Towards a Framework for Business Process Compliance

Compliance with laws and regulations of business processes and software systems is becoming a crucial issue for organizations and calls for suitable methods to deal with it. In contrast to business processes and organizational requirements, regulations are very abstract and hence it is important to refine them until they are at a level of abstraction similar to that of business processes. In this position paper, we investigate the steps needed to provide a framework that integrates law modeling notations with business process modeling notations. Based on the normative statements found in a legal document, we identify a law-compliant strategic goal model and describe possible templates for business processes. This framework aims to help organizations and software engineers assess the compliance of business processes, improve their processes, and manage evolution. With the help of a middle-layer goal modeling notation, it is possible to analyze the full or partial compliance in a systematic way and identify the rationale for the presence of particular activities.

[1]  Giovanni Sartor,et al.  Fundamental legal concepts: A formal and teleological characterisation* , 2006, Artificial Intelligence and Law.

[2]  Robert Darimont,et al.  Goal-oriented Analysis of Regulations , 2006, ReMo2V.

[3]  John Mylopoulos,et al.  A Meta-Model for Modelling Law-Compliant Requirements , 2009, 2009 Second International Workshop on Requirements Engineering and Law.

[4]  Annie I. Antón,et al.  Checking Existing Requirements for Compliance with Law Using a Production Rule Model , 2009, 2009 Second International Workshop on Requirements Engineering and Law.

[5]  Daniel Amyot,et al.  Towards a Framework for Tracking Legal Compliance in Healthcare , 2007, CAiSE.

[6]  Annie I. Antón,et al.  Developing Production Rule Models to Aid in Acquiring Requirements from Legal Texts , 2009, 2009 17th IEEE International Requirements Engineering Conference.

[7]  Anna Perini,et al.  Exploring the Effectiveness of Normative i* Modelling: Results from a Case Study on Food Chain Traceability , 2008, CAiSE.

[8]  Eric Yu,et al.  Modeling Strategic Relationships for Process Reengineering , 1995, Social Modeling for Requirements Engineering.

[9]  John Mylopoulos,et al.  Organizational Patterns for Early Requirements Analysis , 2003, CAiSE.

[10]  Annie I. Antón,et al.  Validating Existing Requirements for Compliance with Law Using a Production Rule Model , 2009 .

[11]  Shazia Wasim Sadiq,et al.  Process modelling: the deontic way , 2006, APCCM.

[12]  Daniel Amyot,et al.  Compliance Analysis Based on a Goal-oriented Requirement Language Evaluation Methodology , 2009, 2009 17th IEEE International Requirements Engineering Conference.

[13]  John Mylopoulos,et al.  Designing Law-Compliant Software Requirements , 2009, ER.

[14]  Eric Dubois,et al.  Using Goal-Oriented Requirements Engineering for Improving the Quality of ISO/IEC 15504 based Compliance Assessment Frameworks , 2008, 2008 16th IEEE International Requirements Engineering Conference.

[15]  Annie I. Antón,et al.  Towards Regulatory Compliance: Extracting Rights and Obligations to Align Requirements with Regulations , 2006, 14th IEEE International Requirements Engineering Conference (RE'06).