Semantically enabled applications - a case study in regulatory compliance

Abstract

The Semantic Web is becoming increasingly important for information systems and significant progress has been made in recent years in developing new ideas and tools. As the demand for semantically enabled applications increases, a diverse range of semantic web technologies (SWT) have emerged with the purpose of supporting the development of more intelligent information systems. The evolution and emergence of SWT is mostly fragmented lacking solution blueprints and guidance for organizations in the pathway of adopting SWT to address pragmatic problems. As a result, a majority of the semantically enabled applications in production and development are confined in smaller and trivial use cases. Operations in a controlled and simulated environment are often assumed. In this thesis, we focused on the study of novel semantic-based techniques and tools for addressing the current challenges and needs in domain of Regulatory Compliance Auditing. Regulatory Compliance Auditing involves many pragmatic use cases with effect on broad range of important actors in organizations. These problems could be solved and supported by SWT. For example, if SWT are used to model regulatory policies that relates to the regulations, it would make it simpler and easier for organizations and legislators to add, delete, modify and manage regulations while facilitating audits in an efficient manner. Adopting SWT in Regulatory Compliance Auditing is not without challenges. We have identified and then proposed solutions to address the challenges and issues. Solutions materialized from this thesis include a Semantic-based Reasoning Framework (SemRRF) and an Ontology-based Robust Production System (OntoRPS) that involves SWT such as Ontologies, Semantic-based Rules, Fuzzy Logic and Production Systems. Furthermore, we have described and demonstrated the generic usage and real world application of our proposed semantic-based solution by implementing SemRRF and OntoRPS and presenting a case study for addressing IT security compliance. We aim to use our studies in the Regulatory Compliance Auditing domain as solution guidance for organizations with plans to adopt SWT on more pragmatic, complex and important real-world problems. Another objective is to pioneer research on semantic-based approach to the ubiquitous Regulatory Compliance problems.