Auditing business process compliance

Compliance issues impose significant management and reporting requirements upon organizations.We present an approach to enhance business process modeling notations with the capability to detect and resolve many broad compliance related issues. We provide a semantic characterization of a minimal revision strategy that helps us obtain compliant process models from models that might be initially non-compliant, in a manner that accommodates the structural and semantic dimensions of parsimoniously annotated process models. We also provide a heuristic approach to compliance resolution using a notion of compliance patterns. This allows us to partially automate compliance resolution, leading to reduced levels of analyst involvement and improved decision support

Compliance of Semantic Constraints - A Requirements Analysis for Process Management Systems

Key to the use of process management systems (PrMS) in practice is their ability to facilitate the implementation, execution, and adaptation of business processes while still being able to ensure error-free process executions. Mechanisms have been developed to prevent errors at the syntactic level such as deadlocks. In many application domains, processes often have to comply with business level rules and policies (i.e., semantic constraints). Hence, in order to ensure error-free executions at the semantic level, PrMS need certain control mechanisms for validating and ensuring the compliance with semantic constraints throughout the process lifecycle. In this paper, we discuss fundamental requirements for a comprehensive support of semantic constraints in PrMS. Moreover, we provide a survey on existing approaches and discuss to what extent they meet the requirements and which challenges still have to be tackled. Finally, we show how the challenge of life time compliance can be dealt with by integrating design time and runtime process validation

On Enabling Integrated Process Compliance with Semantic Constraints in Process Management Systems

Key to broad use of process management systems (PrMS) in practice is their ability to foster and ease the implementation, execution, monitoring, and adaptation of business processes while still being able to ensure robust and error-free process enactment. To meet these demands a variety of mechanisms has been developed to prevent errors at the structural level (e.g., deadlocks). In many application domains, however, processes often have to comply with business level rules and policies (i.e., semantic constraints) as well. Hence, to ensure error-free executions at the semantic level, PrMS need certain control mechanisms for validating and ensuring the compliance with semantic constraints. In this paper, we discuss fundamental requirements for a comprehensive support of semantic constraints in PrMS. Moreover, we provide a survey on existing approaches and discuss to what extent they are able to meet the requirements and which challenges still have to be tackled. In order to tackle the particular challenge of providing integrated compliance support over the process lifecycle, we introduce the SeaFlows framework. The framework introduces a behavioural level view on processes which serves a conceptual process representation for constraint specification approaches. Further, it provides general compliance criteria for static compliance validation but also for dealing with process changes. Altogether, the SeaFlows framework can serve as formal basis for realizing integrated support of semantic constraints in PrMS

Semantic Process Modeling – Design and Implementation of an Ontology-based Representation of Business Processes

An extension of process modeling languages is designed which allows representing the semantics of model element labels which are formulated in natural language by using concepts of a formal ontology. This combination of semiformal models with formal ontologies will be characterized as semantic process modeling. The approach is exemplarily applied to the languages EPC (Event-driven Process Chain), BPMN (Business Process Modeling Notation) and OWL (Web Ontology Language) and is generalized by means of an information model. The proposed formalization of the semantics of individual model elements in conjunction with the usage of inference engines allows the improvement of query functionalities in modeling tools and enables new possibilities of model validation. The integration of the approach in the IT-based work environments of modelers is demonstrated by a system architecture and a prototypical implementation. Evidently, advantages in the areas of modeling, model management, IT-business alignment, and compliance can be achieved by the application of modeling tools augmented with semantic technologies

Semantic business process management: a vision towards using semantic web services for business process management

Business process management (BPM) is the approach to manage the execution of IT-supported business operations from a business expert's view rather than from a technical perspective. However, the degree of mechanization in BPM is still very limited, creating inertia in the necessary evolution and dynamics of business processes, and BPM does not provide a truly unified view on the process space of an organization. We trace back the problem of mechanization of BPM to an ontological one, i.e. the lack of machine-accessible semantics, and argue that the modeling constructs of semantic Web services frameworks, especially WSMO, are a natural fit to creating such a representation. As a consequence, we propose to combine SWS and BPM and create one consolidated technology, which we call semantic business process management (SBPM

Quality model for semantic IS standards

Semantic IS (Information Systems) standards are essential for achieving\ud interoperability between organizations. However a recent survey suggests that\ud not the full benefits of standards are achieved, due to the quality issues. This\ud paper presents a quality model for semantic IS standards, that should support\ud standards development organizations in assessing the quality of their\ud standards. Although intended for semantic IS standards the potential use of\ud this quality model is much broader and might be applicable to all kind of\ud standards

SECURITY POLICY ENFORCEMENT IN APPLICATION ENVIRONMENTS USING DISTRIBUTED SCRIPT-BASED CONTROL STRUCTURES

Business processes involving several partners in different organisations impose demanding requirements on procedures for specification, execution and maintenance. A framework referred to as business process management (BPM) has evolved for this purpose over the last ten years. Other approaches, such as service-oriented architecture (SOA) or the concept of virtual organisations (VOs), assist in the definition of architectures and procedures for modelling and execution of so-called collaborative business processes (CBPs). Methods for the specification of business processes play a central role in this context, and, several standards have emerged for this purpose. Among these, Web Services Business Process Execution Language (WS-BPEL, usually abbreviated BPEL) has evolved to become the de facto standard for business process definition. As such, this language has been selected as the foundation for the research in this thesis. Having a broadly accepted standard would principally allow the specification of business processes in a platform-independent manner, including the capability to specify them at one location and have them executed at others (possibly spread across different organisations). Though technically feasible, this approach has significant security implications, particularly on the side that is to execute a process. The research project focused upon these security issues arising when business processes are specified and executed in a distributed manner. The central goal has been the development of methods to cope with the security issues arising when BPEL as a standard is deployed in such a way exploiting the significant aspect of a standard to be platform-independent The research devised novel methods for specifying security policies in such a manner that the assessment of compliance with these policies is greatly facilitated such that the assessment becomes suited to be performed automatically. An analysis of the securityrelevant semantics of BPEL as a specification language was conducted that resulted in the identification of so-called security-relevant semantic patterns. Based on these results, methods to specify security policy-implied restrictions in terms of such semantic patterns and to assess the compliance of BPEL scripts with these policies have been developed. These methods are particularly suited for assessment of remotely defined BPEL scripts since they allow for pre-execution enforcement of local security policies thereby mitigating or even removing the security implications involved in distributed definition and execution of business processes. As initially envisaged, these methods are comparatively easy to apply, as they are based on technologies customary for practitioners in this field. The viability of the methods proposed for automatic compliance assessment has been proven via a prototypic implementation of the essential functionality required for proof-of-concept.Darmstadt Node of the NRG Network at University of Applied Sciences Darmstad

Querying a regulatory model for compliant building design audit

The ingredients for an effective automated audit of a building design include a BIM model containing the design information, an electronic regulatory knowledge model, and a practical method of processing these computerised representations. There have been numerous approaches to computer-aided compliance audit in the AEC/FM domain over the last four decades, but none has yet evolved into a practical solution. One reason is that they have all been isolated attempts that lack any form of standardisation. The current research project therefore focuses on using an open standard regulatory knowledge and BIM representations in conjunction with open standard executable compliant design workflows to automate the compliance audit process. This paper provides an overview of different approaches to access information from a regulatory model representation. The paper then describes the use of a purpose-built high-level domain specific query language to extract regulatory information as part of the effort to automate manual design procedures for compliance audit