SOA-enabled compliance management: instrumenting, assessing, and analyzing service-based business processes

Facilitating compliance management, that is, assisting a company’s management in conforming to laws, regulations, standards, contracts, and policies, is a hot but non-trivial task. The service-oriented architecture (SOA) has evolved traditional, manual business practices into modern, service-based IT practices that ease part of the problem: the systematic definition and execution of business processes. This, in turn, facilitates the online monitoring of system behaviors and the enforcement of allowed behaviors—all ingredients that can be used to assist compliance management on the fly during process execution. In this paper, instead of focusing on monitoring and runtime enforcement of rules or constraints, we strive for an alternative approach to compliance management in SOAs that aims at assessing and improving compliance. We propose two ingredients: (i) a model and tool to design compliant service-based processes and to instrument them in order to generate evidence of how they are executed and (ii) a reporting and analysis suite to create awareness of a company’s compliance state and to enable understanding why and where compliance violations have occurred. Together, these ingredients result in an approach that is close to how the real stakeholders—compliance experts and auditors—actually assess the state of compliance in practice and that is less intrusive than enforcing compliance.

[1]  van der Wmp Wil Aalst,et al.  Decision mining in business processes , 2006 .

[2]  Frank Leymann,et al.  Pluggable Framework for Enabling the Execution of Extended BPEL Behavior , 2009, ICSOC Workshops.

[3]  Todd Biske SOA Governance , 2008 .

[4]  Guido Governatori,et al.  The Journey to Business Process Compliance , 2009, Handbook of Research on Business Process Modeling.

[5]  Anthony Tarantino,et al.  Governance, Risk, and Compliance Handbook: Technology, Finance, Environmental, and International Guidance and Best Practices , 2008 .

[6]  Frank Leymann,et al.  Maintaining Compliance in Customizable Process Models , 2009, OTM Conferences.

[7]  Fabio Casati,et al.  On the Design of Compliance Governance Dashboards for Effective Compliance and Audit Management , 2009, ICSOC/ServiceWave Workshops.

[8]  Jan Vanthienen,et al.  Designing Compliant Business Processes with Obligations and Permissions , 2006, Business Process Management Workshops.

[9]  Fabio Casati,et al.  Computing Uncertain Key Indicators from Uncertain Data , 2009, ICIQ.

[10]  Fabio Casati,et al.  Chapter 79 – Business Process Cockpit: Extended Abstract , 2002, VLDB 2002.

[11]  Fabio Casati,et al.  Message Correlation and Web Service Protocol Mining from Inaccurate Logs , 2010, 2010 IEEE International Conference on Web Services.

[12]  Fabio Casati,et al.  Business Compliance Governance in Service-Oriented Architectures , 2009, 2009 International Conference on Advanced Information Networking and Applications.

[13]  Shazia Wasim Sadiq,et al.  Modeling Control Objectives for Business Process Compliance , 2007, BPM.

[14]  Sau Dan Lee,et al.  Decision Trees for Uncertain Data , 2011, IEEE Transactions on Knowledge and Data Engineering.

[15]  Guido Governatori,et al.  On compliance checking for clausal constraints in annotated process models , 2012, Inf. Syst. Frontiers.

[16]  Luigi Pontieri,et al.  Discovering expressive process models by clustering log traces , 2006, IEEE Transactions on Knowledge and Data Engineering.

[17]  Guido Governatori,et al.  Compliance aware business process design , 2008 .

[18]  Fabio Casati,et al.  Business Process Cockpit , 2002, VLDB.

[19]  Fabio Casati,et al.  Toward Uncertain Business Intelligence: The Case of Key Indicators , 2010, IEEE Internet Computing.

[20]  Fabio Casati,et al.  Improving Business Process Quality through Exception Understanding, Prediction, and Prevention , 2001, VLDB.

[21]  Fabio Casati,et al.  Deriving Protocol Models from Imperfect Service Conversation Logs , 2008, IEEE Transactions on Knowledge and Data Engineering.

[22]  M. Castellanos,et al.  Conformance testing : measuring the fit and appropriateness of event logs and process models , 2013 .

[23]  Frank Leymann,et al.  A Management Framework for WS-BPEL , 2008, 2008 Sixth European Conference on Web Services.

[24]  Jan Mendling,et al.  Business Process Intelligence , 2009, Handbook of Research on Business Process Modeling.

[25]  Wil M. P. van der Aalst,et al.  Conformance checking of processes based on monitoring real behavior , 2008, Inf. Syst..

[26]  M. Walton The Deming management method , 1986 .

[27]  Jeewon Choi,et al.  A framework for benchmarking service process using data envelopment analysis and decision tree , 2007, Expert Syst. Appl..

[28]  Shazia Wasim Sadiq,et al.  Detecting Regulatory Compliance for Business Process Models through Semantic Annotations , 2008, Business Process Management Workshops.

[29]  Edwin P. D. Pednault,et al.  Segmentation-based modeling for advanced targeted marketing , 2001, KDD '01.

[30]  Shlomit S. Pinter,et al.  Discovering workflow models from activities' lifespans , 2004, Comput. Ind..

[31]  Fabio Casati,et al.  A Generic solution for Warehousing Business Process Data , 2007, VLDB.

[32]  Viara Popova,et al.  Modeling organizational performance indicators , 2010, Inf. Syst..