Enhancing Self-Compliance Assessment of Information Systems: A Unified Framework Proposal

This paper delves into the challenges associated with evaluating regulatory compliance within Information Systems (IS). Recognising the urgent need for innovation due to growing regulatory pressure and existing inefficiencies, we advocate for novel compliance assessment methodologies. This research proposes the development of a self-compliance assessment system for IS by combining and extending existing approaches. We illustrate the feasibility of integrating different data-collection approaches on a rule-by-rule basis within a compliance assessment framework. We present a case study applying a functional framework to a medical device software by using two modalities: autogenerated questionnaires and user-generated schema evaluated using SPARQL queries and RDF graphs. Our findings highlight the functional capabilities of dynamic approach combinations. Future work will build upon existing research to address specific needs, outlining the advantages, limitations, and requirements of each approach for different stakeholders. Additionally, experimentation with multiple standards will be conducted to explore the boundaries and capabilities of various combinations, prioritising usability for all stakeholders involved in the compliance assessment process.