Governance Analysis Method – PhD Thesis Waël Hassan

Governance Analysis is a logic-based, computer assisted framework for validating legal compliance of enterprise governance models. This framework is intended to help check whether governance systems are consistent with the law. My approach to Governance Analysis includes legal and enterprise models, a governance analysis method (GAM), a governance analysis language (GAL), and an implemented governance analysis tool (GAT) (see Publications). GAM consists in extracting legal requirements and translating them into GAL statements by using patterns and translating them into a logic model for consistency checking.

The GAM, GAL, and GAT evolved as a result of their application to governance laws related to privacy and financial management. The method’s main processes were validated through application to Canadian and US laws (mainly PIPEDA and Sarbanes-Oxley) combined with various examples taken from enterprise systems.

Governance Analysis begins with an extraction process, which uses patterns to match legal and enterprise requirements. Next, the representation process maps extracted requirements to GAL statements. The generation process takes as input GAL statements to generate a logic model, and the Alloy logic analyser is used to check legal consistency. Three legal compliance validation techniques can then be applied: model, ontology, and scenario checks (see What are the Methods for Validating Legal Compliance?). Model checks validate the combined legal and enterprise requirements for logical consistency; ontology checks validate the enterprise structure and process; and scenario checks validate enterprise scenarios.

These Governance Analysis techniques have proven to be useful not only for identifying conflicts between laws and enterprise governance models, but for identifying the specific scenarios in the enterprise which threaten legal compliance.

De-Identification Maturity Model

Recently I have been working on a formal framework for evaluating the maturity of de-identification services within an organization. The framework gauges the level of an organization’s readiness and experience with respect to de-identification, in terms of people, processes, technologies and consistent measurement practices.
The De-Identification Maturity Model (DMM) is used as a measurement tool and enables the enterprise to implement an empirically-based improvement strategy.

The DMM was published under the auspices of Privacy Analytics, a leader in de-identification technology solution delivery.  Alternatively, the article can be downloaded from DMM Khaled El-Emam & Wael Hassan. Or download a one-page DMM Summary.



An Enterprise Legal Reference Model

We have developed an enterprise reference model used to conceptualize enterprise elements. The model suggests three planes:

  1. Subject and role-grouping plane: In this plane, the subjects are grouped into roles. Roles reflect subject access rights into the processes and activities of the middle plane.
  2. Process and activity plane: Here, processes are organized in a hierarchy which includes activity graphs.
  3. Object plane or data plane: This is the plane of data object identifiers. Objects enclose data.
Governance Analysis Method - Enterprise Reference Model
Enterprise Reference Model

These three planes are connected by mapping from the subject plane to the process plane. Mapping represents a logical association usually indicating right of access, or operating on an object to complete the process. Our method will focus on the top two layers of the reference model, namely the subject and the process layers.

The layers can be described as follows:

Subject plane

The subject plane includes the user groups and their roles. In enterprise governance requirements, a user or a group of users (a role) can be the subject of legal requirements. For example, the privacy or financial officer is a role defined by laws such as PIPEDA and Sarbanes-Oxley (SOX). Role formations are not mandatory, but they are almost pervasive in enterprise definitions. There are numerous references in legal requirements to role groupings.

Process plane

The process plane defines the process workflow. The process flow has the ability to implement process requirements, which are requirements that specify process compositions, in addition to precedence relations between activities. The process plane acts as the intermediary between the subject and object planes. It assists in mapping processes to the object layer. A mapping defines an explicit ‘reachability’ relation from users to activities and to objects. Semantically, a relation between an activity and an object means that the activity has access to an object. Given that there is a strict mapping between objects and activities, we shall consider access to an activity equivalent to object access.

Object plane

The object plane consists of object references. These references can also refer to composite objects. Our method will focus on the top two layers of the reference model, namely, the subject and the process layers.

What is Legal Compliance?


A set of enterprise requirements is considered compliant with the law if the requirements are legally consistent and compliant with respect to the law.



Legal Compliance is about Legal Consistency & Completness
Legal Compliance



The figure above shows the proposed methods for consistency and completeness checking. The square boxes represent the methods, which we have partially presented in the previous post: model consistency check, scenario check, ontology check, and coverage check.

How to withdraw and control my private health information in Ontario?

Consent Management in Ontario

Depending on the type of personal health information (PHI) involved, Ontarians can withdraw consent to the use and disclosure of their PHI by various health information networks.

  1. Calling Service Ontario allows you to:
    Block access to all personal health information used in Ontario labs
  2. Calling Service Ontario – Ministry of Health Info-line, you can ask to:
    Block access to the use of all personal health information:

    1. In the drugs database
    2. Related to a specific drug in the database
  3. Visiting an Ontario lab, you can ask to:
    Block access to the use of all personal health information used:

    1. In Ontario labs
    2. In a specific lab order
  4. Sending a fax to the Drug Programs Branch allows you to:
    Block access to all personal health information:

    1. In the Drugs Database
    2. Related to a particular prescription
    3. Related to a particular drug
  5. Any hospital, clinic, or independent healthcare practitioner should be able to give you a form that you can send to the Service Ontario Ministry of Health info-line.