Developing an ontology on information governance using description logic

Abstract

Currently, companies have high compliance requirements. Enterprises consult with Subject Matter Experts (SME) on regulatory compliance, for designing suitable compliance solutions, while simultaneously assessing for possible violations. While this is a crucial aspect of Information Governance (IG), this constitutes a complex and financially burdensome challenge, especially for startups or smaller companies. Furthermore, according to recent surveys, approximately 40% of companies are exposed to compliance risks due to insufficient implemented IG measures. To overcome this problem, this thesis introduces an Information Governance Ontology (IGONTO), which implements concepts and knowledge of the IG domain. IGONTO demonstrates how to capture IG knowledge in an ontology together with regulatory requirements, and possible solutions that satisfy regulatory compliance use cases. Moreover, individual architecture solutions are inferred based on regulatory requirements. IGONTO is developed as an aggregation of multiple ontologies, each specific to a sub-domain of the larger IG-domain. These sub-domains represent unique but relevant contexts, with concepts that establish connections between them. We designed IGONTO with a focus on the European General Data Protection Regulation (GDPR) and its regulatory requirements. Validation is performed through SHACL scripts implemented for each domain to ensure consistency. IGONTO’s usefulness is verified by evaluating two use cases that show what companies of different sizes must implement to reach regulatory compliance. The evaluation demonstrates that IGSO can correctly answer SPARQL queries that help identify the necessary compliance measures as required by the 99 articles from GDPR.