Title :
Supporting Evidence-Based Compliance Evaluation for Partial Business Process Outsourcing Scenarios
Author :
Miseldine, Philip L. ; Flege, Ulrich ; Schaad, Andreas
Author_Institution :
SAP Res., Karlsruhe
Abstract :
We present the challenges facing businesses wishing to outsource processes to service providers who must maintain regulatory compliance via data access control procedures. We argue that it is not currently possible to capture the necessary agreements, and supporting evidence, pertaining to the usage of data a client may send to a service provider. As a result, the richness of evidence and controls a client has available to it reduces when they choose to use an outsourcer, therefore lessening the business value of considering service outsourcing. The paper introduces a model to clarify these issues, which is implemented against a health-care scenario, to show how data usage in an outsourcing scenario can be better captured and controlled.
Keywords :
authorisation; business data processing; outsourcing; data access control; evidence-based compliance evaluation; health-care scenario; partial business process outsourcing scenario; Access control; Concrete; Contracts; Control system synthesis; Data privacy; Electrical equipment industry; Medical services; Outsourcing; Protection; Quality of service;
Conference_Titel :
Requirements Engineering and Law, 2008. RELAW '08.
Conference_Location :
Barcelona, Catalunya
Print_ISBN :
978-1-4244-4085-6
Electronic_ISBN :
978-0-7695-3630-9
DOI :
10.1109/RELAW.2008.9
