Enabling Multi-Perspective Business Process Compliance

A particular challenge for any enterprise is to ensure that its business processes conform with compliance rules, i.e., semantic constraints on the multiple perspectives of the business processes. Compliance rules stem, for example, from legal regulations, corporate best practices, domain-specific guidelines, and industrial standards. In general, compliance rules are multi-perspective, i.e., they not only restrict the process behavior (i.e. control flow), but may refer to other process perspectives (e.g. time, data, and resources) and the interactions (i.e. message exchanges) of a business process with other processes as well. The aim of this thesis is to improve the specification and verification of multi-perspective process compliance based on three contributions: 1. The extended Compliance Rule Graph (eCRG) language, which enables the visual modeling of multi-perspective compliance rules. Besides control flow, the latter may refer to the time, data, resource, and interaction perspectives of a business process. 2. A framework for multi-perspective monitoring of the compliance of running processes with a given set of eCRG compliance rules. 3. Techniques for verifying business process compliance with respect to the interaction perspective. In particular, we consider compliance verification for cross-organizational business processes, for which solely incomplete process knowledge is available. All contributions were thoroughly evaluated through proof-of-concept prototypes, case studies, empirical studies, and systematic comparisons with related works

A Visual Language for Modeling Multiple Perspectives of Business Process Compliance Rules (Extended Abstract)

A fundamental challenge for enterprises is to ensure compliance of their business processes with imposed compliance rules stemming from various sources, e.g., corporate guidelines, best practices, standards, and laws. In general, a compliance rule may refer to multiple process perspectives including control flow, time, data, resources, and interactions with business partners. On one hand, compliance rules should be comprehensible for domain experts who must define, verify and apply them. On the other, these rules should have a precise semantics to avoid ambiguities and enable their automated processing. Providing a visual language is advantageous in this context as it allows hiding formal details and offering an intuitive way of modeling the compliance rules. However, existing visual languages for compliance rule modeling have focused on the control flow perspective so far, but lack proper support for the other process perspectives. To remedy this drawback, we introduce the extended Compliance Rule Graph language, which enables the visual modeling of compliance rules with the support of multiple perspectives. Overall, this language will foster the modeling and verification of compliance rules in practice

An Operational Semantics for the Extended Compliance Rule Graph Language

A challenge for any enterprise is to ensure conformance of its business processes with imposed compliance rules. Usually, the latter may constrain multiple perspectives of a business process, including control flow, data, time, resources, and interactions with business partners. Like for process modeling, intuitive visual languages have been proposed for specifying compliance rules. However, business process compliance cannot completely be decided at design time, but needs to be monitored during run time as well. In previous work we introduced the extended Compliance Rule Graph (eCRG) language that enables the visual monitoring of business process compliance regarding the control flow, data, time, and resource perspectives as well as the interactions a process has with business partners. This technical report introduces an operational semantics of the eCRG language. In particular, the state of a visual compliance rule is reflected through markings and annotations of an eCRG. The proposed operational semantics not only allows detecting compliance violations at run-time, but visually highlights their causes as well. Finally, it allows providing recommendations to users in order to proactively ensure for a compliant continuation of a running business process

A Visual Language for Modeling Business Process Compliance Rules

A fundamental challenge for enterprises is to ensure compliance of their business processes with imposed compliance rules stemming from various sources, e.g., corporate guidelines, best practices, standards, and laws. In general, a compliance rule may refer to multiple process perspectives including control flow, time, data, resources, and interactions with business partners. On one hand, compliance rules should be comprehensible for domain experts who must define, verify and apply them. On the other, these rules should have a precise semantics to avoid ambiguities and enable their automated processing. Providing a visual language is advantageous in this context as it allows hiding formal details and offering an intuitive way of modeling the compliance rules. However, existing visual languages for compliance rule modeling have focused on the control flow perspective so far, but lack proper support for the other process perspectives. To remedy this drawback, this paper introduces the extended Compliance Rule Graph language, which enables the visual modeling of compliance rules with the support of multiple perspectives. Overall, this language will foster the modeling and verification of compliance rules in practice

Ensuring Business Process Compliance Along the Process Life Cycle

Business processes are subject to semantic constraints that stem from regulations, laws and guidelines, and are also known as compliance rules. Hence, process-aware information systems have to ensure compliance with those rules in order to guarantee semantically correct and error-free executability as well as changeability of their business processes. This report discusses how compliance rules can be defined and how business process compliance can be ensured for the different phases of the process lifecycle

Towards Visually Monitoring Multiple Perspectives of Business Process Compliance

A challenge for enterprises is to ensure conformance of their business processes with imposed compliance rules. Usually, the latter may constrain multiple perspectives of a business process, including control flow, data, time, resources, and interactions with business partners. Like in process modeling, visual languages for specifying compliance rules have been proposed. However, business process compliance cannot be completely decided at design time, but needs to be monitored during run time as well. This paper introduces an approach for visually monitoring business process compliance. In particular, this approach covers all relevant process perspectives. Furthermore, compliance violations cannot only be detected, but also be visually highlighted emphasizing their causes. Finally, the approach assists users in ensuring compliant continuations of a running business process

A Formal Framework for Data-Aware Process Interaction Models

IT support for distributed and collaborative workflows as well as related interactions between business partners are becoming increasingly important. For modeling such partner interactions as flow of message exchanges, different topdown approaches, covered under the term interaction modeling, are provided. Like for workflow models, correctness constitutes a fundamental challenge for interaction models; e.g., to ensure the boundedness and absence of deadlocks and lifelocks. Due to their distributed execution, in addition, interaction models should be message-deterministic and realizable, i.e., the same conversation (i.e. sequence of messages) should always lead to the same result, and it should be ensured that partners always have enough information about the messages they must or may send in a given context. So far, most existing approaches have addressed correctness of interaction models without explicitly considering the data exchanged through messages and used for routing decisions. However, data support is crucial for collaborative workflows and interaction models respectively. This technical report enriches interaction models with the data perspective. In particular, it defines the behavior of data-aware interaction models based on Data- Aware Interaction Nets, which use elements of both Interaction Petri Nets and Workflow Nets with Data. Finally, formal correctness criteria for Data-Aware Interaction Nets are derived, guaranteeing the boundedness and absence of deadlocks and lifelocks, and ensuring message-determinism as well as realizability

Rule-based Monitoring Framework for Business Process Compliance

Business processes compliance monitoring can be viewed as a task of detecting and reacting to the compliance of running business processes with compliance rules, which are the semantic constraints originated from norms, standards, and laws, etc. Normally, compliance rules not only refer to normal process perspectives, like control ow, data ow, and time, but also perspectives of data aggregation as well as their mixtures. Such characteristics as well as potentially high number of concurrently running process instances, post challenges for processes compliance monitoring from the aspects of specification and monitoring efficiency. In this work, we address these challenges by proposing a compliance monitoring framework (bpCMon), including an event-based compliance language (ECL) and event reaction system (ERS), wherein ECL is a formal language enabling specifying compliance rules of multi-perspective, and ERS is a powerful rule-based system enriched with events indexing structure, and fully supports the monitoring for compliance rules in ECL. Experiments on a real life datasets indicate the applicability of bpCMon, and the comparisons with three related works over benchmarks demonstrate the efficiency of bpCMon

Data-Aware Interaction in Distributed and Collaborative Workflows: Modeling, Semantics, Correctness

IT support for distributed and collaborative workflows and related interactions between business partners is becoming increasingly important. For modeling such partner interactions as flow of message exchanges, different top-down approaches, covered under the term interaction modeling, are provided. Like for workflow models, correctness constitutes a fundamental challenge for interaction models as well; e.g., to ensure the boundedness and absence of deadlocks and lifelocks. Due to their distributed execution, in addition, interaction models should be message-deterministic and realizable, i.e., the same conversation (i.e. sequence of messages) should always lead to the same result, and it should be ensured that partners always have enough information about the messages they must or may send in a given context. So far, most existing approaches have addressed correctness of interaction models without explicitly considering the data exchanged through messages and used for routing decisions. However, data support is crucial for collaborative workflows and interaction models respectively. This paper therefore enriches interaction models with the data perspective. In particular, it defines the behavior of data-aware interaction models based on Data-Aware Interaction Nets, which use elements of both Interaction Petri Nets and Workflow Nets with Data. Finally, formal correctness criteria for Data-Aware Interaction Nets are derived, guaranteeing the boundedness and absence of deadlocks and lifelocks, and ensuring message-determinism as well as realizability

A Framework for Visually Monitoring Business Process Compliance (Extended Abstract)

Any enterprise must ensure that its business processes comply with imposed compliance rules. This extended abstract presents a comprehensive framework for visually monitoring business process compliance. As opposed to existing approaches, the framework supports the visual monitoring of all relevant process perspectives based on the extended Compliance Rule Graph (eCRG) language. Furthermore, it not only allows for the detection of violations, but additionally highlights their causes. Finally, the framework assists users in both monitoring business process compliance and ensuring the compliant continuation of running business processes. Overall, the framework provides a fundamental contribution towards the real-time monitoring of compliance in process-driven enterprises