This paper describes a method for requirements elicitation based on goals for electronic commerce systems in agreement with security and privacy polices of the site. The method integrates the UWA approach [18] with the GBRAM method [3] for developing requirements policies for secure electronic commerce systems. The resulting method has the objective to guarantee that existing security and privacy policies do not become obsolete with the adoption of new functionalities to a site. For this purpose, the method provides means so that requirements elicitation is in conformity with other ones. In case organizations have not established its policies, the proposed approach suggests models through which it is possible the creation of such policies. The method still presents a model for requirements specification document in agreement with the approach described in this work. It seeks to establish a standard to specify software requirements to be useful for the development teams, in an attempt ...