Analyst-mediated contextualization of regulatory policies

Increasing legislative and regulatory concerns have fueled an interest in effective and efficient tools for managing business process compliance within organizations. In particular, the key challenge is to understand high-level compliance policies in natural language, and interpret them for a particular usage context. These interpreted policies can then be represented in a formal language, and used to (for example) automatically verify compliance of business process executions against these policies. In this paper, we focus on the first part of this problem: interpreting regulatory policies - called contextualization. We employ a natural language parser to extract key phrases from the natural language statements and generate possible interpretations from predefined templates. An analyst chooses interpretations according to the organizational context. These interpretations are then grounded further and represented in a formal language. Via a prototype, we demonstrate our approach on real-life security compliance obligations used within IBM's IT service delivery units. © 2010 IEEE.