Various service markets have the need for deploying business applications that meet the regulatory requirements imposed by applicable government and regulatory authorities. Examples of such regulatory requirements include HIPPA (vis-à-vis healthcare) and SOX (vis-à-vis financial transactions), to name just a couple.
Large organizations involved in businesses subject to regulatory requirements often have departments dedicated to ensuring regulatory compliance. Such departments may perform or participate in audits, as well as update compliance policies and procedures to meet changing regulatory requirements. However, smaller organizations often do not have the resources to dedicate to ensuring regulatory compliance. Still more, recent and expected legislation has expanded regulatory requirements and liability to include even very small entities. For example, even an individual physician with a small practice or even a small-town pharmacy must comply with applicable regulations. The technical challenges of complying with regulatory requirements is increasing day-by-day. As well, so is the extent of government scrutiny to ensure compliance.
Although most of the above-identified entities subject to regulatory compliance cannot cost-effectively dedicate the same resources as that of a large corporate organization, most of these entities nevertheless offer some form of online services that may be subject to such regulations. For example, a physician or pharmacist might offer a web site presence for the convenience of their customers (patients, healthcare providers, etc.), and the web site might facilitate “secure chat” with a physician, or perhaps online registration for tests, and/or viewing of lab reports, etc., and such activities may be subject to many regulations (e.g., HIPPA). In another domain, organizations (even small, single-proprietor organization) that facilitate financial transactions may offer a web site presence for the convenience of their customers (traders, investors, etc.), and related activities may be subject to extensive regulations (e.g., SOX).
Merely requiring such smaller organizations to comply does not address the problems in achieving such compliance. Indeed, there are several barriers facing smaller organizations in developing compliant applications (e.g., web-based applications). More specifically:                The web-based application may not be designed and implemented to achieve 100% compliance in a way to support a showing of compliance in a court of law.        The application or hosting infrastructure may not meet journaling standards needed for compliance.        The application or hosting infrastructure may not implement the necessary security policies to manage or prevent security breaches, loss of data, or other malicious attacks.        
Ad hoc or legacy techniques are deficient, and yet, still more barriers are presented to these organizations in that as new regulations are enacted, and/or as existing regulations are changed, the impact to compliance must be analyzed, further exacerbating the problem.
Some or all of the aforementioned deficiencies in the legacy approaches can be addressed using an automated approach involving techniques to perform automatic deployment of software applications to meet regulatory compliance requirements.