[isabelle] postdoc position on compliance


Compliance with contractual, legal and business rules
Formal approach and application to privacy and security

INRIA  Grenoble  France

formal specification, privacy, security, legal rule, contract, compliance, model, monitoring, accountability, traceability, liability, audit, organization, enterprise, business

Compliance with legal, contractual, business or organizational rules is becoming a serious concern for companies because regulatory requirements are increasingly complex and numerous. Companies have to adapt their internal organization to ensure that they comply with a variety of rules related to privacy, accountability, security, duty of information, quality, etc. They may be subject to independent audits and, in some cases, executive or employees may be liable for breaches of the rules. Software tools can be devised to help companies minimizing the risks of breaches but several challenges need to be met in order to provide solutions that are effectively usable: first, the rules (which are originally expressed in natural or legal language) have to be defined precisely; the system to implement them must be user-friendly and self-explanatory because typical users don't necessarily have specific legal background; appropriate mechanisms should be put in place to ensure accountability; last but not least, the system must be flexible and consistent with the internal organization of the company (business process, share of
roles and responsibilities, etc.).
The first phase of the postdoc project is the specification of legal and contractual rules as well as organizational constraints using formal and semi-formal methods. Depending on the results of the first phase, a compliance enforcement and monitoring system may be proposed in a second phase, based on the formal and semi-formal specifications. Emphasis will be put on the enforcement of privacy and security rules. This project is part of a larger multidisciplinary initiative launched in 2008 to foster interactions between computer scientists and lawyers. In this context, the postdoc researcher will have the opportunity to interact with a variety of partners involving, in addition to computer scientists,
actors of the security industry and lawyers.

At least one year (to start as soon as possible)

Minimal knowledge and motivation for formal and semi-formal methods in the general sense (formal specification, verification, software design, model design, etc.) and their application to concrete problems. Some knowledge in privacy or security would also be appreciated but is not
a pre-requisite for the position.

Grenoble, capital of the French Alps, and one of the most active areas in Europe for research in Information and Communication Technologies. Inria is the French National Institute for Research in Computer Science and Control. Created in December 1992, the Inria Rhône-Alpes research unit hosts about 600 people, including about 150 researchers and the same number of
PhD students.


Candidates should send a resume to: Daniel dot Le-Metayer at inrialpes dot fr

This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.