Kähmer, MartinGilliot, MaikeHeinzl, ArminDadam, PeterKirn, StefanLockemann, Peter2019-06-032019-06-032009978-3-88579-245-1https://dl.gi.de/handle/20.500.12116/23217Eliciting non-functional security requirements within a company was one of the major aspects of the SIKOSA project1. Scenarios, such as that of METRO presented in this paper, show how besides a company's internal requirements, customers' preferences also play an important role. However, conflicts between specific customers' privacy policies and those of a company need to be detected and dealt with. To this end we present a policy language that is able to tackle this comparison problem and two tools: An editor tool allowing users to specify their policies in a user-friendly way and a monitoring tool to evaluate und enforce the policies at runtime.enText/Conference Paper1617-5468