Bridging Compliance and Requirements Engineering: A Design Science study in a safety critical organization
How can a safety critical organisation turn regulatory duties into clear, testable engineering work? This study maps handover gaps between compliance and requirements management and designs a practical, traceable way to make compliance part of daily development.
Adriano Silva, 2025
Art der Arbeit Bachelor Thesis
Auftraggebende Skyguide Swiss Air Navigation
Betreuende Dozierende Giovanoli, Aline
Views: 4
The client is a safety critical organisation in Europe. Regulations are recorded in a corporate compliance tool, while engineering manages requirements in a separate lifecycle tool. Different vocabularies and manual handovers by email and spreadsheets cause broken traceability, unclear ownership and audit risk. This summary omits names and tool brands and focuses on general findings and a generic solution.
The study follows Design Science Research. A qualitative single case combined semi structured interviews across compliance and engineering with analysis of internal procedures and tool documentation. Transcripts were summarised and thematically analysed to derive design requirements. The resulting artefact specifies roles, workflow and digital links between the compliance tool and the requirements tool.
Findings show recurring gaps in terminology, tool integration, traceability, ownership, training and process structure. Today obligations often reach engineering late, links to tests and evidence are lost, and no single owner follows items end to end. The proposed framework addresses this with five measures: 1) a shared glossary in the requirements tool to unify language; 2) digital linking so entries in the compliance tool create requirement placeholders and live traceability to tests and Means of Evidence; 3) a trained compliance liaison per project with duties written in job descriptions; 4) hands on cross training and periodic refreshers for both teams; and 5) early impact assessments and checkpoints at key lifecycle stages. Near term, a named liaison, a standard handover template and tags for regulatory items deliver quick wins. Medium term, an interface keeps both tools in sync and dashboards show coverage. Expected impact: faster change analysis, fewer audit surprises, less rework and a stronger culture of shared responsibility.
Studiengang: Business Administration International Management (Bachelor)
Keywords Compliance, Requirements Engineering
Vertraulichkeit: vertraulich