Abstract
Compliance management is essential for ensuring that organizational business processes and supporting information systems are in accordance with a set of prescribed requirements originating from laws, regulations, and various legislative or technical documents such as Sarbanes-Oxley Act or ISO 17799. As the violation of such requirements may lead to significant punishment for an organization, compliance management should be supported at the very early stages of business process development. In this paper, we present an integrated approach to compliance management that helps process designers to adhere to compliance requirements relevant for their processes. Firstly, we introduce a conceptual model for specifying compliance requirements originating from various compliance sources. Secondly, we propose a framework for augmenting business processes with reusable fragments to ensure process compliance to certain requirements by design. Furthermore, we discuss the formalization of compliance requirements using mathematical logics and integrate the framework for process reuse with automated software verification tools.
Chapter PDF
Similar content being viewed by others
References
Abouzaid, F., Mullins, J.: A Calculus for Generation, Verification, and Refinement of BPEL Specifications. In: Proc. of the WWV 2007, pp. 43–68 (2007)
Arbab, F.: Reo: A Channel-based Coordination Model for Component Composition. Mathematical Structures in Computer Science 14, 329–366 (2004)
Arbab, F., Koehler, C., Maraikar, Z., Moon, Y., Proenca, J.: Modeling, Testing and Executing Reo Connectors with the Eclipse Coordination Tools. In: Tool Demo Session at FACS 2008 (2008)
Awad, A., Decker, G., Weske, M.: Efficient Compliance Checking using BPMN-Q and Temporal Logic. In: Dumas, M., Reichert, M., Shan, M.-C. (eds.) BPM 2008. LNCS, vol. 5240, pp. 326–341. Springer, Heidelberg (2008)
Changizi, B., Kokash, N., Arbab, F.: A Unified Toolset for Business Process Model Formalization. In: Proc. of the Int. Workshop on Formal Engineering approaches to Software Components and Architectures (FESCA 2010) (2010)
Dwyer, M., Avrunin, G., Corbett, J.: Property Specification Patterns for Finite-State Verification. In: Int. Workshop on Formal Methods on Software Practice, pp. 7–15 (1998)
Fragmento - Fragment-oriented Repository. Online Documentation (2010), http://www.iaas.uni-stuttgart.de/forschung/projects/fragmento/start.htm
Giblin, C., Liu, A., Muller, S., Pfitzmann, B., Zhou, X.: Regulations Expressed As Logical Models. In: Proc of the 18th Int. Annual Conf. on Legal Knowledge and Information Systems (2005)
Gruhn, V., Laue, R.: Specification Patterns for Time-Related Properties. In: 12th Int’l Symposium on Temporal Representation and Reasoning, USA, pp. 198–191 (2005)
Yu, J., Manh, T., Han, J., Jin, Y.: Pattern-Based Property Specification and Verification for Service Composition. In: Aberer, K., Peng, Z., Rundensteiner, E.A., Zhang, Y., Li, X. (eds.) WISE 2006. LNCS, vol. 4255, pp. 156–168. Springer, Heidelberg (2006)
Kokash, N., Arbab, F.: Formal Behavioral Modeling and Compliance Analysis for Service-Oriented Systems. In: de Boer, F.S., Bonsangue, M.M., Madelaine, E. (eds.) FMCO 2008. LNCS, vol. 5751, pp. 21–41. Springer, Heidelberg (2009)
Kokash, N., Krause, C., de Vink, E.: Data-aware design and verification of service composition with Reo and mCRL2. In: Proc. of the SAC 2010. ACM Press, New York (2010)
Eberle, H., Unger, T., Leymann, F.: Process Fragments. In: Proc. of the 17th Int. Conference on Cooperative Information Systems (CoopIS). Springer, Heidelberg (2009)
Liu, Y., Muller, S., Xu, K.: A Static Compliance-Checking Framework for Business Process Models. IBM Systems Journal 46 (2007)
mCRL2 toolset, http://www.mcrl2.org
Namiri, K., Stojanovic, N.: Pattern-based Design and Validation of Business Process Compliance, pp. 59–76. Springer, Heidelberg (2007)
Pnueli, A.: The Temporal Logic of Programs, In: Proc. of the 18th IEEE Symposium on Foundations of Computer Science, Providence, pp. 46–57 (1977)
Probabilistic model checker, http://www.prismmodelchecker.org/
Sadiq, S., Governatori, G., Naimiri, K.: Modeling Control Objectives for Business Process Compliance. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 149–164. Springer, Heidelberg (2007)
Schumm, D., Leymann, F., Ma, Z., Scheibler, T., Strauch, S.: Integrating Compliance into Business Processes: Process Fragments as Reusable Compliance Controls. In: Proc. of the MKWI 2010, Universitätsverlag Göttingen (2010)
Tretmans, J.: Model Based Testing with Labelled Transition Systems. In: Hierons, R.M., Bowen, J.P., Harman, M. (eds.) FORTEST 2008. LNCS, vol. 4949, pp. 1–38. Springer, Heidelberg (2008)
Vardi, M.: Branching vs. Linear Time: Final Showdown. In: Margaria, T., Yi, W. (eds.) TACAS 2001. LNCS, vol. 2031, pp. 1–22. Springer, Heidelberg (2001)
Vereofy model checking tool, http://www.vereofy.de/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Schumm, D., Turetken, O., Kokash, N., Elgammal, A., Leymann, F., van den Heuvel, WJ. (2010). Business Process Compliance through Reusable Units of Compliant Processes. In: Daniel, F., Facca, F.M. (eds) Current Trends in Web Engineering. ICWE 2010. Lecture Notes in Computer Science, vol 6385. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16985-4_29
Download citation
DOI: https://doi.org/10.1007/978-3-642-16985-4_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16984-7
Online ISBN: 978-3-642-16985-4
eBook Packages: Computer ScienceComputer Science (R0)