Aligning Monitoring and Compliance Requirements in Evolving Business Networks

Dynamic business networks (BNs) are intrinsically characterised by change. Compliance requirements management, in this context, may become particularly challenging. Partners in the network may join and leave the collaboration dynamically and tasks over which compliance requirements are specified may be consequently delegated to new partners or backsourced by network participants. This paper considers the issue of aligning the compliance requirements in a BN with the monitoring requirements they induce on the BN participants when change (or evolution) occurs. We first provide a conceptual model of BNs and their compliance requirements, introducing the concept of monitoring capabilities induced by compliance requirements. Then, we present a set of mechanisms to ensure consistency between the monitoring and compliance requirements when BNs evolve, e.g. tasks are delegated or backsourced in-house. Eventually, we discuss a prototype implementation of our framework, which also implements a set of metrics to check the status of a BN in respect of compliance monitorability

On Enabling Compliance of Cross-Organizational Business Processes

Process compliance deals with the ability of a company to ensure that its business processes comply with domain-specific regulations and rules. So far, compliance issues have been mainly addressed for intra-organizational business processes, whereas there exists only little work dealing with compliance in the context of cross-organizational processes that involve multiple business partners. As opposed to intra-organizational processes, for a cross-organizational process, compliance must be addressed at different modeling levels, ranging from interaction models to public process models to private processes of the partners. Accordingly, there exist different levels for modeling compliance rules. In particular, we distinguish between local compliance rules of a particular partner and global compliance rules to be obeyed by all partners involved in the cross-organizational process. This paper focuses on checking the compliance of interaction models. For this purpose, we introduce the notion of compliability, which shall guarantee that an interaction model is not conflicting with a set of imposed global compliance rules

Enriching Business Process Models with Decision Rules

Making the right decisions in time is one of the key tasks in every business. In this context, decision theory fosters decision-making based on well-defined decision rules. The latter evaluate a given set of input parameters and utilize evidenced data in order to determine an optimal alternative out of a given set of choices. In particular, decision rules are relevant in the context business processes as well. Contemporary process modeling languages, however, have not incorporated decision theory yet, but mainly consider rather simple, guard-based decisions that refer to process-relevant data. To remedy this drawback, this paper introduces an approach that allows embedding decision problems in business process models and applying decision rules to deal with them. As a major benefit, it becomes possible to automatically determine optimal execution paths during run time

Verification and Compliance in Collaborative Processes

Evidently, COVID-19 has changed our lives and is likely to make a lasting impact on our economic development and our industry and services. With the ongoing process of digital transformation in industry and services, Collaborative Networks (CNs) is required to be more efficient, productive, flexible, resilient and sustainable according to change of situations and related rules applied afterwards. Although the CN area is relatively young, it requires the previous research to be extended, i.e. business process management from dealing with processes within a single organization into processes across different organizations. In this paper, we review current business process verification and compliance research. Different tools approaches and limitations of them are compared. The further research issues and potential solutions of business process verification and compliance check are discussed in the context of CNs

Detecting the Effects of Changes on the Compliance of Cross-organizational Business Processes

An emerging challenge for collaborating business partners is to properly define and evolve their cross-organizational processes with respect to imposed global compliance rules. Since compliance verification is known to be very costly, reducing the number of compliance rules to be rechecked in the context of process changes will be crucial. Opposed to intra-organizational processes, however, change effects cannot be easily assessed in such distributed scenarios, where partners only provide restricted public views and assertions on their private processes. Even if local process changes are invisible to partners, they might affect the compliance of the cross-organizational process with the mentioned rules. This paper provides an approach for ensuring compliance when evolving a cross-organizational process. For this purpose, we construct qualified dependency graphs expressing relationships between process activities, process assertions, and compliance rules. Based on such graphs, we are able to determine the subset of compliance rules that might be affected by a particular change. Altogether, our approach increases the efficiency of compliance checking in cross-organizational settings

Verifying for Compliance to Data Constraints in Collaborative Business Processes.

Production processes are nowadays fragmented across different companies and organized in global collaborative networks. This is the result of the first wave of globalization that, among the various factors, was enabled by the diffusion of Internet-based Information and Communication Technologies (ICTs) at the beginning of the years 2000. The recent wave of new technologies possibly leading to the fourth industrial revolution – the so-called Industry 4.0 – is further multiplying opportunities. Accessing global customers opens great opportunities for organizations, including small and medium enterprises (SMEs), but it requires the ability to adapt to different requirements and conditions, volatile demand patterns and fast-changing technologies. Regardless of the industrial sector, the processes used in an organization must be compliant to rules, standards, laws and regulations. Non-compliance subjects enterprises to litigation and financial fines. Thus, compliance verification is a major concern, not only to keep pace with changing regulations but also to address the rising concerns of security, product and service quality and data privacy. The software, in particular process automation, used must be designed accordingly. In relation to process management, we propose a new way to pro-actively check the compliance of current running business processes using Descriptive Logic and Linear Temporal Logic to describe the constraints related to data. Related algorithms are presented to detect the potential violations

Towards Compliance of Cross-Organizational Processes and their Changes

Businesses require the ability to rapidly implement new processes and to quickly adapt existing ones to environmental changes including the optimization of their interactions with partners and customers. However, changes of either intra- or cross-organizational processes must not be done in an uncontrolled manner. In particular, processes are increasingly subject to compliance rules that usually stem from security constraints, corporate guidelines, standards, and laws. These compliance rules have to be considered when modeling business processes and changing existing ones. While change and compliance have been extensively discussed for intra-organizational business processes, albeit only in an isolated manner, their combination in the context of cross-organizational processes remains an open issue. In this paper, we discuss requirements and challenges to be tackled in order to ensure that changes of cross-organizational business processes preserve compliance with imposed regulations, standards and laws

Modeling the Resource Perspective of Business Process Compliance Rules with the Extended Compliance Rule Graph

Process-aware information systems must ensure compliance of the business processes they implement with global compliance rules related to security constraints, domain-specific guidelines, standards, and laws. Usually, respective compliance rules cover multiple process perspectives; i.e., they not only deal with the control flow perspective that restricts the sequence in which the process activities shall be executed, but also refer to other process perspectives like data, time, and resource. Although there are various approaches for specifying compliance rules (e.g., based on temporal logic and narrative patterns), only few languages allow for the visual modeling of compliance rules. In turn, existing visual languages focus on the control flow perspective, but treat the other process perspectives as second class citizens. To remedy this drawback, this paper presents an approach for the visual modeling of business process compliance rules, including the resource perspective. The suitability of this approach is evaluated in a case study that was performed by business analysts in the healthcare domain

Towards adaptive compliance

Mission critical software is often required to comply with multiple regulations, standards or policies. Recent paradigms, such as cloud computing, also require software to operate in heterogeneous, highly distributed, and changing environments. In these environments, compliance requirements can vary at runtime and traditional compliance management techniques, which are normally applied at design time, may no longer be su cient. In this paper, we motivate the need for adaptive compliance by illustrating possible compliance concerns determined by runtime variability. We further motivate our work by means of a cloud computing scenario, and present two main contributions. First, we propose and justify a process to support adaptive compliance that extends the traditional compliance management lifecycle with the activities of the Monitor-Analyse-Plan-Execute (MAPE) loop, and enacts adaptation through re-con guration. Second, we explore the literature on software compliance and classify existing work in terms of the activities and concerns of adaptive compliance. In this way, we determine how the literature can support our proposal and what are the open research challenges that need to be addressed in order to fully support adaptive compliance