Compliance of Semantic Constraints - A Requirements Analysis for Process Management Systems

Key to the use of process management systems (PrMS) in practice is their ability to facilitate the implementation, execution, and adaptation of business processes while still being able to ensure error-free process executions. Mechanisms have been developed to prevent errors at the syntactic level such as deadlocks. In many application domains, processes often have to comply with business level rules and policies (i.e., semantic constraints). Hence, in order to ensure error-free executions at the semantic level, PrMS need certain control mechanisms for validating and ensuring the compliance with semantic constraints throughout the process lifecycle. In this paper, we discuss fundamental requirements for a comprehensive support of semantic constraints in PrMS. Moreover, we provide a survey on existing approaches and discuss to what extent they meet the requirements and which challenges still have to be tackled. Finally, we show how the challenge of life time compliance can be dealt with by integrating design time and runtime process validation

A novel workflow management system for handling dynamic process adaptation and compliance

Modern enterprise organisations rely on dynamic processes. Generally these processes cannot be modelled once and executed repeatedly without change. Enterprise processes may evolve unpredictably according to situations that cannot always be prescribed. However, no mechanism exists to ensure an updated process does not violate any compliance requirements. Typical workflow processes may follow a process definition and execute several thousand instances using a workflow engine without any changes. This is suitable for routine business processes. However, when business processes need flexibility, adaptive features are needed. Updating processes may violate compliance requirements so automatic verification of compliance checking is necessary. The research work presented in this Thesis investigates the problem of current workflow technology in defining, managing and ensuring the specification and execution of business processes that are dynamic in nature, combined with policy standards throughout the process lifycle. The findings from the literature review and the system requirements are used to design the proposed system architecture. Since a two-tier reference process model is not sufficient as a basis for the reference model for an adaptive and compliance workflow management system, a three-tier process model is proposed. The major components of the architecture consist of process models, business rules and plugin modules. This architecture exhibits the concept of user adaptation with structural checks and dynamic adaptation with data-driven checks. A research prototype - Adaptive and Compliance Workflow Management System (ACWfMS) - was developed based on the proposed system architecture to implement core services of the system for testing and evaluation purposes. The ACWfMS enables the development of a workflow management tool to create or update the process models. It automatically validates compliance requirements and, in the case of violations, visual feedback is presented to the user. In addition, the architecture facilitates process migration to manage specific instances with modified definitions. A case study based on the postgraduate research process domain is discussed

SeaFlows – A Compliance Checking Framework for Supporting the Process Lifecycle

Compliance-awareness is undoubtedly of utmost importance for companies nowadays. Even though an automated approach to compliance checking and enforcement has been advocated in recent literature as a means to tame the high costs for compliance-awareness, the potential of automated mechanisms for supporting business process compliance is not yet depleted. Business process compliance deals with the question whether business processes are designed and executed in harmony with imposed regulations. In this thesis, we propose a compliance checking framework for automating business process compliance verification within process management systems (PrMSs). Such process-aware information systems constitute an ideal environment for the systematic integration of automated business process compliance checking since they bring together different perspectives on a business process and provide access to process data. The objective of this thesis is to devise a framework that enhances PrMSs with compliance checking functionality. As PrMSs enable both the design and the execution of business processes, the designated compliance checking framework must accommodate mechanisms to support these different phases of the process lifecycle. A compliance checking framework essentially consists of two major building blocks: a compliance rule language to capture compliance requirements in a checkable manner and compliance checking mechanisms for verification of process models and process instances. Key to the practical application of a compliance checking framework will be its ability to provide comprehensive and meaningful compliance diagnoses. Based on the requirements analysis and meta-analyses, we developed the SeaFlows compliance checking framework proposed in this thesis. We introduce the compliance rule graph (CRG) language for modeling declarative compliance rules. The language provides modeling primitives with a notation based on nodes and edges. A compliance rule is modeled by defining a pattern of activity executions activating a compliance rule and consequences that have to apply once a rule becomes activated. In order to enable compliance verification of process models and process instances, the CRG language is operationalized. Key to this approach is the exploitation of the graph structure of CRGs for representing compliance states of the respective CRGs in a transparent and interpretable manner. For that purpose, we introduce execution states to mark CRG nodes in order to indicate which parts of the CRG patterns can be observed in a process execution. By providing rules to alter the markings when a new event is processed, we enable to update the compliance state for each observed event. The beauty of our approach is that both design and runtime can be supported using the same mechanisms. Thus, no transformation of compliance rules in different representations for process model verification or for compliance monitoring becomes necessary. At design time, the proposed approach can be applied to explore a process model and to detect which compliance states with respect to imposed CRGs a process model is able to yield. At runtime, the effective compliance state of process instances can be monitored taking also the future predefined in the underlying process model into account. As compliance states are encoded based on the CRG structure, fine-grained and intelligible compliance diagnoses can be derived in each detected compliance state. Specifically, it becomes possible to provide feedback not only on the general enforcement of a compliance rule but also at the level of particular activations of the rule contained in a process. In case of compliance violations, this can explain and pinpoint the source of violations in a process. In addition, measures to satisfy a compliance rule can be easily derived that can be seized for providing proactive support to comply. Altogether, the SeaFlows compliance checking framework proposed in this thesis can be embedded into an overall integrated compliance management framework

Systemunterstützung zur automatischen Anpassung von Workflows zur Laufzeit

In dieser Arbeit wird ein Ansatz zur automatischen Berechnung und Ausführung von strukturellen Anpassungsmöglichkeiten für Workflows auf Basis von Kontextinformationen entwickelt. Zur Sicherstellung der semantischen Korrektheit der Anpassungsmöglichkeiten werden zwei Arten von Einschränkungen berücksichtigt: Zustandsbezogene Einschränkungen (ZBE) und Aktivitätsabhängigkeiten (AA). ZBEs spezifizieren Einschränkungen zwischen Anpassungsoperationen und dem Ausführungszustand des Workflows. AAs beschreiben temporale Beziehungen zwischen Aktivitäten eines Workflows