Information requirements for enterprise systems

In this paper, we discuss an approach to system requirements engineering, which is based on using models of the responsibilities assigned to agents in a multi-agency system of systems. The responsibility models serve as a basis for identifying the stakeholders that should be considered in establishing the requirements and provide a basis for a structured approach, described here, for information requirements elicitation. We illustrate this approach using a case study drawn from civil emergency management.

💡 Research Summary

The paper proposes a novel requirements‑engineering approach that places responsibility modeling at its core, targeting enterprise‑wide, multi‑agency systems of systems (SoS). Traditional functional‑oriented methods often fail to capture the intricate information flows and stakeholder interdependencies that arise when several autonomous organizations must cooperate to achieve a common goal. To address this gap, the authors introduce a “responsibility model” that explicitly records what each agent (e.g., department, organization, or individual) is accountable for, under what conditions, and at which points in time. By mapping responsibilities to the data they consume, produce, and transform, the model creates a direct traceability link between organizational duties and information requirements.

The methodology unfolds in five structured steps. First, responsibilities are elicited through interviews, workshops, and document analysis, producing a comprehensive list of duties across the SoS. Second, the inter‑responsibility relationships—such as dependencies, collaborations, and transfers—are visualized, often as a directed graph, to reveal how duties shift among agents. Third, for each responsibility the required inputs and expected outputs are defined, together with quality attributes (accuracy, timeliness, security, etc.) that the data must satisfy. Fourth, the roles of data owners, providers, and consumers are distinguished, establishing clear governance boundaries and supporting privacy or compliance policies. Finally, the derived information flows are instantiated in realistic operational scenarios and validated through simulation or walkthroughs, ensuring completeness and consistency.

The authors demonstrate the approach with a case study drawn from civil emergency management. In a disaster response context, police, fire services, medical teams, and local authorities must coordinate in real time. By constructing a responsibility model for this environment, the authors uncover several information requirements that were absent from the original functional specifications: (1) real‑time transmission of field situation reports with latency under two seconds, standardized formats, and encryption; (2) strict handling of victim personal data following the principle of minimum necessary disclosure, complete with audit logging; and (3) up‑to‑date statistical inputs (e.g., damage estimates, population density) required for priority‑based resource allocation, refreshed at least every ten minutes. Moreover, the responsibility‑transfer analysis highlights a potential data‑loss risk when reporting responsibility moves from field operatives to regional commanders and finally to a central command center; the authors propose a middleware with replication and buffering to mitigate this risk.

Key advantages of the responsibility‑centric approach are highlighted. By aligning information needs directly with organizational duties, stakeholder identification becomes more transparent, reducing communication overhead and ambiguity. The explicit mapping also enhances change‑impact analysis: when a responsibility is altered, the associated data requirements can be instantly identified, facilitating agile adaptation. Incorporating data quality attributes early in the modeling phase ensures that security, privacy, and performance constraints are baked into system architecture rather than retrofitted. Finally, visualizing responsibility gaps helps policymakers and designers pre‑empt coordination failures that often plague large‑scale, multi‑agency operations.

The paper acknowledges limitations. Building a responsibility model demands substantial domain expertise and upfront effort, which may be costly for organizations with limited resources. As the number of agents and responsibility transfers grows, the model can become complex and harder to maintain without supporting tooling. Additionally, the empirical validation is confined to a single domain; further studies across finance, manufacturing, and logistics are needed to confirm generalizability.

In conclusion, the authors present a robust framework that leverages responsibility modeling to systematically elicit, structure, and validate information requirements for enterprise systems operating in multi‑agency contexts. The case study demonstrates that this method can reveal critical data needs, improve traceability, and support better governance of information assets. Future work is suggested in the areas of automated model generation, integration with existing software development lifecycles, and broader cross‑industry evaluations.