92,622 research outputs found
Exploring Features of a Full-Coverage Integrated Solution for Business Process Compliance
The last few years have seen the introduction of several techniques for automatically tackling some aspects of compliance checking between business processes and business rules. Some of them are quite robust and mature and are provided with software support that partially or fully implement them. However, as far as we know there is not yet a tool that provides for the complete management of business process compliance in the whole lifecycle of business processes. The goal of this paper is to move towards an integrated business process compliance management system (BPCMS) on the basis of current literature and existing support. For this purpose, we present a description of some compliance-related features such a system should have in order to provide full coverage of the business process lifecycle, from compliance aware business process design to the audit process. Hints about what existing approaches can fit in each feature and challenges for future work are also provided
SeaFlows â A Compliance Checking Framework for Supporting the Process Lifecycle
Compliance-awareness is undoubtedly of utmost importance for companies nowadays. Even though an automated approach to compliance checking and enforcement has been advocated in recent literature as a means to tame the high costs for compliance-awareness, the potential of automated mechanisms for supporting business process compliance is not yet depleted. Business process compliance deals with the question whether business processes are designed and executed in harmony with imposed regulations. In this thesis, we propose a compliance checking framework for automating business process compliance verification within process management systems (PrMSs). Such process-aware information systems constitute an ideal environment for the systematic integration of automated business process compliance checking since they bring together different perspectives on a business process and provide access to process data. The objective of this thesis is to devise a framework that enhances PrMSs with compliance checking functionality.
As PrMSs enable both the design and the execution of business processes, the designated compliance checking framework must accommodate mechanisms to support these different phases of the process lifecycle.
A compliance checking framework essentially consists of two major building blocks: a compliance rule language to capture compliance requirements in a checkable manner and compliance checking mechanisms for verification of process models and process instances. Key to the practical application of a compliance checking framework will be its ability to provide comprehensive and meaningful compliance diagnoses.
Based on the requirements analysis and meta-analyses, we developed the SeaFlows compliance checking framework proposed in this thesis. We introduce the compliance rule graph (CRG) language for modeling declarative compliance rules. The language provides modeling primitives with a notation based on nodes and edges. A compliance rule is modeled by defining a pattern of activity executions activating a compliance rule and consequences that have to apply once a rule becomes activated.
In order to enable compliance verification of process models and process instances, the CRG language is operationalized.
Key to this approach is the exploitation of the graph structure of CRGs for representing compliance states of the respective CRGs in a transparent and interpretable manner. For that purpose, we introduce execution states to mark CRG nodes in order to indicate which parts of the CRG patterns can be observed in a process execution. By providing rules to alter the markings when a new event is processed, we enable to update the compliance state for each observed event.
The beauty of our approach is that both design and runtime can be supported using the same mechanisms. Thus, no transformation of compliance rules in different representations for process model verification or for compliance monitoring becomes necessary. At design time, the proposed approach can be applied to explore a process model and to detect which compliance states with respect to imposed CRGs a process model is able to yield. At runtime, the effective compliance state of process instances can be monitored taking also the future predefined in the underlying process model into account. As compliance states are encoded based on the CRG structure, fine-grained and intelligible compliance diagnoses can be derived in each detected compliance state. Specifically, it becomes possible to provide feedback not only on the general enforcement of a compliance rule but also at the level of particular activations of the rule contained in a process.
In case of compliance violations, this can explain and pinpoint the source of violations in a process. In addition, measures to satisfy a compliance rule can be easily derived that can be seized for providing proactive support to comply.
Altogether, the SeaFlows compliance checking framework proposed in this thesis can be embedded into an overall integrated compliance management framework
Privacy-aware Linked Widgets
The European General Data Protection Regulation (GDPR) brings
new challenges for companies, who must demonstrate that their
systems and business processes comply with usage constraints
specified by data subjects. However, due to the lack of standards,
tools, and best practices, many organizations struggle to adapt their
infrastructure and processes to ensure and demonstrate that all
data processing is in compliance with users' given consent. The
SPECIAL EU H2020 project has developed vocabularies that can
formally describe data subjects' given consent as well as methods
that use this description to automatically determine whether
processing of the data according to a given policy is compliant
with the given consent. Whereas this makes it possible to determine
whether processing was compliant or not, integration of the
approach into existing line of business applications and ex-ante
compliance checking remains an open challenge. In this short paper,
we demonstrate how the SPECIAL consent and compliance framework
can be integrated into Linked Widgets, a mashup platform, in
order to support privacy-aware ad-hoc integration of personal data.
The resulting environment makes it possible to create data integration
and processing workflows out of components that inherently
respect usage policies of the data that is being processed and are
able to demonstrate compliance. We provide an overview of the
necessary meta data and orchestration towards a privacy-aware
linked data mashup platform that automatically respects subjects'
given consents. The evaluation results show the potential of our
approach for ex-ante usage policy compliance checking within the
Linked Widgets Platforms and beyond
IUPC: Identification and Unification of Process Constraints
Business Process Compliance (BPC) has gained significant momentum in research
and practice during the last years. Although many approaches address BPC, they
mostly assume the existence of some kind of unified base of process constraints
and focus on their verification over the business processes. However, it
remains unclear how such an inte- grated process constraint base can be built
up, even though this con- stitutes the essential prerequisite for all further
compliance checks. In addition, the heterogeneity of process constraints has
been neglected so far. Without identification and separation of process
constraints from domain rules as well as unification of process constraints,
the success- ful IT support of BPC will not be possible. In this technical
report we introduce a unified representation framework that enables the
identifica- tion of process constraints from domain rules and their later
unification within a process constraint base. Separating process constraints
from domain rules can lead to significant reduction of compliance checking
effort. Unification enables consistency checks and optimizations as well as
maintenance and evolution of the constraint base on the other side.Comment: 13 pages, 4 figures, technical repor
Formal certification and compliance for run-time service environments
With the increased awareness of security and safety of services in on-demand distributed service provisioning (such
as the recent adoption of Cloud infrastructures), certification and compliance checking of services is becoming a key element for service engineering. Existing certification techniques tend to support mainly design-time checking of service properties and tend not to support the run-time monitoring and progressive certification in the service execution environment. In this paper we discuss an approach which provides both design-time and runtime behavioural compliance checking for a services architecture, through enabling a progressive event-driven model-checking technique. Providing an integrated approach to certification and compliance is a challenge however using analysis and monitoring techniques we present such an approach for on-going compliance checking
Towards a Semantic-based Approach for Modeling Regulatory Documents in Building Industry
Regulations in the Building Industry are becoming increasingly complex and
involve more than one technical area. They cover products, components and
project implementation. They also play an important role to ensure the quality
of a building, and to minimize its environmental impact. In this paper, we are
particularly interested in the modeling of the regulatory constraints derived
from the Technical Guides issued by CSTB and used to validate Technical
Assessments. We first describe our approach for modeling regulatory constraints
in the SBVR language, and formalizing them in the SPARQL language. Second, we
describe how we model the processes of compliance checking described in the
CSTB Technical Guides. Third, we show how we implement these processes to
assist industrials in drafting Technical Documents in order to acquire a
Technical Assessment; a compliance report is automatically generated to explain
the compliance or noncompliance of this Technical Documents
The interaction of lean and building information modeling in construction
Lean construction and Building Information Modeling are quite different initiatives, but both are having profound impacts on the construction industry. A rigorous analysis of the myriad specific interactions between them indicates that a synergy exists which, if properly understood in theoretical terms, can be exploited to improve construction processes beyond the degree to which it might be improved by application of either of these paradigms independently. Using a matrix that juxtaposes BIM functionalities with prescriptive lean construction principles, fifty-six interactions have been identified, all but four of which represent constructive interaction. Although evidence for the majority of these has been found, the matrix is not considered complete, but rather a framework for research to
explore the degree of validity of the interactions. Construction executives, managers, designers and developers of IT systems for construction can also benefit from the framework as an aid to recognizing the potential synergies when planning their lean and BIM adoption strategies
- âŠ