Distributed aspect-oriented service composition for business compliance governance with public service processes

Service-Oriented Architecture (SOA) offers a technical foundation for Enterprise Application Integration and business collaboration through service-based business components. With increasing process outsourcing and cloud computing, enterprises need process-level integration and collaboration (process-oriented) to quickly launch new business processes for new customers and products. However, business processes that cross organisations’ compliance regulation boundaries are still unaddressed. We introduce a distributed aspect-oriented service composition approach, which enables multiple process clients hot-plugging their business compliance models (business rules, fault handling policy, and execution monitor) to BPEL business processes

Auditing business process compliance

Compliance issues impose significant management and reporting requirements upon organizations.We present an approach to enhance business process modeling notations with the capability to detect and resolve many broad compliance related issues. We provide a semantic characterization of a minimal revision strategy that helps us obtain compliant process models from models that might be initially non-compliant, in a manner that accommodates the structural and semantic dimensions of parsimoniously annotated process models. We also provide a heuristic approach to compliance resolution using a notion of compliance patterns. This allows us to partially automate compliance resolution, leading to reduced levels of analyst involvement and improved decision support

Monitoring Business Process Compliance Using Compliance Rule Graphs

Driven by recent trends, effective compliance control has become a crucial success factor for companies nowadays. In this context, compliance monitoring is considered an important building block to support business process compliance. Key to the practical application of a monitoring framework will be its ability to reveal and pinpoint violations of imposed compliance rules that occur during process execution. In this context, we propose a compliance monitoring framework that tackles three major challenges. As a compliance rule can become activated multiple times within a process execution, monitoring only its overall enforcement can be insufficient to assess and deal with compliance violations. Therefore, our approach enables to monitor each activation of a compliance rule individually. In case of violations, we are able to derive the particular root cause, which is helpful to apply specific remedy strategies. Even if a rule activation is not yet violated, the framework can provide assistance in proactively enforcing compliance by deriving measures to render the rule activation satisfied

IUPC: Identification and Unification of Process Constraints

Business Process Compliance (BPC) has gained significant momentum in research and practice during the last years. Although many approaches address BPC, they mostly assume the existence of some kind of unified base of process constraints and focus on their verification over the business processes. However, it remains unclear how such an inte- grated process constraint base can be built up, even though this con- stitutes the essential prerequisite for all further compliance checks. In addition, the heterogeneity of process constraints has been neglected so far. Without identification and separation of process constraints from domain rules as well as unification of process constraints, the success- ful IT support of BPC will not be possible. In this technical report we introduce a unified representation framework that enables the identifica- tion of process constraints from domain rules and their later unification within a process constraint base. Separating process constraints from domain rules can lead to significant reduction of compliance checking effort. Unification enables consistency checks and optimizations as well as maintenance and evolution of the constraint base on the other side.Comment: 13 pages, 4 figures, technical repor

Towards a comprehensive design-time compliance management:A roadmap

Today’s business climate demands business processes to meet many compliance regulations that require all enterprises to review their processes and ensure that they satisfy the set of relevant compliance requirements. Compliance management should be considered from the very early stages of business process design, thus achieving compliance by design. In this paper, we give a brief overview of an approach for managing business process compliance during design-time phase of business process lifecycle. We also discuss the roadmap for the key components and their relationship for a comprehensive design-time compliance support

Visually Monitoring Multiple Perspectives of Business Process Compliance

A challenge for any enterprise is to ensure conformance of its business processes with imposed compliance rules. The latter may constrain multiple perspectives of a business process, including control flow, data, time, resources, and interactions with business partners. However, business process compliance cannot completely be decided at design time, but needs to be monitored during run time as well. This paper introduces a comprehensive framework for visually monitoring business process compliance. As opposed to existing approaches, the framework supports the visual monitoring of all relevant process perspectives based on the extended Compliance Rule Graph (eCRG) language. Furthermore, it not only allows detecting compliance violations, but visually highlights their causes as well. Finally, the framework assists users in monitoring business process compliance and ensuring a compliant continuation of their running business processes

Towards Visually Monitoring Multiple Perspectives of Business Process Compliance

A challenge for enterprises is to ensure conformance of their business processes with imposed compliance rules. Usually, the latter may constrain multiple perspectives of a business process, including control flow, data, time, resources, and interactions with business partners. Like in process modeling, visual languages for specifying compliance rules have been proposed. However, business process compliance cannot be completely decided at design time, but needs to be monitored during run time as well. This paper introduces an approach for visually monitoring business process compliance. In particular, this approach covers all relevant process perspectives. Furthermore, compliance violations cannot only be detected, but also be visually highlighted emphasizing their causes. Finally, the approach assists users in ensuring compliant continuations of a running business process

Enabling Multi-Perspective Business Process Compliance

A particular challenge for any enterprise is to ensure that its business processes conform with compliance rules, i.e., semantic constraints on the multiple perspectives of the business processes. Compliance rules stem, for example, from legal regulations, corporate best practices, domain-specific guidelines, and industrial standards. In general, compliance rules are multi-perspective, i.e., they not only restrict the process behavior (i.e. control flow), but may refer to other process perspectives (e.g. time, data, and resources) and the interactions (i.e. message exchanges) of a business process with other processes as well. The aim of this thesis is to improve the specification and verification of multi-perspective process compliance based on three contributions: 1. The extended Compliance Rule Graph (eCRG) language, which enables the visual modeling of multi-perspective compliance rules. Besides control flow, the latter may refer to the time, data, resource, and interaction perspectives of a business process. 2. A framework for multi-perspective monitoring of the compliance of running processes with a given set of eCRG compliance rules. 3. Techniques for verifying business process compliance with respect to the interaction perspective. In particular, we consider compliance verification for cross-organizational business processes, for which solely incomplete process knowledge is available. All contributions were thoroughly evaluated through proof-of-concept prototypes, case studies, empirical studies, and systematic comparisons with related works

Exploring Features of a Full-Coverage Integrated Solution for Business Process Compliance

The last few years have seen the introduction of several techniques for automatically tackling some aspects of compliance checking between business processes and business rules. Some of them are quite robust and mature and are provided with software support that partially or fully implement them. However, as far as we know there is not yet a tool that provides for the complete management of business process compliance in the whole lifecycle of business processes. The goal of this paper is to move towards an integrated business process compliance management system (BPCMS) on the basis of current literature and existing support. For this purpose, we present a description of some compliance-related features such a system should have in order to provide full coverage of the business process lifecycle, from compliance aware business process design to the audit process. Hints about what existing approaches can fit in each feature and challenges for future work are also provided