The Need for Compliance Verification in Collaborative Business Processes

Compliance constrains processes to adhere to rules, standards, laws and regulations. Non-compliance subjects enterprises to litigation and financial fines. Collaborative business processes cross organizational and regional borders implying that internal and cross regional regulations must be complied with. To protect customs’ data, European enterprises must comply with the EU data privacy regulation (general data protection regulation - GDPR) and each member state’s data protection laws. An example of non-compliance with GDPR is Facebook, it is accused for breaching subscriber trust. Compliance verification is thus essential to deploy and implement collaborative business process systems. It ensures that processes are checked for conformance to compliance requirements throughout their life cycle. In this paper we take a proactive approach aiming to discuss the need for design time preventative compliance verification as opposed to after effect runtime detective approach. We use a real-world case to show how compliance needs to be analyzed and show the benefits of applying compliance check at the process design stag

The Need for Compliance Verification in Collaborative Business Processes

Compliance constrains processes to adhere to rules, standards, laws and regulations. Non-compliance subjects enterprises to litigation and financial fines. Collaborative business processes cross organizational and regional borders implying that internal and cross regional regulations must be complied with. To protect customs’ data, European enterprises must comply with the EU data privacy regulation (general data protection regulation - GDPR) and each member state’s data protection laws. An example of non-compliance with GDPR is Facebook, it is accused for breaching subscriber trust. Compliance verification is thus essential to deploy and implement collaborative business process systems. It ensures that processes are checked for conformance to compliance requirements throughout their life cycle. In this paper we take a proactive approach aiming to discuss the need for design time preventative compliance verification as opposed to after effect runtime detective approach. We use a real-world case to show how compliance needs to be analyzed and show the benefits of applying compliance check at the process design stag

Process Driven Access Control and Authorisation Approach

Compliance to regulatory requirements is key to successful collaborative business process execution. The review the EU general data protection regulation (GDPR) brought to the fore the need to comply with data privacy. Access control and authorization mechanisms in workflow management systems based on roles, tasks and attributes do not sufficiently address the current complex and dynamic privacy requirements in collaborative business process environments due to diverse policies. This paper proposes process driven authorization as an alternative approach to data access control and authorization where access is granted based on legitimate need to accomplish a task in the business process. Due to vast sources of regulations, a mechanism to derive and validate a composite set of constraints free of conflicts and contradictions is presented. An extended workflow tree language is also presented to support constraint modeling. An industry case Pick and Pack process is used for illustration

Decomposition-based Verification of Global Compliance in Process Choreographies

The verification of global compliance rules (GCR) in process choreographies (e.g., partner-spanning quality assurance in supply chains) is crucial and challenging due to the restricted visibility of the private processes of the collaborating partners. This paper provides a novel algorithm that decomposes global compliance rules into assertions that can be verified by the partners in a distributed way without revealing any private process details. The decomposition is based on transitivity properties of the underlying GCR specification. This work uses GCR based on antecedent and occurrence patterns and illustrates the transitivity properties based on their specification in first order predicate logic. It is formally shown that the original GCR can be reconstructed from the assertions, which ensures the viability of the approach. The algorithms are prototypically implemented and applied to several scenarios. The ability of checking global compliance constitutes a fundamental pillar of any approach implementing process choreographies with multiple partners

Verifying for Compliance to Data Constraints in Collaborative Business Processes.

Production processes are nowadays fragmented across different companies and organized in global collaborative networks. This is the result of the first wave of globalization that, among the various factors, was enabled by the diffusion of Internet-based Information and Communication Technologies (ICTs) at the beginning of the years 2000. The recent wave of new technologies possibly leading to the fourth industrial revolution – the so-called Industry 4.0 – is further multiplying opportunities. Accessing global customers opens great opportunities for organizations, including small and medium enterprises (SMEs), but it requires the ability to adapt to different requirements and conditions, volatile demand patterns and fast-changing technologies. Regardless of the industrial sector, the processes used in an organization must be compliant to rules, standards, laws and regulations. Non-compliance subjects enterprises to litigation and financial fines. Thus, compliance verification is a major concern, not only to keep pace with changing regulations but also to address the rising concerns of security, product and service quality and data privacy. The software, in particular process automation, used must be designed accordingly. In relation to process management, we propose a new way to pro-actively check the compliance of current running business processes using Descriptive Logic and Linear Temporal Logic to describe the constraints related to data. Related algorithms are presented to detect the potential violations

Verification and Compliance in Collaborative Processes

Evidently, COVID-19 has changed our lives and is likely to make a lasting impact on our economic development and our industry and services. With the ongoing process of digital transformation in industry and services, Collaborative Networks (CNs) is required to be more efficient, productive, flexible, resilient and sustainable according to change of situations and related rules applied afterwards. Although the CN area is relatively young, it requires the previous research to be extended, i.e. business process management from dealing with processes within a single organization into processes across different organizations. In this paper, we review current business process verification and compliance research. Different tools approaches and limitations of them are compared. The further research issues and potential solutions of business process verification and compliance check are discussed in the context of CNs

D7.5 FIRST consolidated project results

The FIRST project commenced in January 2017 and concluded in December 2022, including a 24-month suspension period due to the COVID-19 pandemic. Throughout the project, we successfully delivered seven technical reports, conducted three workshops on Key Enabling Technologies for Digital Factories in conjunction with CAiSE (in 2019, 2020, and 2022), produced a number of PhD theses, and published over 56 papers (and numbers of summitted journal papers). The purpose of this deliverable is to provide an updated account of the findings from our previous deliverables and publications. It involves compiling the original deliverables with necessary revisions to accurately reflect the final scientific outcomes of the project

A framework for the integration of information requirements within infrastructure digital construction

It can be anticipated that the adoption of digital construction/BIM processes on projects will enhance the efficiency of the management of an asset over its lifecycle. Several initiatives have been taken to foster the implementation of Standard Methods and Procedures (SMP) related to BIM, such as the UK government’s mandate for them to be adopted on all centrally procured public sector projects. However, this research identifies that there are still many barriers hindering the adoption of BIM. To help break down these barriers the initial stage of this research involved the implementation and analysis of BIM SMP on a highway infrastructure project in the UK. This entailed adopting the relevant procedures during construction of the project in order to better understand the challenges faced when adopting BIM, barriers to adoption and the type of information generated over the course of an infrastructure project. The analysis highlighted that there was still a need to align SMP with existing construction processes as this was considered to be one of the greatest barriers to adoption. Further, it was observed that over 90% of the information handed over on completion was in flat file formats, therefore losing the benefits of data that can be readily queried and updated. Based on the findings of the initial stage, the research explores the process and digital construction domains in order to analyse how project specific requirements can be identified. The research then explores which of these processes can be automated in order to enhance the reliability of the information that is collected. The thesis finally presents a framework that has been developed to help engineers identify the project specific information requirements and processes that are required to assure the successful implementation of a digital construction approach. The framework that was developed was then trialled on an airport infrastructure project and identified processes that would have enhanced the implementation and delivery of the digital construction model