702 research outputs found
Designing compliant business processes with obligations and permissions. Business process management workshops.
The sequence and timing constraints on the activities in business processes are an important aspect of business process compliance. To date, these constraints are most often implicitly transcribed into control-flow-based process models. This implicit representation of constraints, however, complicates the verification, validation and reuse in business process design. In this paper, we investigate the use of temporal deontic assignments on activities as a means to declaratively capture the control-flow semantics that reside in business regulations and business policies. In particular, we introduce PENELOPE, a language to express temporal rules about the obligations and permissions in a business interaction, and an algorithm to generate compliant sequence-flow-based process models that can be used in business process design.
Modeling control objectives for business process compliance
Business process design is primarily driven by process improvement objectives. However, the role of control objectives stemming from regulations and standards is becoming increasingly important for businesses in light of recent events that led to some of the largest scandals in corporate history. As organizations strive to meet compliance agendas, there is an evident need to provide systematic approaches that assist in the understanding of the interplay between (often conflicting) business and control objectives during business process design. In this paper, our objective is twofold. We will firstly present a research agenda in the space of business process compliance, identifying major technical and organizational challenges. We then tackle a part of the overall problem space, which deals with the effective modeling of control objectives and subsequently their propagation onto business process models. Control objective modeling is proposed through a specialized modal logic based on normative systems theory, and the visualization of control objectives on business process models is achieved procedurally. The proposed approach is demonstrated in the context of a purchase-to-pay scenario
Legal compliance by design (LCbD) and through design (LCtD) : preliminary survey
1st Workshop on Technologies for Regulatory Compliance co-located with the 30th International Conference on Legal Knowledge and Information Systems (JURIX 2017). The purpose of this paper is twofold: (i) carrying out a preliminary survey of the literature and research projects on Compliance by Design (CbD); and (ii) clarifying the double process of (a) extending business managing techniques to other regulatory fields, and (b) converging trends in legal theory, legal technology and Artificial Intelligence. The paper highlights the connections and differences we found across different domains and proposals. We distinguish three different policydriven types of CbD: (i) business, (ii) regulatory, (iii) and legal. The recent deployment of ethical views, and the implementation of general principles of privacy and data protection lead to the conclusion that, in order to appropriately define legal compliance, Compliance through Design (CtD) should be differentiated from CbD
The Need for Compliance Verification in Collaborative Business Processes
Compliance constrains processes to adhere to rules, standards, laws
and regulations. Non-compliance subjects enterprises to litigation and financial
fines. Collaborative business processes cross organizational and regional
borders implying that internal and cross regional regulations must be complied
with. To protect customs’ data, European enterprises must comply with the EU
data privacy regulation (general data protection regulation - GDPR) and each
member state’s data protection laws. An example of non-compliance with
GDPR is Facebook, it is accused for breaching subscriber trust. Compliance
verification is thus essential to deploy and implement collaborative business
process systems. It ensures that processes are checked for conformance to
compliance requirements throughout their life cycle. In this paper we take a
proactive approach aiming to discuss the need for design time preventative
compliance verification as opposed to after effect runtime detective approach.
We use a real-world case to show how compliance needs to be analyzed and
show the benefits of applying compliance check at the process design stag
The Need for Compliance Verification in Collaborative Business Processes
Compliance constrains processes to adhere to rules, standards, laws
and regulations. Non-compliance subjects enterprises to litigation and financial
fines. Collaborative business processes cross organizational and regional
borders implying that internal and cross regional regulations must be complied
with. To protect customs’ data, European enterprises must comply with the EU
data privacy regulation (general data protection regulation - GDPR) and each
member state’s data protection laws. An example of non-compliance with
GDPR is Facebook, it is accused for breaching subscriber trust. Compliance
verification is thus essential to deploy and implement collaborative business
process systems. It ensures that processes are checked for conformance to
compliance requirements throughout their life cycle. In this paper we take a
proactive approach aiming to discuss the need for design time preventative
compliance verification as opposed to after effect runtime detective approach.
We use a real-world case to show how compliance needs to be analyzed and
show the benefits of applying compliance check at the process design stag
Enforcing policies with privacy guardians
AbstractReasoning about privacy in electronic environments populated with privacy-concerned agents that exchange personal data requires control of ownership and proving the right of possession of a piece of data. The privacy policy expressed by an individual for his personal data can be enforced by a context-aware mobile agent, called alter-ego, accompanying the personal data disclosed.We discuss the first steps towards a formal framework for expressing policies on information disclosure and their integration in the behavior specification of the alter-egos, that enables characterization of an environment manipulating personal data from the privacy perspective
Modelling legal knowledge for GDPR compliance checking
In the last fifteen years, Semantic Web technologies have been successfully applied to the legal domain. By composing all those techniques and theoretical methods, we propose an integrated framework for modelling legal documents and legal knowledge to support legal reasoning, in particular checking compliance. This paper presents a proof-of-concept applied to the GDPR domain, with the aim to detect infringements of privacy compulsory norms or to prevent possible violations using BPMN and Regorous engine
A language for information commerce processes
Automatizing information commerce requires languages to represent the typical information commerce processes. Existing languages and standards cover either only very specific types of business models or are too general to capture in a concise way the specific properties of information commerce processes. We introduce a language that is specifically designed for information commerce. It can be directly used for the implementation of the processes and communication required in information commerce. It allows to cover existing business models that are known either from standard proposals or existing information commerce applications on the Internet. The language has a concise logical semantics. In this paper we present the language concepts and an implementation architecture
Knowledge Representation Concepts for Automated SLA Management
Outsourcing of complex IT infrastructure to IT service providers has
increased substantially during the past years. IT service providers must be
able to fulfil their service-quality commitments based upon predefined Service
Level Agreements (SLAs) with the service customer. They need to manage, execute
and maintain thousands of SLAs for different customers and different types of
services, which needs new levels of flexibility and automation not available
with the current technology. The complexity of contractual logic in SLAs
requires new forms of knowledge representation to automatically draw inferences
and execute contractual agreements. A logic-based approach provides several
advantages including automated rule chaining allowing for compact knowledge
representation as well as flexibility to adapt to rapidly changing business
requirements. We suggest adequate logical formalisms for representation and
enforcement of SLA rules and describe a proof-of-concept implementation. The
article describes selected formalisms of the ContractLog KR and their adequacy
for automated SLA management and presents results of experiments to demonstrate
flexibility and scalability of the approach.Comment: Paschke, A. and Bichler, M.: Knowledge Representation Concepts for
Automated SLA Management, Int. Journal of Decision Support Systems (DSS),
submitted 19th March 200
- …