Legal compliance audit based on an intermediate model |
During our practice we have developed a suitable solution to handle legal compliance of information systems or products. We call this solution "legal compliance audit based on an intermediate model". The core of our approach is that the legal compliance of a system or product is observed through an abstract intermediate functional model, which is suitable to represent both he particular technical reality and the legal requirements. It is always hard to apply legal requirements directly to information systems and products or control the fulfillment of these requirements without facing severe ambiguities. The reason for this we can find mainly in the distance between the general wording of legal requirements and the particular configuration of an information system or product. In spite of this usually big distance in practice it is not allowed to circumvent the problem, because it is necessary to find a clear answer whether a particular system or product complies to regulatory requirements or not. With our methodology it is always possible to give a clear answer.
|