A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä
Systematic mapping study on requirements engineering for regulatory compliance of software systems (2025)
Kosenkov, O., Elahidoost, P., Gorschek, T., Fischbach, J., Mendez, D., Unterkalmsteiner, M., Fucci, D., & Mohanani, R. (2025). Systematic mapping study on requirements engineering for regulatory compliance of software systems. Information and Software Technology, 178, Article 107622. https://doi.org/10.1016/j.infsof.2024.107622
JYU-tekijät tai -toimittajat
Julkaisun tiedot
Julkaisun kaikki tekijät tai toimittajat: Kosenkov, Oleksandr; Elahidoost, Parisa; Gorschek, Tony; Fischbach, Jannik; Mendez, Daniel; Unterkalmsteiner, Michael; Fucci, Davide; Mohanani, Rahul
Lehti tai sarja: Information and Software Technology
ISSN: 0950-5849
eISSN: 1873-6025
Julkaisuvuosi: 2025
Volyymi: 178
Artikkelinumero: 107622
Kustantaja: Elsevier
Julkaisumaa: Britannia
Julkaisun kieli: englanti
DOI: https://doi.org/10.1016/j.infsof.2024.107622
Julkaisun avoin saatavuus: Ei avoin
Julkaisukanavan avoin saatavuus:
Tiivistelmä
As the diversity and complexity of regulations affecting Software-Intensive Products and Services (SIPS) is increasing, software engineers need to address the growing regulatory scrutiny. We argue that, as with any other non-negotiable requirements, SIPS compliance should be addressed early in SIPS engineering—i.e., during requirements engineering (RE).
Objectives:
In the conditions of the expanding regulatory landscape, existing research offers scattered insights into regulatory compliance of SIPS. This study addresses the pressing need for a structured overview of the state of the art in software RE and its contribution to regulatory compliance of SIPS.
Method:
We conducted a systematic mapping study to provide an overview of the current state of research regarding challenges, principles, and practices for regulatory compliance of SIPS related to RE. We focused on the role of RE and its contribution to other SIPS lifecycle process areas. We retrieved 6914 studies published from 2017 (January 1) until 2023 (December 31) from four academic databases, which we filtered down to 280 relevant primary studies.
Results:
We identified and categorized the RE-related challenges in regulatory compliance of SIPS and their potential connection to six types of principles and practices addressing challenges. We found that about 13.6% of the primary studies considered the involvement of both software engineers and legal experts in developing principles and practices. About 20.7% of primary studies considered RE in connection to other process areas. Most primary studies focused on a few popular regulation fields (privacy, quality) and application domains (healthcare, software development, avionics). Our results suggest that there can be differences in terms of challenges and involvement of stakeholders across different fields of regulation.
Conclusion:
Our findings highlight the need for an in-depth investigation of stakeholders’ roles, relationships between process areas, and specific challenges for distinct regulatory fields to guide research and practice.
YSO-asiasanat: ohjelmistotuotanto; vaatimusmäärittelyt; ohjelmistosuunnittelu (tietotekniikka); ohjelmistokehittäjät; ohjelmistoala
Vapaat asiasanat: requirements engineering: software engineering; secondary research; regulatory requirements engineering; regulatory compliance; compliance requirements; software compliance
Liittyvät organisaatiot
OKM-raportointi: Kyllä
VIRTA-lähetysvuosi: 2024
Alustava JUFO-taso: 3