IBM Skip to main content  
     Home  |  IBM Research  |  IBM Switzerland  |  Zurich Research Laboratory

This page is no longer maintained and superseded by an new one. You will be automatically redirected to the new page at http://www.zurich.ibm.com/csc/security/compliance.html.

REALM (Regulations Expressed As Logical Models)

Recent years have seen a number of high-profile incidents of corporate accounting fraud, security violations, terrorist acts, and disruptions of major financial markets. This has lead to a proliferation of new regulations that directly impact businesses. As a result, businesses, in particularly publicly traded companies, face the daunting task of complying with an increasing number of intricate and constantly evolving regulations. Together with the growing complexity of today's enterprises this requires a holistic compliance management approach with the goal of continually increasing automation.

We introduce REALM (Regulations Expressed as Logical Models), a metamodel and method for modeling regulations and managing them in a systematic lifecycle in an enterprise. We formalize regulatory requirements as sets of compliance rules in a novel real-time temporal object logic over concept models in UML2.0, together with metadata for traceability. REALM provides the basis for subsequent model transformations, deployment, and continuous monitoring and enforcement of compliance in real business processes and IT systems.

Publications

Christopher Giblin, Samuel Müller, Birgit Pfitzmann: From Regulatory Policies to Event Monitoring Rules: Towards Model-Driven Compliance Automation ; IBM Research Report RZ 3662, IBM Research Division, Zurich, October, 2006.

Samuel Müller, Birgit Pfitzmann: Compliance Management basierend auf Gesetzesformalisierungen -- Das REALM-Projekt; Tagungsband des 9. Internationalen Rechtsinformatik Symposions (IRIS 2006), Richard Boorberg Verlag, Vienna, 296--302.

Samuel Müller, Birgit Pfitzmann: Effektives Compliance Management; DIGMA -- Zeitschrift für Datenrecht und Informationssicherheit, 6(1):36-39, Schulthess, Zurich, March 2006.

Christopher Giblin, Alice Y Liu, Samuel Müller, Birgit Pfitzmann, Xin Zhou: Regulations Expressed As Logical Models (REALM); Proceedings of the 18th Annual Conference on Legal Knowledge and Information Systems (JURIX 2005), IOS Press, Amsterdam, 37-48.
Preliminary longer version: IBM Research Report RZ 3616, IBM Research Division, Zurich, July 2005.

Public Slides

Christopher Giblin, Alice Y Liu, Samuel Müller, Birgit Pfitzmann, Xin Zhou: Compliance Management basierend auf Gesetzesformalisierungen -- Das REALM-Projekt; presented by Samuel Müller at the Internationales Rechtsinformatik Symposion (IRIS 2006), Vienna, February 17, 2006.

Christopher Giblin, Alice Y Liu, Samuel Müller, Birgit Pfitzmann, Xin Zhou: Regulations Expressed As Logical Models (REALM); presented by Samuel Müller at the 18th Annual Conference on Legal Knowledge and Information Systems (JURIX 2005), Brussels, December 8, 2005.

Christopher Giblin, Alice Y Liu, Samuel Müller, Birgit Pfitzmann, Xin Zhou: REALM -- Regulations Expressed As Logical Models; presented by David Medina at OMG Regulatory Compliance SIG, Boston, June 22, 2005 (slightly corrected version).

Related Work from IBM Risk and Compliance Research

Big picture of Risk and Compliance.

Carl Abrams, Jürg von Känel, Samuel Müller, Birgit Pfitzmann, Susanne Ruschka-Taylor: Optimized Enterprise Risk Management; IBM Research Report RZ 3657, IBM Research Division, Zurich, August 2006. To appear in: Special issue on Compliance Management, IBM Systems Journal 46(2), 2007.

Alice Y. Liu, Samuel Müller, Ke Xu: A Static Compliance Checking Framework for Business Process Models; IBM Research Report RZ 3679, IBM Research Division, Zurich, November 2006. To appear in: Special issue on Compliance Management, IBM Systems Journal 46(2), 2007.

Samuel Müller and Chonawee Supatgiat: Dynamic and Risk-based Compliance Management; IBM Research Report RZ 3656, IBM Research Division, Zurich, August 2006. To appear in: Special issue on Business Optimization, IBM Journal of Research and Development 51(4), 2007.

Samuel Müller: A Dependability Perspective on Enterprise Compliance; IBM Research Report RZ 3667, IBM Research Division, Zurich, Mai 2006.

Qingbo Zhu, Windsor W. Hsu: Fossilized Index: The Linchpin of Trustworthy Non-Alterable Electronic Records; ACM SIGMOD’05, ACM Press, 395-406

Feng Cheng, David Gamarnik, Nitin Jengte, Wanli Min, Bala Ramachandran: Modeling Operational Risks in Business Processes; IBM Research Report RZ 23672, IBM Research Division, Yorktown Heights, July 2005.

Chonawee Supatgiat, Chris Kenyon, Lucas Heusler: Cause-to-Effect Operational Risk Quantification; In Risk Management: an International Journal, 2005.
Preliminary version: IBM Research Report RZ 3599, IBM Research Division, Zurich, April 2005.

Windsor W. Hsu, Shauchi Ong: Fossilization: A Process for Establishing Truly Trustworthy Records; IBM Research Report RJ 10331, IBM Almaden Research Center, 2004.

Last change (hand-set value): Nov. 28, 2006.

































  About IBM  |  Privacy  |  Legal  |  Contact