, Jannik; Mendez, Daniel; Unterkalmsteiner, Michael; Fucci, Davide; Mohanani, Rahul

Lehti tai sarjaInformation and Software Technology

ISSN0950-5849

eISSN1873-6025

Julkaisuvuosi2025

Volyymi178

Artikkelinumero107622

KustantajaElsevier

JulkaisumaaBritannia

Julkaisun kielienglanti

DOIhttps://doi.org/10.1016/j.infsof.2024.107622

Julkaisun avoin saatavuusEi avoin

Julkaisukanavan avoin saatavuus


Tiivistelmä

Context:
As the diversity and complexity of regulations affecting Software-Intensive Products and Services (SIPS) is increasing, software engineers need to address the growing regulatory scrutiny. We argue that, as with any other non-negotiable requirements, SIPS compliance should be addressed early in SIPS engineering—i.e., during requirements engineering (RE).

Objectives:
In the conditions of the expanding regulatory landscape, existing research offers scattered insights into regulatory compliance of SIPS. This study addresses the pressing need for a structured overview of the state of the art in software RE and its contribution to regulatory compliance of SIPS.

Method:
We conducted a systematic mapping study to provide an overview of the current state of research regarding challenges, principles, and practices for regulatory compliance of SIPS related to RE. We focused on the role of RE and its contribution to other SIPS lifecycle process areas. We retrieved 6914 studies published from 2017 (January 1) until 2023 (December 31) from four academic databases, which we filtered down to 280 relevant primary studies.

Results:
We identified and categorized the RE-related challenges in regulatory compliance of SIPS and their potential connection to six types of principles and practices addressing challenges. We found that about 13.6% of the primary studies considered the involvement of both software engineers and legal experts in developing principles and practices. About 20.7% of primary studies considered RE in connection to other process areas. Most primary studies focused on a few popular regulation fields (privacy, quality) and application domains (healthcare, software development, avionics). Our results suggest that there can be differences in terms of challenges and involvement of stakeholders across different fields of regulation.

Conclusion:
Our findings highlight the need for an in-depth investigation of stakeholders’ roles, relationships between process areas, and specific challenges for distinct regulatory fields to guide research and practice.


YSO-asiasanatohjelmistotuotantovaatimusmäärittelytohjelmistosuunnittelu (tietotekniikka)ohjelmistokehittäjätohjelmistoala

Vapaat asiasanatrequirements engineering: software engineering; secondary research; regulatory requirements engineering; regulatory compliance; compliance requirements; software compliance


Liittyvät organisaatiot


OKM-raportointiKyllä

VIRTA-lähetysvuosi2024

Alustava JUFO-taso3


Viimeisin päivitys 2024-30-11 klo 20:25