Verifying for Compliance to Data Constraints in Collaborative Business Processes.

Production processes are nowadays fragmented across different companies and organized in global collaborative networks. This is the result of the first wave of globalization that, among the various factors, was enabled by the diffusion of Internet-based Information and Communication Technologies (ICTs) at the beginning of the years 2000. The recent wave of new technologies possibly leading to the fourth industrial revolution – the so-called Industry 4.0 – is further multiplying opportunities. Accessing global customers opens great opportunities for organizations, including small and medium enterprises (SMEs), but it requires the ability to adapt to different requirements and conditions, volatile demand patterns and fast-changing technologies. Regardless of the industrial sector, the processes used in an organization must be compliant to rules, standards, laws and regulations. Non-compliance subjects enterprises to litigation and financial fines. Thus, compliance verification is a major concern, not only to keep pace with changing regulations but also to address the rising concerns of security, product and service quality and data privacy. The software, in particular process automation, used must be designed accordingly. In relation to process management, we propose a new way to pro-actively check the compliance of current running business processes using Descriptive Logic and Linear Temporal Logic to describe the constraints related to data. Related algorithms are presented to detect the potential violations

The Need for Compliance Verification in Collaborative Business Processes

Compliance constrains processes to adhere to rules, standards, laws and regulations. Non-compliance subjects enterprises to litigation and financial fines. Collaborative business processes cross organizational and regional borders implying that internal and cross regional regulations must be complied with. To protect customs’ data, European enterprises must comply with the EU data privacy regulation (general data protection regulation - GDPR) and each member state’s data protection laws. An example of non-compliance with GDPR is Facebook, it is accused for breaching subscriber trust. Compliance verification is thus essential to deploy and implement collaborative business process systems. It ensures that processes are checked for conformance to compliance requirements throughout their life cycle. In this paper we take a proactive approach aiming to discuss the need for design time preventative compliance verification as opposed to after effect runtime detective approach. We use a real-world case to show how compliance needs to be analyzed and show the benefits of applying compliance check at the process design stag

Process Driven Access Control and Authorisation Approach

Compliance to regulatory requirements is key to successful collaborative business process execution. The review the EU general data protection regulation (GDPR) brought to the fore the need to comply with data privacy. Access control and authorization mechanisms in workflow management systems based on roles, tasks and attributes do not sufficiently address the current complex and dynamic privacy requirements in collaborative business process environments due to diverse policies. This paper proposes process driven authorization as an alternative approach to data access control and authorization where access is granted based on legitimate need to accomplish a task in the business process. Due to vast sources of regulations, a mechanism to derive and validate a composite set of constraints free of conflicts and contradictions is presented. An extended workflow tree language is also presented to support constraint modeling. An industry case Pick and Pack process is used for illustration

The Need for Compliance Verification in Collaborative Business Processes

Compliance constrains processes to adhere to rules, standards, laws and regulations. Non-compliance subjects enterprises to litigation and financial fines. Collaborative business processes cross organizational and regional borders implying that internal and cross regional regulations must be complied with. To protect customs’ data, European enterprises must comply with the EU data privacy regulation (general data protection regulation - GDPR) and each member state’s data protection laws. An example of non-compliance with GDPR is Facebook, it is accused for breaching subscriber trust. Compliance verification is thus essential to deploy and implement collaborative business process systems. It ensures that processes are checked for conformance to compliance requirements throughout their life cycle. In this paper we take a proactive approach aiming to discuss the need for design time preventative compliance verification as opposed to after effect runtime detective approach. We use a real-world case to show how compliance needs to be analyzed and show the benefits of applying compliance check at the process design stag

Formal certification and compliance for run-time service environments

With the increased awareness of security and safety of services in on-demand distributed service provisioning (such as the recent adoption of Cloud infrastructures), certification and compliance checking of services is becoming a key element for service engineering. Existing certification techniques tend to support mainly design-time checking of service properties and tend not to support the run-time monitoring and progressive certification in the service execution environment. In this paper we discuss an approach which provides both design-time and runtime behavioural compliance checking for a services architecture, through enabling a progressive event-driven model-checking technique. Providing an integrated approach to certification and compliance is a challenge however using analysis and monitoring techniques we present such an approach for on-going compliance checking

Enabling Multi-Perspective Business Process Compliance

A particular challenge for any enterprise is to ensure that its business processes conform with compliance rules, i.e., semantic constraints on the multiple perspectives of the business processes. Compliance rules stem, for example, from legal regulations, corporate best practices, domain-specific guidelines, and industrial standards. In general, compliance rules are multi-perspective, i.e., they not only restrict the process behavior (i.e. control flow), but may refer to other process perspectives (e.g. time, data, and resources) and the interactions (i.e. message exchanges) of a business process with other processes as well. The aim of this thesis is to improve the specification and verification of multi-perspective process compliance based on three contributions: 1. The extended Compliance Rule Graph (eCRG) language, which enables the visual modeling of multi-perspective compliance rules. Besides control flow, the latter may refer to the time, data, resource, and interaction perspectives of a business process. 2. A framework for multi-perspective monitoring of the compliance of running processes with a given set of eCRG compliance rules. 3. Techniques for verifying business process compliance with respect to the interaction perspective. In particular, we consider compliance verification for cross-organizational business processes, for which solely incomplete process knowledge is available. All contributions were thoroughly evaluated through proof-of-concept prototypes, case studies, empirical studies, and systematic comparisons with related works

Towards Compliance of Cross-Organizational Processes and their Changes

Businesses require the ability to rapidly implement new processes and to quickly adapt existing ones to environmental changes including the optimization of their interactions with partners and customers. However, changes of either intra- or cross-organizational processes must not be done in an uncontrolled manner. In particular, processes are increasingly subject to compliance rules that usually stem from security constraints, corporate guidelines, standards, and laws. These compliance rules have to be considered when modeling business processes and changing existing ones. While change and compliance have been extensively discussed for intra-organizational business processes, albeit only in an isolated manner, their combination in the context of cross-organizational processes remains an open issue. In this paper, we discuss requirements and challenges to be tackled in order to ensure that changes of cross-organizational business processes preserve compliance with imposed regulations, standards and laws

A comparative assessment of collaborative business process verification approaches.

Industry 4.0 is a key strategic trend of the economy. Virtual factories are key building blocks for Industry 4.0 where product design processes, manufacturing processes and general collaborative business processes across factories and enterprises are integrated. In the context of EU H2020 FIRST (vF Interoperation suppoRting buSiness innovaTion) project, end users of vFs are not experts in business process modelling to guarantee correct collaborative business processes for realizing execution. To enable automatic execution of business processes, verification is an important step at the business process design stage to avoid errors at runtime. Research in business process model verification has yielded a plethora of approaches in form of languages and tools that are based on Petri nets family and temporal logic. However, no report specifically targets and presents a comparative assessment of these approaches based on criteria as one we propose. In this paper we present an assessment of the most common verification approaches based on their expressibility, flexibility, suitability and complexity. We also look at how big data impacts the business process verification approach in a data-rich world

Ensuring Compliance of Distributed and Collaborative Workflows

Automated workflows must comply with domain-specific regulations, standards and rules. So far, compliance issues have been mainly addressed in the context of intra-organizational workflows. In turn, there exists only little work dealing with compliance of distributed and collaborative workflows. As opposed to intra-organizational workflows, for distributed and collaborative workflows compliance must be addressed at different levels. This includes local compliance rules of a particular partner as well as global compliance rules to be obeyed by multiple partners collaborating in the distributed workflow. As a particular challenge, the private elements of a particular partner workflow are hidden to the partners and hence not known by them. Accordingly, only limited information is available when checking compliance of distributed and collaborative workflows. This paper introduces techniques enabling compliance checking for distributed and collaborative workflows, taking these privacy constraints into account. Hence it enables ensuring compliance of distributed and collaborative workflows at design time