10,150 research outputs found
Conformance Checking Based on Multi-Perspective Declarative Process Models
Process mining is a family of techniques that aim at analyzing business
process execution data recorded in event logs. Conformance checking is a branch
of this discipline embracing approaches for verifying whether the behavior of a
process, as recorded in a log, is in line with some expected behaviors provided
in the form of a process model. The majority of these approaches require the
input process model to be procedural (e.g., a Petri net). However, in turbulent
environments, characterized by high variability, the process behavior is less
stable and predictable. In these environments, procedural process models are
less suitable to describe a business process. Declarative specifications,
working in an open world assumption, allow the modeler to express several
possible execution paths as a compact set of constraints. Any process execution
that does not contradict these constraints is allowed. One of the open
challenges in the context of conformance checking with declarative models is
the capability of supporting multi-perspective specifications. In this paper,
we close this gap by providing a framework for conformance checking based on
MP-Declare, a multi-perspective version of the declarative process modeling
language Declare. The approach has been implemented in the process mining tool
ProM and has been experimented in three real life case studies
Link Before You Share: Managing Privacy Policies through Blockchain
With the advent of numerous online content providers, utilities and
applications, each with their own specific version of privacy policies and its
associated overhead, it is becoming increasingly difficult for concerned users
to manage and track the confidential information that they share with the
providers. Users consent to providers to gather and share their Personally
Identifiable Information (PII). We have developed a novel framework to
automatically track details about how a users' PII data is stored, used and
shared by the provider. We have integrated our Data Privacy ontology with the
properties of blockchain, to develop an automated access control and audit
mechanism that enforces users' data privacy policies when sharing their data
across third parties. We have also validated this framework by implementing a
working system LinkShare. In this paper, we describe our framework on detail
along with the LinkShare system. Our approach can be adopted by Big Data users
to automatically apply their privacy policy on data operations and track the
flow of that data across various stakeholders.Comment: 10 pages, 6 figures, Published in: 4th International Workshop on
Privacy and Security of Big Data (PSBD 2017) in conjunction with 2017 IEEE
International Conference on Big Data (IEEE BigData 2017) December 14, 2017,
Boston, MA, US
SeaFlows Toolset - Compliance Verification Made Easy for Process-aware Information Systems
In the light of an increasing demand on business process compliance, the verication of process models against compliance rules has become essential in enterprise computing. The SeaFlows Toolset featured in this paper extends process-aware information systems with compliance checking functionality. It provides a user-friendly environment for modeling compliance rules using a graph-based formalism and for enriching process models with these rules. To address a multitude of verification settings, we provide two complementary compliance checking approaches: The structural compliance checking approach derives structural criteria from compliance rules and applies them to detect incompliance. The data-aware behavioral compliance checking approach addresses the state explosion problem that can occur when the data dimension is explored during compliance checking. It performs context-sensitive automatic abstraction to derive an abstract process model which is more compact with regard to the data dimension enabling more efficient compliance checking. Altogether, SeaFlows Toolset constitutes a comprehensive and extensible framework for compliance checking of process models
Modeling control objectives for business process compliance
Business process design is primarily driven by process improvement objectives. However, the role of control objectives stemming from regulations and standards is becoming increasingly important for businesses in light of recent events that led to some of the largest scandals in corporate history. As organizations strive to meet compliance agendas, there is an evident need to provide systematic approaches that assist in the understanding of the interplay between (often conflicting) business and control objectives during business process design. In this paper, our objective is twofold. We will firstly present a research agenda in the space of business process compliance, identifying major technical and organizational challenges. We then tackle a part of the overall problem space, which deals with the effective modeling of control objectives and subsequently their propagation onto business process models. Control objective modeling is proposed through a specialized modal logic based on normative systems theory, and the visualization of control objectives on business process models is achieved procedurally. The proposed approach is demonstrated in the context of a purchase-to-pay scenario
SeaFlows – A Compliance Checking Framework for Supporting the Process Lifecycle
Compliance-awareness is undoubtedly of utmost importance for companies nowadays. Even though an automated approach to compliance checking and enforcement has been advocated in recent literature as a means to tame the high costs for compliance-awareness, the potential of automated mechanisms for supporting business process compliance is not yet depleted. Business process compliance deals with the question whether business processes are designed and executed in harmony with imposed regulations. In this thesis, we propose a compliance checking framework for automating business process compliance verification within process management systems (PrMSs). Such process-aware information systems constitute an ideal environment for the systematic integration of automated business process compliance checking since they bring together different perspectives on a business process and provide access to process data. The objective of this thesis is to devise a framework that enhances PrMSs with compliance checking functionality.
As PrMSs enable both the design and the execution of business processes, the designated compliance checking framework must accommodate mechanisms to support these different phases of the process lifecycle.
A compliance checking framework essentially consists of two major building blocks: a compliance rule language to capture compliance requirements in a checkable manner and compliance checking mechanisms for verification of process models and process instances. Key to the practical application of a compliance checking framework will be its ability to provide comprehensive and meaningful compliance diagnoses.
Based on the requirements analysis and meta-analyses, we developed the SeaFlows compliance checking framework proposed in this thesis. We introduce the compliance rule graph (CRG) language for modeling declarative compliance rules. The language provides modeling primitives with a notation based on nodes and edges. A compliance rule is modeled by defining a pattern of activity executions activating a compliance rule and consequences that have to apply once a rule becomes activated.
In order to enable compliance verification of process models and process instances, the CRG language is operationalized.
Key to this approach is the exploitation of the graph structure of CRGs for representing compliance states of the respective CRGs in a transparent and interpretable manner. For that purpose, we introduce execution states to mark CRG nodes in order to indicate which parts of the CRG patterns can be observed in a process execution. By providing rules to alter the markings when a new event is processed, we enable to update the compliance state for each observed event.
The beauty of our approach is that both design and runtime can be supported using the same mechanisms. Thus, no transformation of compliance rules in different representations for process model verification or for compliance monitoring becomes necessary. At design time, the proposed approach can be applied to explore a process model and to detect which compliance states with respect to imposed CRGs a process model is able to yield. At runtime, the effective compliance state of process instances can be monitored taking also the future predefined in the underlying process model into account. As compliance states are encoded based on the CRG structure, fine-grained and intelligible compliance diagnoses can be derived in each detected compliance state. Specifically, it becomes possible to provide feedback not only on the general enforcement of a compliance rule but also at the level of particular activations of the rule contained in a process.
In case of compliance violations, this can explain and pinpoint the source of violations in a process. In addition, measures to satisfy a compliance rule can be easily derived that can be seized for providing proactive support to comply.
Altogether, the SeaFlows compliance checking framework proposed in this thesis can be embedded into an overall integrated compliance management framework
Aiding compliance governance in service-based business processes
Assessing whether a company's business practices conform to laws and regulations and follow standards and SLAs, i.e., compliance management, is a complex and costly task. Few software tools aiding compliance management exist; yet, they typically do not address the needs of who is actually in charge of assessing and understanding compliance. We advocate the use of a compliance governance dashboard and suitable root cause analysis techniques that are specifically tailored to the needs of compliance experts and auditors. The design and implementation of these instruments are challenging for at least three reasons: (1) it is fundamental to identify the right level of abstraction for the information to be shown; (2) it is not trivial to visualize different analysis perspectives; and (3) it is difficult to manage and analyze the large amount of involved concepts, instruments, and data. This chapter shows how to address these issues, which concepts and models underlie the problem, and, eventually, how IT can effectively support compliance analysis in Service-Oriented Architectures (SOAs). © 2012, IGI Global
- …