Process Driven Access Control and Authorisation Approach

Compliance to regulatory requirements is key to successful collaborative business process execution. The review the EU general data protection regulation (GDPR) brought to the fore the need to comply with data privacy. Access control and authorization mechanisms in workflow management systems based on roles, tasks and attributes do not sufficiently address the current complex and dynamic privacy requirements in collaborative business process environments due to diverse policies. This paper proposes process driven authorization as an alternative approach to data access control and authorization where access is granted based on legitimate need to accomplish a task in the business process. Due to vast sources of regulations, a mechanism to derive and validate a composite set of constraints free of conflicts and contradictions is presented. An extended workflow tree language is also presented to support constraint modeling. An industry case Pick and Pack process is used for illustration

Verifying for Compliance to Data Constraints in Collaborative Business Processes.

Production processes are nowadays fragmented across different companies and organized in global collaborative networks. This is the result of the first wave of globalization that, among the various factors, was enabled by the diffusion of Internet-based Information and Communication Technologies (ICTs) at the beginning of the years 2000. The recent wave of new technologies possibly leading to the fourth industrial revolution – the so-called Industry 4.0 – is further multiplying opportunities. Accessing global customers opens great opportunities for organizations, including small and medium enterprises (SMEs), but it requires the ability to adapt to different requirements and conditions, volatile demand patterns and fast-changing technologies. Regardless of the industrial sector, the processes used in an organization must be compliant to rules, standards, laws and regulations. Non-compliance subjects enterprises to litigation and financial fines. Thus, compliance verification is a major concern, not only to keep pace with changing regulations but also to address the rising concerns of security, product and service quality and data privacy. The software, in particular process automation, used must be designed accordingly. In relation to process management, we propose a new way to pro-actively check the compliance of current running business processes using Descriptive Logic and Linear Temporal Logic to describe the constraints related to data. Related algorithms are presented to detect the potential violations

Identification of current IS challenges based on the business/IS alignment model and improving eGovernment services

Information systems (IS) are currently used in various units of the eGovernment sector in order to improve the efficiency, quality, usefulness, rapidity and convenience of their services or products. However, not all governments are able to benefit from the full advantages of IS development due to a lack of alignment between the IS department and other agencies in the eGovernment sector. There is no common framework or model that can be applied globally. Each country develops its own eGovernment programmes based on its needs and other national considerations such as political, economic, cultural and social factors. The literature indicates that eGovernment adoption, uses and development have been considered extensively from the viewpoints of the organization and technical issues. However, there is a need for further investigation to inspect how eGovernment agencies can be aligned so that the efficiency of their services can be improved. A strong alignment not only assists any government in improving the performance of its services, but it also enhances public trust in the government’s services. The concept of alignment is not new, first emerging in the 1970s. Since then, researchers and practitioners have studied the process of alignment in the context of organizational strategic alignment, structural and business goals alignment. This thesis proposes an ideal pattern of alignment for the eGovernment sector in the Kingdom of Saudi Arabia and proposes modelling IS requirements as a suitable solution for strong alignment. The ideal pattern of alignment consists of strategic, structural, social and cultural alignment between the IS department and other agencies in the eGovernment sector. The study uses a mixed (qualitative and quantitative) method approach to validate the proposed ideal pattern of alignment. For the qualitative study, initially the factors affecting the ideal pattern of alignment are extracted from the literature and validated by the eGovernment experts. The qualitative data were collected from 20 eGovernment experts from different eGovernment sectors in the Kingdom of Saudi Arabia. The thematic analysis approach is identified as a suitable approach to analyse qualitative data. For the quantitative study, the questionnaire was posted online and possible participants were contacted in the Saudi ministry. The data were collected from 200 eGovernment users in Saudi Arabia. To analyse the quantitative data, confirmatory factor analysis and structural equation model approaches are used. At the process modelling phase, a case study on patient visits to a healthcare clinic is used to validate the method of modelling IS requirements in the context of eGovernment alignment. The study results indicate: 1) if the eGovernment sector in Saudi Arabia is aligned through this ideal pattern of alignment, improved eGovernment performance and enhanced public trust can be achieved; 2) the eGovernment sector in Saudi Arabia can improve its internal and external relations by focusing on the ideal pattern of alignment; 3) modelling and analysing the government environment have a positive impact on the implementation of IS which meets the needs of the government and consequently positively affects the process of alignment