An integrated solution for runtime compliance governance

Abstract. In response to recent financial scandals (e.g. those involving Enron, Fortis, Parmalat), new regulations for protecting the society from financial and operational risks of the companies have been introduced. Therefore, companies are required to assure compliance of their operations with those new regulations as well as those already in place. Regulations are only one example of compliance sources modern organizations deal with every day. Other sources of compliance include licenses of business partners and other contracts, internal policies, and international standards. The diversity of compliance sources introduces the problem of compliance governance in an organization. In this paper, we propose an integrated solution for runtime compliance governance in Service-Oriented Architectures (SOAs). We show how the proposed solution supports the whole cycle of compliance management: from modeling compliance requirements in domain-specific languages through monitoring them during process execution to displaying information about the current state of compliance in dashboards. We focus on the runtime part of the proposed solution and describe it in detail. We apply the developed framework in a real case study coming from EU FP7 project COMPAS, and this case study is used through the paper to illustrate our solution

An end-to-end framework for business compliance in process-driven SOAs

It is significant for companies to ensure their businesses conforming to relevant policies, laws, and regulations as the consequences of infringement can be serious. Unfortunately, the divergence and frequent changes of different compliance sources make it hard to systematically and quickly accommodate new compliance requirements due to the lack of an adequate methodology for system and compliance engineering. In addition, the difference of perception and expertise of multiple stakeholders involving in system and compliance engineering further complicates the analyzing, implementing, and assessing of compliance. For these reasons, in many cases, business compliance today is reached on a per-case basis by using ad hoc, hand-crafted solutions for specific rules to which they must comply. This leads in the long run to problems regarding complexity, understandability, and maintainability of compliance concerns in a SOA. To address the aforementioned challenges, we present in this invited paper a comprehensive SOA business compliance software framework that enables a business to express, implement, monitor, and govern compliance concerns. © 2010 IEEE