Towards compliant reference architectures by finding analogies and overlaps in compliance regulations

Business software is subject to a variety of regulations depending on the type of application. For example, software handling of medical records must follow HIPAA; software for financial applications must comply with Sarbanes Oxley, and so on. A close examination of the policies included in those regulations shows that they have analog and common aspects. Analog parts of regulations can be expressed as Semantic Analysis Patterns (SAPs), which can lead to building similar parts in other regulations. Overlapping parts usually correspond to security patterns and can be used to add security to other regulations. If we collect SAPs and security patterns in a catalog we can build reference architectures (RAs) for existing and new regulations. The resultant Compliant RAs (CRAs) can be used as guidelines for building compliant applications.