Towards Compliance of Cross-Organizational Processes and Their Changes - Research Challenges and State of Research

Businesses require the ability to rapidly implement new processes and to quickly adapt existing ones to environmental changes including the optimization of their interactions with partners and customers. However, changes of either intra- or cross-organizational processes must not be done in an uncontrolled manner. In particular, processes are increasingly subject to compliance rules that usually stem from security constraints, corporate guidelines, standards, and laws. These compliance rules have to be considered when modeling business processes and changing existing ones. While change and compliance have been extensively discussed for intra-organizational business processes, albeit only in an isolated manner, their combination in the context of cross-organizational processes remains an open issue. In this paper, we discuss requirements and challenges to be tackled in order to ensure that changes of cross-organizational business processes preserve compliance with imposed regulations, standards and laws.

[1]  Evelina Lamma,et al.  Expressing and Verifying Business Contracts with Abductive Logic Programming , 2008, Normative Multi-agent Systems.

[2]  Stefanie Rinderle-Ma,et al.  Balancing Flexibility and Security in Adaptive Process Management Systems , 2005, OTM Conferences.

[3]  Arjan J. Mooij,et al.  Constructing Replaceable Services Using Operating Guidelines and Maximal Controllers , 2010, WS-FM.

[4]  Peter Dadam,et al.  On enabling integrated process compliance with semantic constraints in process management systems , 2012, Inf. Syst. Frontiers.

[5]  Manfred Reichert,et al.  Ensuring business process compliance along the process life cycle , 2012 .

[6]  Mathias Weske,et al.  Interaction-centric modeling of process choreographies , 2011, Inf. Syst..

[7]  Miklos A. Vasarhelyi,et al.  Putting Continuous Auditing Theory into Practice: Lessons from Two Pilot Implementations , 2008, J. Inf. Syst..

[8]  Zahir Tari,et al.  On the Move to Meaningful Internet Systems 2002: CoopIS, DOA, and ODBASE , 2002, Lecture Notes in Computer Science.

[9]  Wil M. P. van der Aalst,et al.  DECLARE: Full Support for Loosely-Structured Processes , 2007, 11th IEEE International Enterprise Distributed Object Computing Conference (EDOC 2007).

[10]  Wil M. P. van der Aalst,et al.  Change Mining in Adaptive Process Management Systems , 2006, OTM Conferences.

[11]  Mathias Weske,et al.  Specification, Verification and Explanation of Violation for Data Aware Compliance Rules , 2009, ICSOC/ServiceWave.

[12]  Marco Montali,et al.  Monitoring Business Constraints with Linear Temporal Logic: An Approach Based on Colored Automata , 2011, BPM.

[13]  Zahir Tari,et al.  On the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS, OTM Confederated International Conferences CoopIS, DOA, ODBASE, GADA, and IS 2007, Vilamoura, Portugal, November 25-30, 2007, Proceedings, Part II , 2007, OTM Conferences.

[14]  Jan Vanthienen,et al.  Designing Compliant Business Processes with Obligations and Permissions , 2006, Business Process Management Workshops.

[15]  Mathias Weske,et al.  Efficient Compliance Checking Using BPMN-Q and Temporal Logic , 2008, BPM.

[16]  Marlon Dumas,et al.  Service Interaction Patterns , 2005, Business Process Management.

[17]  Mathias Weske,et al.  Behavioral Consistency for B2B Process Integration , 2007, CAiSE.

[18]  Peter Dadam,et al.  Design and Verification of Instantiable Compliance Rule Graphs in Process-Aware Information Systems , 2010, CAiSE.

[19]  Peter Dadam,et al.  Flexible Support of Team Processes by Adaptive Workflow Systems , 2004, Distributed and Parallel Databases.

[20]  Zahir Tari,et al.  On the Move to Meaningful Internet Systems 2006: CoopIS, DOA, GADA, and ODBASE, OTM Confederated International Conferences, CoopIS, DOA, GADA, and ODBASE 2006, Montpellier, France, October 29 - November 3, 2006. Proceedings, Part I , 2006, OTM Conferences.

[21]  Wil M. P. van der Aalst,et al.  Multiparty Contracts: Agreeing and Implementing Interorganizational Processes , 2010, Comput. J..

[22]  Manfred Reichert,et al.  Beyond rigidity – dynamic process lifecycle support , 2009, Computer Science - Research and Development.

[23]  Marwane El Kharbili,et al.  Business Process Compliance Checking: Current State and Future Challenges , 2008, MobIS.

[24]  Shazia Wasim Sadiq,et al.  Modeling Control Objectives for Business Process Compliance , 2007, BPM.

[25]  Peter Dadam,et al.  On Enabling Data-Aware Compliance Checking of Business Process Models , 2010, ER.

[26]  Andrew Berry,et al.  Extending choreography with business contract constraints , 2005, Int. J. Cooperative Inf. Syst..

[27]  Guido Governatori,et al.  Compliance aware business process design , 2008 .

[28]  Frank Leymann,et al.  Web Services , 2004, Informatik-Spektrum.

[29]  Peter Dadam,et al.  Monitoring Business Process Compliance Using Compliance Rule Graphs , 2011, OTM Conferences.

[30]  Mike P. Papazoglou,et al.  The Challenges of Service Evolution , 2008, CAiSE.

[31]  Zakaria Maamar,et al.  Views in Composite Web Services , 2005, IEEE Internet Comput..

[32]  Stefanie Rinderle-Ma,et al.  Change patterns and change support features - Enhancing flexibility in process-aware information systems , 2008, Data Knowl. Eng..

[33]  George S. Avrunin,et al.  Property specification patterns for finite-state verification , 1998, FMSP '98.

[34]  Priya Narasimhan,et al.  Service-Oriented Computing - ICSOC 2007, Fifth International Conference, Vienna, Austria, September 17-20, 2007, Proceedings , 2007, ICSOC.

[35]  Fabio Casati,et al.  Workflow Evolution , 1996, ER.

[36]  Manfred Reichert,et al.  The Minadept Clustering Approach for Discovering Reference Process Models Out of Process Variants , 2010, Int. J. Cooperative Inf. Syst..

[37]  Erik P. de Vink,et al.  Time and Data-Aware Analysis of Graphical Service Models in Reo , 2010, 2010 8th IEEE International Conference on Software Engineering and Formal Methods.

[38]  Peretz Shoval,et al.  Conceptual Modeling - ER 2010, 29th International Conference on Conceptual Modeling, Vancouver, BC, Canada, November 1-4, 2010. Proceedings , 2010, ER.

[39]  Manfred Reichert,et al.  Adeptflex—Supporting Dynamic Changes of Workflows Without Losing Control , 1998, Journal of Intelligent Information Systems.

[40]  Peter Dadam,et al.  Integration and verification of semantic constraints in adaptive process management systems , 2008, Data Knowl. Eng..

[41]  Shazia Wasim Sadiq,et al.  Compliance checking between business processes and business contracts , 2006, 2006 10th IEEE International Enterprise Distributed Object Computing Conference (EDOC'06).

[42]  Birgit Pfitzmann,et al.  From Regulatory Policies to Event Monitoring Rules: Towards Model-Driven Compliance Automation , 2006 .

[43]  Manfred Reichert,et al.  Dealing with forward and backward jumps in workflow management systems , 2003, Software and Systems Modeling.

[44]  Schahram Dustdar,et al.  Caramba—A Process-Aware Collaboration System Supporting Ad hoc and Collaborative Processes in Virtual Teams , 2004, Distributed and Parallel Databases.

[45]  Ying Liu,et al.  A static compliance-checking framework for business process models , 2007, IBM Syst. J..

[46]  Axel Martens,et al.  Consistency between executable and abstract processes , 2005, 2005 IEEE International Conference on e-Technology, e-Commerce and e-Service.

[47]  Stefanie Rinderle-Ma,et al.  Providing Integrated Life Cycle Support in Process-Aware Information Systems , 2009, Int. J. Cooperative Inf. Syst..

[48]  Evelina Lamma,et al.  Expressing and Verifying Business Contracts with Abductive , 2007 .

[49]  Peter Dadam,et al.  Correctness criteria for dynamic changes in workflow systems - a survey , 2004, Data Knowl. Eng..

[50]  Manfred Reichert,et al.  Supporting Ad-Hoc Changes in Distributed Workflow Management Systems , 2007, OTM Conferences.

[51]  Andrew D. Gordon,et al.  Verified Reference Implementations of WS-Security Protocols , 2006, WS-FM.

[52]  Wil M. P. van der Aalst,et al.  Inheritance of Interorganizational Workflows to Enable Business-to-Business , 2002, Electron. Commer. Res..

[53]  Boudewijn F. van Dongen,et al.  Process Mining and Verification of Properties: An Approach Based on Temporal Logic , 2005, OTM Conferences.

[54]  Samir Tata,et al.  CoopFlow: A Bottom-Up Approach to Workflow Cooperation for Short-Term Virtual Enterprises , 2008, IEEE Transactions on Services Computing.

[55]  Marlon Dumas,et al.  Let's Dance: A Language for Service Behavior Modeling , 2006, OTM Conferences.

[56]  Manfred Reichert,et al.  Enabling Flexibility in Process-Aware Information Systems , 2012, Springer Berlin Heidelberg.

[57]  Maria E. Orlowska,et al.  Specification and validation of process constraints for flexible workflows , 2005, Inf. Syst..

[58]  Duen-Ren Liu,et al.  Business-to-business workflow interoperation based on process-views , 2004, Decis. Support Syst..

[59]  Peter Dadam,et al.  Adaptive process management with ADEPT2 , 2005, 21st International Conference on Data Engineering (ICDE'05).

[60]  Aditya K. Ghose,et al.  Auditing Business Process Compliance , 2007, ICSOC.

[61]  Nenad Stojanovic,et al.  Pattern-Based Design and Validation of Business Process Compliance , 2007, OTM Conferences.

[62]  Niels Lohmann,et al.  Another Approach to Service Instance Migration , 2009, ICSOC/ServiceWave.

[63]  Wil M. P. van der Aalst,et al.  Worklets: A Service-Oriented Implementation of Dynamic Flexibility in Workflows , 2006, OTM Conferences.

[64]  I. Weber,et al.  Semantic Business Process Validation , 2008 .

[65]  Manfred Reichert,et al.  Unleashing the Effectiveness of Process-Oriented Information Systems: Problem Analysis, Critical Success Factors, and Implications , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).