The Service and Process Governance research group (SPG) is active in quality management for more than 15 years and aims at providing process-centric solutions & technologies to support organisational transformation in the context of Governance, Risk Management and Compliance (GRC) challenges.
Main expertise fields
- Engineering of process, system and product that fulfil quality requirements
- esign and implementation of Privacy and Data Protection solutions
- Compliance assessment (such as: GDPR, IT Service Management, procurement…)
The SPG’s research and innovation activities are all motivated by the following underlying challenges:
- Goal and risk-based modelling: How to structure expected quality requirements to allow quality engineering and evaluation?
- Privacy by Design: How to operationalize the privacy by design concept to develop privacy-preserving systems and data processing?
- Assessment Automation: How to make process assessment within organisations more efficient and (semi-)automated?
The SPG’s research and innovation activities are focused on the following application fields:
- Data Protection and Privacy
- IT Service Management
- IT Procurement Management
- Electronic Records Management
- Fund Management
- Information Security Management
- Business Continuity Management
- Regulatory compliance
- Standards development
SPG has developed and published a process assessment framework called TIPA and has applied it to the various business domains mentioned above. Notably, SPG successfully transfers the TIPA framework applied to IT service management field in the market. As companion guidance to this application of the TIPA framework, a book called “ITSM Process Assessment supporting ITIL” is also available. And finally, in our commitment to make our framework as efficient as possible we have also developed an IT solution called “TIPA as a Service” or TaaS that supports the deployment of our framework within user organisations.
Currently, the application of the TIPA framework to the General Data Protection Regulation (GDPR) is in the last stage of validation and our privacy assessment framework will be shortly available on the market.
Always in the data protection field, SPG has also supported the national data protection authority by developing a self-assessment tool called “GDPR Compliance Support Tool”, which is freely available on the website of the regulator. This tool enables any organization in Europe to self-assess its compliance against GDPR requirements.
In procurement management field, SPG has developed a software procurement framework, validated through market experiments and transferred to a network of consultants. The framework emphasises the description of the system requirements, including the software qualitative properties (non-functional requirements). A software prototype has been developed alongside the framework to support requirements engineering and multi-criteria multi-stakeholders procurement decision making.
Finally, several key projects are ongoing and will expand our asset portfolio:
- DECEPTICON (FNR Core): Development of methods to automatically recognize, classify and resist Dark Patterns.
- SENTINEL (H2020): Bridging the security, privacy and data protection gap for smaller enterprises in Europe
- BE-GOOD (Interreg NWE): support public organisations in north-west Europe to design and execute their procurement for open-data innovative services
- Barafort B., Mesquida AL., Mas A. (2017) How to Elicit Processes for an ISO-Based Integrated Risk Management Process Reference Model in IT Settings?. In: Stolfa J., Stolfa S., O'Connor R., Messnarz R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2017. Communications in Computer and Information Science, vol 748. Springer, Cham. https://doi.org/10.1007/978-3-319-64218-5_4
- Lourinho R., Almeida R., Mira da Silva M., Pinto P., Barafort B. (2017) Mapping of Enterprise Governance of IT Practices Metamodels. In: Themistocleous M., Morabito V. (eds) Information Systems. EMCIS 2017. Lecture Notes in Business Information Processing, vol 299. Springer, Cham. https://doi.org/10.1007/978-3-319-65930-5_39
- Barafort B., Shrestha A., Cortina S. (2017) The Evolution of the TIPA Framework: Towards the Automation of the Assessment Process in a Design Science Research Project. In: Mas A., Mesquida A., O'Connor R., Rout T., Dorling A. (eds) Software Process Improvement and Capability Determination. SPICE 2017. Communications in Computer and Information Science, vol 770. Springer, Cham. https://doi.org/10.1007/978-3-319-67383-7_9
- Cortina S., Valoggia P., Renault A., Barafort B. (2018) Process Risk Determination Supporting Data Protection Impact Assessment. In: Stamelos I., O'Connor R., Rout T., Dorling A. (eds) Software Process Improvement and Capability Determination. SPICE 2018. Communications in Computer and Information Science, vol 918. Springer, Cham. https://doi.org/10.1007/978-3-030-00623-5_5
- Renault S., Cortina S., Valoggia P. (2018) Designing a Process Assessment Model Based on Multiple Sources - A Procurement Case. In: Larrucea X., Santamaria I., O'Connor R., Messnarz R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2018. Communications in Computer and Information Science, vol 896. Springer, Cham. https://doi.org/10.1007/978-3-319-97925-0_11
- Barafort B., Mesquida A., Mas A., Integrated risk management process assessment model for IT organizations based on ISO 31000 in an ISO multi-standards context, Computer Standards & Interfaces, Volume 60, 2018, Pages 57-66, ISSN 0920-5489, https://doi.org/10.1016/j.csi.2018.04.010.
- Barafort B., Shrestha A., Cortina S., Renault A., A software artefact to support standard-based process assessment: Evolution of the TIPA® framework in a design science research project, Computer Standards & Interfaces, Volume 60, 2018, Pages 37-47, ISSN 0920-5489, https://doi.org/10.1016/j.csi.2018.04.009.
- Turki S., Martin S., Renault S., 2018. BE-GOOD: open data for a smarter society. In Proceedings of the 11th International Conference on Theory and Practice of Electronic Governance (ICEGOV '18). Association for Computing Machinery, New York, NY, USA, 704–705. https://doi.org/10.1145/3209415.3209499
- Turki S., Martin S., Renault S., BE-GOOD: From Open Data to Value Generation, in the 31st International-Business-Information-Management-Association Conference, Milan, Italy, 25-26 april 2018, Innovation Management and Education Excellence through vision 2020, vols iv -vi, ISBN:978-0-9998551-0-2, pp. 2001-2008, 2018
- Cortina S., Valoggia P., Barafort B., Renault A. (2019) Designing a Data Protection Process Assessment Model Based on the GDPR. In: Walker A., O'Connor R., Messnarz R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2019. Communications in Computer and Information Science, vol 1060. Springer, Cham. https://doi.org/10.1007/978-3-030-28005-5_11
- Barafort, B, Mesquida, A‐L, Mas, A. ISO 31000‐based integrated risk management process assessment model for IT organizations. J Softw Evol Proc. 2019; 31:e1984. https://doi.org/10.1002/smr.1984
- Turki S., Martin S., Renault S., Stimulation of open data ecosystems: Learnings from theory and practice, in Open Innovation: Bridging Theory and Practice, vol. 4: Digital Innovation: Harnessing the Value of Open Data, Chapter 2, pp. 41-78, 2019, https://doi.org/10.1142/9789813271647_0002
- Romero M., Guedria W., Panetto H., Barafort B., Towards smart assessment: A metamodel proposal. 14th OTM/IFAC/IFIP International Workshop on Enterprise Integration, Inter-operability and Networking, EI2N 2019, Oct 2019, Kallithea, Rhodes, Greece. pp.12-22, 10.1007/978-3-030-40907-4_3. hal-02329055
- Romero M., Guédria W., Panetto H., Barafort B., Towards a Characterisation of Smart Systems: A Systematic Literature Review, Computers in Industry, Volume 120, 2020, 103224, ISSN 0166-3615, https://doi.org/10.1016/j.compind.2020.103224.
- Romero M., Guedria W., Panetto H., Barafort B., Towards a conceptual framework for smart assessment in organisations. 21st IFAC World Congress, IFAC 2020, Jul 2020, Berlin, Germany. hal-02921981
- Cortina S., Valoggia P. (2020), A LIST model to help companies take advantage of data economy (https://www.list.lu/en/news/a-list-model-to-help-companies-take-advantage-of-data-economy/)
- Marcelo Romero, Wided Guédria, Hervé Panetto, Béatrix Barafort. A proposal for a software tool to perform business process smart assessment in enterprises. 17th IFAC Symposium on Information Control Problems in Manufacturing, INCOM 2021, Jun 2021, Budapest (virtual), Hungary. ⟨hal-03253791⟩