Detecting the Effects of Changes on the Compliance of Cross-organizational Business Processes

An emerging challenge for collaborating business partners is to properly define and evolve their cross-organizational processes with respect to imposed global compliance rules. Since compliance verification is known to be very costly, reducing the number of compliance rules to be rechecked in the context of process changes will be crucial. Opposed to intra-organizational processes, however, change effects cannot be easily assessed in such distributed scenarios, where partners only provide restricted public views and assertions on their private processes. Even if local process changes are invisible to partners, they might affect the compliance of the cross-organizational process with the mentioned rules. This paper provides an approach for ensuring compliance when evolving a cross-organizational process. For this purpose, we construct qualified dependency graphs expressing relationships between process activities, process assertions, and compliance rules. Based on such graphs, we are able to determine the subset of compliance rules that might be affected by a particular change. Altogether, our approach increases the efficiency of compliance checking in cross-organizational settings

Interval soundness of resource-constrained workflow nets : decidability and repair

Correctness of workflow design cannot be evaluated by checking the execution for one single instance of the workflow, because instances, even when being independent from the data perspective, depend on each other with respect to the resources they rely on for executing tasks. The resources are shared among the instances of the same workflow; moreover, other workflows can use the same resources. Therefore, we enrich the workflow model with the model of its environment that captures the resource perspective. This allows us to investigate the verification of workflows extended with resources in a more general setting than it was previously done. We focus on the soundness property, which means the ability to terminate properly from any reachable state of the system, for every instance of the system. We show the decision procedure for soundness and how to repair a workflow that is unsound from the resource perspective by synthesizing a controller such that the composition of the workflow and the controller is sound by design

Phototoxicity activity of Psoralea drupacea L. using Atremia salina bioassay system

Objective: Phototoxicity is a kind of dermatitis that is activated by exposure to ultraviolet light following the administration of some drugs or natural products. Artemia salina (A. salina) (brine shrimp) has been effectively applied for toxicity testing and is perfect for biological screening of many chemicals for simultaneous evaluation of toxicity and phototoxicity. The objective of this study was to investigate the phototoxic activitiy of the methanolic extract and chloroform and CH3OH/H2O2 fraction of Psoralea drupacea (P. drupacea). Materials and methods: The phototoxic effect of the methanolic extract, chloroform and CH3OH/H2O2 fractions of P. drupacea was evaluatedusing A. salina bioassay system. Different concentrations of methanolic extract and fractions of P. drupacea were added to the plate of one-day old larvae followed by exposure to UV radiation at 366 nm in three different exposure times (0, 4 and 20 h). Mortality was determined 24h after the start of the irradiation.  Results: The value of LC50 of P. drupacea methanolic extract and methoxalen as positive control were 0.64 and 3.5´10-4 mg/ml, respectively. P. drupacea methanolic extract and chloroform fraction demonstrated phototoxic activity after 4 h radiation. Conclusion: The result showed that P. drupacea methanolic extract and chloroform fraction have phototoxicity in A. salina bioassay system and their toxic effect is related to phototoxic constituents such as psoralen

Diagnostic information in compliance checking

Compliance checking is gaining importance as today's organizations need to show that operational processes are executed in a controlled manner while satisfying predefined (legal) requirements. Deviations may be costly and expose the organization to severe risks. Compliance checking is of growing importance for the business process management and auditing communities. This paper presents a comprehensive compliance checking approach based on Petri-net fragments and alignments. 55 control flow oriented compliance rules, distributed over 15 categories. We formalize them in terms of Petri-net fragments describing the compliant behavior. To check compliance with respect to a rule, the event log describing the observed behavior is aligned with the corresponding fragment. The approach is flexible (easy to add new patterns), robust (the selected alignment between log and fragment is guaranteed to be optimal), and allows for both a quantification of compliance and intuitive diagnostics explaining deviations at the level of alignments. The approach can also handle resource-based and data-based compliance rules and is supported by ProM plug-ins

Separating compliance management and business process management

The ever growing set of regulations and laws organizations have to comply to, introduces many new challenges. Current approaches that check for compliance by implementing controls in an existing information system (IS) decrease the maintainability of both the set of compliance rules and the IS. In this position paper, we advocate the separation of the compliance process from the organization’s business processes. We introduce a life cycle for the management of compliance rules. A separate compliance engine is used to define and check compliance rules independent from the existing IS within an organization

Separating compliance management and business process management

The ever growing set of regulations and laws organizations have to comply to, introduces many new challenges. Current approaches that check for compliance by implementing controls in an existing information system (IS) decrease the maintainability of both the set of compliance rules and the IS. In this position paper, we advocate the separation of the compliance process from the organization’s business processes. We introduce a life cycle for the management of compliance rules. A separate compliance engine is used to define and check compliance rules independent from the existing IS within an organization

Diagnostic information for compliance checking of temporal compliance requirements

Compliance checking is gaining importance as today’s organizations need to show that operational processes are executed in a controlled manner while satisfying predefined (legal) requirements or service level agreements. Deviations may be costly and expose an organization to severe risks. Compliance checking is of growing importance for the business process management and auditing communities. This paper presents an approach for checking compliance of observed process executions recorded in an event log to temporal compliance requirements, which restrict when particular activities may or may not occur. We show how temporal compliance requirements discussed in literature can be unified and formalized using a generic temporal compliance rule. To check compliance with respect to a temporal rule, the event log describing the observed behavior is aligned with the rule. The alignment then shows which events occurred out of order and which events deviated by which amount of time from the prescribed behavior. This approach integrates with an existing approach for control-flow compliance checking, allowing for multi-perspective diagnostic information in case of compliance violations. We show the feasibility of our technique by checking temporal compliance rules of real life event logs