Modelling Off-the-Shelf Information Systems Requirements: An Ontological Approach

Requirements for choosing off-the-shelf information systems (OISR) differ from requirements for development of new information systems in that they do not necessarily provide complete specifications, thus allowing flexibility in matching an existing IS to the stated needs. We present a framework for OISR conceptual models that consists of four essential elements: business processes, business rules, information objects and required system services. We formalise the definitions of these concepts based on an ontological model. The ontology-based OISR model provides a framework to evaluate modelling languages on how appropriate they are for OISR requirements specifications. The evaluation framework is applied to the Object-Process Methodology, and its results are compared with a similar evaluation of ARIS. This comparison demonstrates the effectiveness of the ontological framework for evaluating modelling tools on how well they can guide selection, implementation and integration of purchased software packages.     

Requirements Reuse for Improving Information Systems Security: A Practitioner’s Approach

Information systems security issues have usually been considered only after the system has been developed completely, and rarely during its design, coding, testing or deployment. However, the advisability of considering security from the very beginning of the system development has recently begun to be appreciated, and in particular in the system requirements specification phase. We present a practical method to elicit and specify the system and software requirements, including a repository containing reusable requirements, a spiral process model, and a set of requirements documents templates. In this paper, this method is focused on the security of information systems and, thus, the reusable requirements repository contains all the requirements taken from MAGERIT, the Spanish public administration risk analysis and management method, which conforms to ISO 15408, Common Criteria Framework. Any information system including these security requirements must therefore pass a risk analysis and management study performed with MAGERIT. The requirements specification templates are hierarchically structured and are based on IEEE standards. Finally, we show a case study in a system of our regional administration aimed at managing state subsidies.     

Negotiating and Understanding Information Systems Requirements: The Use of Set Diagrams

A major contributor to the failure of information technology-based systems is the problem of understanding user or customer requirements in the initial analysis and requirements identification stage of development. This paper identifies and describes an approach to help overcome some of these problems, particularly the mismatch or understanding gap between the customer and the developer. The approach is intended to be used at the early stages of requirement determination and introduces techniques from operational research into the process. In particular set theory and Venn diagrams are used as a way of graphically representing the relationships and gaps in understanding that may exist. The benefit obtained from the use of the technique is partly in the graphical representations themselves but mainly in the dialogue and negotiation that result from the construction of the diagrams. The technique has been developed in a research study of retail organisations’ use of information technology in the UK and an example case study from the sector is used to illustrate and discuss the technique.     

Tracing Requirements Errors to Problems in the Requirements Engineering Process

A case study of requirements engineering practice is reported. The application, a decision support system for the Greek Ministry of Health, was investigated by studying the process of requirements analysis through to design and implementation. A usability analysis was then conducted on the designed system with the users. Several usability problems were discovered, and interviews uncovered further problems with the system that could be attributed to failure in requirements engineering (RE). Even though requirements were explicitly stated and the system was an evolution from an existing legacy system, functionality was defective and usability was poor. The client’s prime concern for redeveloping the system was to improve usability; unfortunately communications problems in the RE process meant that the developers did not appreciate this. The implications for RE methods and understanding the RE process are discussed.     

Socio-Technical and Soft Approaches to Information Requirements Elicitation in the Post-Methodology Era

The contributors to this special issue focus on socio-technical and soft approaches to information requirements elicitation and systems development. They represent a growing body of research and practice in this field. This review presents an overview and analysis of the salient themes within the papers encompassing their common underlying framework, the methodologies and tools and techniques presented, the organisational situations in which they are deployed and the issues they seek to address. It will be argued in the review that the contributions to this special edition exemplify the ‘post-methodological era’ and the ‘contingency approaches’ from which it is formed.     

Specifications in Context: Stakeholders, Systems and Modelling of Conflict

This paper looks from an ethnographic viewpoint at the case of two information systems in a multinational engineering consultancy. It proposes using the rich findings from ethnographic analysis during requirements discovery. The paper shows how context – organisational and social – can be taken into account during an information system development process. Socio-technical approaches are holistic in nature and provide opportunities to produce information systems utilising social science insights, computer science technical competence and psychological approaches. These approaches provide fact-finding methods that are appropriate to system participants’ and organisational stakeholders’ needs.  The paper recommends a method of modelling that results in a computerised information system data model that reflects the conflicting and competing data and multiple perspectives of participants and stakeholders, and that improves interactivity and conflict management.     

Patterns Approach to Product Information Systems Engineering

This paper deals with the application of the pattern approach to product information systems (PIS) engineering. Two kind of patterns are distinguished: business patterns used for specification and providing solutions for application field problems, and software patterns used for implementation and providing solutions for technical problems (software). Particular attention is given to identifying and specifying different business patterns. The main focus is on the activity of design for reuse, i.e. discovery of business patterns and their integration in a pattern catalogue. The first step consisted of a field analysis providing a common terminology and a semantic of the principal concepts managed in PIS and proposing various models to fix these concepts. It forms a basis for exploring the problems frequently occurring during PIS specification. A pattern catalogue is then proposed to solve the identified problems.     

People, Information Systems and Change

Information systems are the glue between people and computers. Both the social and business environments are in a continual, some might say chaotic, state of change while computer hardware continues to double its performance about every 18 months. This presents a major challenge for information system developers.  The term user-friendly is an old one, but one which has come to take on a multitude of meanings. However, in today’s context we might well take a user-friendly system to be one where the technology fits the user’s cognitive models of the activity in hand. This article looks at the relationship between information systems and the changing demands of their users as the underlying theme for the current issue of Cognition, Technology and Work.  People, both as individuals and organisations, change. The functionalist viewpoint, which attempts to freeze and inhibit such change, has failed systems developers on numerous occasions. Responding to, and building on, change in the social environment is still a significant research issue for information systems specialists who need to be able to create living information systems.     

A Tool to Support Collaborative Software Requirements Management

The system requirements specification (SRS) is a highly dynamic document that grows and evolves throughout a software development project, and it is critical that it be carefully engineered and managed. Because the SRS fulfils many roles and is of interest to a diversity of stakeholders, its management should be a collaborative process supported by an automated tool. Commercial requirements management tools are at present insufficiently versatile to support collaboration between a multidisciplinary and potentially distributed team of stakeholders. The requirements for such a collaborative tool are herein presented, alongside the design of a prototype and the findings of its application in a case study.     

Information Systems Curricula Evaluated by a Method Engineering Framework

Method engineering (ME) deals with the selection and assembly of situation-specific methods for information systems development. In this paper we use ME with a somewhat unusual perspective, that is, an educational one. We introduce a procedure for the evaluation of information systems curricula within an ME framework. Using this approach it is possible to quantitatively characterise and compare information systems curricula, showing their relative strengths and weaknesses. As an example we evaluate three model curricula (IS’90, IS’97 and ISCC’99) and analyse their differences and similarities.     

An Experimental Investigation into the Effectiveness of OOA for Specifying Requirements

The application of object oriented concepts (OO) to the requirements phase of information systems (IS) and software development has been adopted by many proponents of IS and software development methodologies. Although many claims have been made about the effectiveness of OO techniques for improving requirements analysis, very few experimental studies have been done to substantiate these claims. This paper addresses this gap in the literature by conducting an experimental study that attempts to validate the effectiveness of object-oriented analysis (OOA) by comparing it to structured analysis (SA) for producing requirements. We argue that the quality of the requirements specification can be measured and that measurement can be used to compare the effectiveness of OOA and SA. We present an overview of the basic models and principles associated with OOA and SA, a discussion of quality in requirements definition, and a detailed discussion of the research methodology used. A review of relevant research is also presented and directions for further research are suggested. Our findings suggest that the OOA methodology does not necessarily produce better requirements statements.     

Requirements Management: A Cinderella Story

Why do the business requirements and the final software product often have little in common? Why are stakeholders, developers and managers reluctant to embrace a full requirements process? Why does everybody say, ‘We don’t have time for requirements’? Why is the potentially most beneficial part of the development process ignored or short-changed?  Following are some observations about why the real requirements for the product often go undiscovered. We will address this by focusing on the different concerns of the people involved in requirements.     

Practical Experience with Viewpoint-Oriented Requirements Specification

The notion of viewpoints as a means of eliciting and formulating requirements is now well known. However, there is little practical evidence that viewpoint-based requirements methods scale up to address real problems. This paper presents a detailed case study based on a medium-sized system, and illustrates how a viewpoint-based requirements method can be used to structure and specify system requirements. The case study is intended to serve two purposes: first, to demonstrate the scalability of viewpoint-based requirements methods; and second, to act as a shared example for other researchers in the field to test their techniques and methods. The case study is based on an electronic document delivery and interchange system (EDDIS). The requirements are presented as they appeared in the original user requirements document. The paper concludes by outlining the lessons learnt in applying VORD to EDDIS, and proposes a set of 10 comparators that other researchers can use to compare their approaches and techniques.     

An Approach to Security Requirements Engineering for a High Assurance System*

Requirements specifications for high-assurance secure systems are rare in the open literature. This paper examines the development of a requirements document for a multilevel secure system that must meet stringent assurance and evaluation requirements. The system is designed to be secure, yet combines popular commercial components with specialised high-assurance ones. Functional and non-functional requirements pertinent to security are discussed. A multidimensional threat model is presented. The threat model accounts for the developmental and operational phases of system evolution and for each phase accounts for both physical and non-physical threats. We describe our team-based method for developing a requirements document and relate that process to techniques in requirements engineering. The system requirements document presented provides a calibration point for future security requirements engineering techniques intended to meet both functional and assurance goals. RID="*" ID="*"The views expressed in this paper are those of the authors and should not be construed to reflect those of their employers or the Department of Defense. This work was supported in part by the MSHN project of the DARPA/ITO Quorum programme and by the MYSEA project of the DARPA/ATO CHATS programme. Correspondence and offprint requests to: T. Levin, Department of Computer Science, Naval Postgraduate School, Monterey, CA 93943-5118, USA. Tel.: +1 831 656 2339; Fax: +1 831 656 2814; Email: levin@nps.navy.mil     

A Method for Extracting and Stating Software Requirements that a User Interface Prototype Contains

User interface and requirements prototyping is a requirements elicitation technique. A user interface and requirements prototype is built during the requirements engineering phase of a software system development. Along with the user interface prototype are produced various documents such as the system requirement specification. When a prototype and other documents exist, they may not describe the same functionality, particularly because there may be behaviour of the prototype, artefacts of prototyping, that may not be intended. The problem is that in later development stages, when there is a prototype and other documents, it is often difficult to reconcile the difference between the prototype and the other documents. This paper presents an approach for avoiding this difficulty. It demonstrates the approach by showing its application to parts of a real software development.     

A Qualitative Scenario Approach to Managing Evolving Requirements

In this paper, we argue that information systems requirements are inherently dynamic, and that a methodology that caters for such dynamicity must enable the evaluation of requirements, as they evolve, against dynamic contexts. Moreover, information systems contexts are soft, ambiguous, and are thus mainly characterised by qualitative data. We present an analytical technique, based on the grounded theory method for developing qualitative scenarios against which statements of requirements can be evaluated.     

Requirements Engineering, Soft Systems Methodology and Workforce Empowerment

The fidelity and practicality of using soft systems methodology (SSM) to empower the workforce such that its members can make a fuller contribution to the requirements engineering process is critically analysed. The detailed analysis is carried out by using a (critical) philosophical approach to develop an interpretation of (some key aspects of) requirements engineering practice in actual information systems development situations, utilising a number of practical requirements engineering studies. This analysis is built upon to explain the relationship between requirements engineering, SSM and workforce empowerment. It is concluded that, by maintaining critically focused attention on the economic context, it is theoretically possible to engineer requirements for information systems that would actually empower the workforce. However, the likelihood of using SSM successfully for this purpose is low, as the economic context in which requirements engineering takes place is largely ignored by the SSM advocates.     

Preventing Requirement Defects: An Experiment in Process Improvement

Inadequate requirements cause many problems in software products. This paper reports on an experiment to reduce the number of requirement defects. We analysed the present defects in a real-life product and estimated the likely effect of 44 prevention techniques. We had hoped a novel combination of techniques would come up, but the best approach was quite well known, although new to the company: study the user tasks better, make early prototypes of the user interface, and test them for usability. This approach was tried out in a new development project in the same company. Due to the new approach, there was no doubt about requirements during programming, and as a result it became the first project in the company that was completed on time and without stress. Usability was drastically improved, and as a result the product sold twice as many units as similar products, and at twice the unit price.     

Requirements Engineering and Technology Transfer: Obstacles, Incentives and Improvement Agenda

For many years, research results in requirements engineering (RE) have been developed without much interaction with, or impact on, industrial practice. Why is it so difficult to introduce RE research results into mainstream RE practice? This paper attempts to provide answers to this question by describing obstacles that researchers and practitioners have encountered when they attempted technology transfer. In addition, major incentives for using RE methods are discussed, along with ideas for improving current RE practice. The paper summarises, clarifies and extends the results of two panel discussions, one at the Twelfth Conference on Advanced information Systems Engineering (CAiSE’00) and the other at the Fourth IEEE Conference on Requirements Engineering (ICRE’00).     

Workflow Requirements Modelling Using XML

When modelling inter-organisational workflow it is important not to make assumptions such as with regard to the formats of the data exchanged between the workflow participants or the technical infrastructures and platforms, as they can restrict the range of possible workflow management implementations. The approach presented in this paper allows for the conceptual modelling of workflow processes using primitive constructs such as nodes, rules and business documents. The paper presents both a graphical notation for modelling workflows as well as a mapping of the workflow constructs to XML models that follows the Workflow Management Coalition interoperability standards. This allows the modelled workflow to be interpreted and executed by a variety of workflow engines.