Modeling and Checking Business Process Compliance Rules in the Financial Sector

Assuring compliance of business processes with legal and internal regulations is crucial for financial institutions, as non-compliance may lead to severe financial and juridical penalties. To ensure business process compliance, process models have been established as a widely accepted basis for the design, documentation and control of the implementation of business process rules. Accordingly, in this paper, we introduce a semi-automatic business process compliance checking approach based on process models and related models. It relies on graph-based pattern matching, which makes it possible in contrast to existing approaches to define and check any possible type of business rule in any possible type of business process model or even other type of model. The approach is embedded in a design science research methodology

Live Query - Visualized Process Analysis

Business process management (BPM) becomes continuously challenging through a steadily increasing number and even more complex processes. For enabling an effective and efficient control of business processes, (semi-)automatic approaches are necessary as a supporting means. However, these approaches are often hardly applicable in practice since they lack a broad applicability or an acceptable ease of use. This work aims to close this gap by providing an approach that supports a widely applicable, (semi-)automatic analysis of business process models and makes the analysis comprehensible using a graphical visualization

A Meta-Model Driven Method for Establishing Business Process Compliance to GDPR

2016. aasta aprillis kiitis Euroopa Parlament ja Nõukogu heaks ning võttis vastu uue isikuandmete kaitse määruse - GDPRi (Isikuandmete kaitse üldmäärus), mis jõustub 2018. aasta mai lõpus Euroopa Liidus (EL). GDPRi eesmärgiks on lahendada ELi kodanike isikuandmete kaitse ja kasutamisega seotud päevakohaseid probleeme. Uue määruse kohaselt kõik organisatsioonid, mis kasutavad ELi kodanike isikuandmeid oma igapäevases tegevuses, peavad oma infosüsteeme ja äriprotsesse ümber hindama, et need vastaksid uutele eeskirjadele ja piirangutele. Isikuandmete väärkasutus võib ettevõttele olla väga kulukas - kuni 20 miljonit eurot või 4% aastasest käibest trahvidena. Sellele vaatamata puudub tehniline juhis või selge lähenemisviis, mis aitaks hinnata infosüsteemide äriprotsesside vastavust GDPRi nõuetele. Käesolev töö käsitleb mainitud probleemi, uurides üldmääruse õigusakti teksti ja pakkudes välja infosüsteemide äriprotsesside analüüsimise metoodikat, mis aitaks viia äriprotsesse vastavusse GDPRi nõuetele. Pakutud metoodika aitab kaardistada isikuandmete liikumist erinevate osapoolte vahel ja tuua välja äriprotsessi probleemsed kohad, mis aitab vähendada isikuandmete kuritarvitamist. Pakutud metoodikat saab kasutada ka automatiseeritud tööriista väljatöötamiseks.In the April 2016, the European Parliament and Council approved the new personal data protection regulation - GDPR (General Data Protection Regulation), which will take effect at the end of the May 2018 in all Member States of European Union (EU). The GDPR is addressing common problems of the protection and the usage of the personal data of EU citizens. According to the new regulation, all organizations that use personal data of EU citizens in their day-to-day activities - have to re-evaluate their business processes and information systems to comply with the new rules and constraints. The punishment for misuse of personal data can be very costly to the company - up to 20 million euros or 4% of the annual global turnover in fines. Nevertheless, there is no technical guidance or clear approach that would help to evaluate business processes of an information system to comply with GDPR. This thesis will address mentioned issue by researching the GDPR legislation text and proposing an actual methodology for analysing business processes of information systems and aligning them with the GDPR. The proposed methodology will also help to map the flow of the personal data between different parties and highlight the problematic places in the business processes suggesting measures to reduce the misuse of personal data. This approach could be used as a reference point for developing the automated tool for analysing the processes of an information system to comply with GDPR

A rule-based semantic approach for automated regulatory compliance in the construction sector

A key concern for professionals in any industry is ensuring regulatory compliance. Regulations are often complex and require in depth technical knowledge of the domain in which they operate. The level of technical detail and complexity in regulations is a barrier to their automation due to extensive software development time and costs that are involved. In this paper we present a rule-based semantic approach formulated as a methodology to overcome these issues by allowing domain experts to specify their own regulatory compliance systems without the need for extensive software development. Our methodology is based on the key idea that three semantic contexts are needed to fully understand the regulations being automated: the semantics of the target domain, the specific semantics of regulations being considered, and the semantics of the data format that is to be checked for compliance. This approach allows domain experts to create and maintain their own regulatory compliance systems, within a semantic domain that is familiar to them. At the same time, our approach allows for the often diverse nature of semantics within a particular domain by decoupling the specific semantics of regulations from the semantics of the domain itself. This paper demonstrates how our methodology has been validated using a series of regulations automated by professionals within the construction domain. The regulations that have been developed are then in turn validated on real building data stored in an industry specific format (the IFCs). The adoption of this methodology has greatly advanced the process of automating these complex sets of construction regulations, allowing the full automation of the regulation scheme within 18 months. We believe that these positive results show that, by adopting our methodology, the barriers to the building of regulatory compliance systems will be greatly lowered and the adoption of three semantic domains proposed by our methodology provides tangible benefits

Querying a regulatory model for compliant building design audit

The ingredients for an effective automated audit of a building design include a BIM model containing the design information, an electronic regulatory knowledge model, and a practical method of processing these computerised representations. There have been numerous approaches to computer-aided compliance audit in the AEC/FM domain over the last four decades, but none has yet evolved into a practical solution. One reason is that they have all been isolated attempts that lack any form of standardisation. The current research project therefore focuses on using an open standard regulatory knowledge and BIM representations in conjunction with open standard executable compliant design workflows to automate the compliance audit process. This paper provides an overview of different approaches to access information from a regulatory model representation. The paper then describes the use of a purpose-built high-level domain specific query language to extract regulatory information as part of the effort to automate manual design procedures for compliance audit

Environmental Audit improvements in industrial systems through FRAM

Environmental risk management requires specific methodologies to focus audit activities on the most critical elements of production systems. Limited resources require a clear motivation to put attention on specific technological, human, organizational components, and often should address the monitor of interactions among these elements. Recent research in environmental risk looks at methods to deal with complexity as interesting tools to reduce real impacts on pollution and consumption. In this paper, we provide evidence of the advantage in using the Functional Resonance Analysis Method (FRAM), not only to identify the criticalities of a complex production system but to provide a methodology to continuously improve the audit activities in parallel with the introduction of technique to reduce environmental risk. The case study presents the evolution of environmental audit in a sinter plant, proving the need for a review of the criticality list and the successful application of FRAM to refocus the control activities