Compliance Domains: A Means to Model Data-Restrictions in Cloud Environments

It is crucial for enterprises to execute business operations in a compliant way. This is especially true for IT-driven business processes as enterprises may face considerable fines when violating laws and regulation in their business processes. Through the advent of cloud computing, a new dimension of compliance requirements within the research area of compliant business process design has emerged. Data-sovereignty is one of the major compliance concerns enterprises have to deal with when moving applications and data to the cloud. Enterprises are fully responsible for their data, also when the data is not present within their IT premises anymore. This lead to the policy that specific data must not leave the IT premises of the enterprise. In this paper we present an approach to support the human process designer in modelling compliant business processes. We are focusing on compliance requirements which have to be considered in the field of cloud computing. These requirements have been created to meet laws and regulations. These laws and regulations are considering data which is to other countries, for example. Looking at the characteristics of these requirements, we deal with data-centric compliance rules here.

[1]  Steven Skiena,et al.  The Algorithm Design Manual , 2020, Texts in Computer Science.

[2]  Tim Mather,et al.  Cloud Security and Privacy - An Enterprise Perspective on Risks and Compliance , 2009, Theory in practice.

[3]  Antonio Ruiz Cortés,et al.  On the Identification of Data-Related Compliance Problems in Business Processes , 2010 .

[4]  Frank Leymann,et al.  Compliance scopes: Extending the BPMN 2.0 meta model to specify compliance requirements , 2010, 2010 IEEE International Conference on Service-Oriented Computing and Applications (SOCA).

[5]  D. Murphey,et al.  The World Is Flat: A Brief History of the Twenty-First Century , 2006 .

[6]  Frank Leymann,et al.  Combining horizontal and vertical composition of services , 2010, Service Oriented Computing and Applications.

[7]  Herbert Burkert,et al.  Some Preliminary Comments on the DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. , 1996 .

[8]  Frank Leymann,et al.  Maintaining Compliance in Customizable Process Models , 2009, OTM Conferences.

[9]  Mathias Weske,et al.  Specification, Verification and Explanation of Violation for Data Aware Compliance Rules , 2009, ICSOC/ServiceWave.

[10]  Tim Benson,et al.  Principles of Health Interoperability HL7 and SNOMED , 2009 .

[11]  Peter Dadam,et al.  On Enabling Data-Aware Compliance Checking of Business Process Models , 2010, ER.

[12]  Ray Bert,et al.  Book Review: \IThe World Is Flat: A Brief History of the Twenty-First Century\N by Thomas L. Friedman. New York: Farrar, Straus and Giroux, 2005 , 2006 .

[13]  Frank Leymann,et al.  Faster and More Focused Control-Flow Analysis for Business Process Models Through SESE Decomposition , 2007, ICSOC.

[14]  Benjamin C. M. Fung,et al.  Privacy-Aware Health Information Sharing , 2010 .

[15]  Bobby Woolf,et al.  Enterprise Integration Patterns , 2003 .

[16]  Rania Y. Khalaf,et al.  Supporting business process fragmentation while maintaining operational semantics: a BPEL perspective , 2008 .

[17]  Claude Berge,et al.  Hypergraphs - combinatorics of finite sets , 1989, North-Holland mathematical library.

[18]  Frank Leymann,et al.  Compliant Business Process Design Using Refinement Layers , 2010, OTM Conferences.