An end-to-end framework for business compliance in process-driven SOAs

It is significant for companies to ensure their businesses conforming to relevant policies, laws, and regulations as the consequences of infringement can be serious. Unfortunately, the divergence and frequent changes of different compliance sources make it hard to systematically and quickly accommodate new compliance requirements due to the lack of an adequate methodology for system and compliance engineering. In addition, the difference of perception and expertise of multiple stakeholders involving in system and compliance engineering further complicates the analyzing, implementing, and assessing of compliance. For these reasons, in many cases, business compliance today is reached on a per-case basis by using ad hoc, hand-crafted solutions for specific rules to which they must comply. This leads in the long run to problems regarding complexity, understandability, and maintainability of compliance concerns in a SOA. To address the aforementioned challenges, we present in this invited paper a comprehensive SOA business compliance software framework that enables a business to express, implement, monitor, and govern compliance concerns. © 2010 IEEE