A visual language for modeling multiple perspectives of business process compliance rules

A fundamental challenge for enterprises is to ensure compliance of their business processes with imposed compliance rules stemming from various sources, e.g., corporate guidelines, best practices, standards, and laws. In general, a compliance rule may refer to multiple process perspectives including control flow, time, data, resources, and interactions with business partners. On one hand, compliance rules should be comprehensible for domain experts who must define, verify, and apply them. On the other, these rules should have a precise semantics to avoid ambiguities and enable their automated processing. Providing a visual language is advantageous in this context as it allows hiding formal details and offering an intuitive way of modeling the compliance rules. However, existing visual languages for compliance rule modeling have focused on the control flow perspective so far, but lack proper support for the other process perspectives. To remedy this drawback, this paper introduces the extended Compliance Rule Graph language, which enables the visual modeling of compliance rules with the support of multiple perspectives. Overall, this language will foster the modeling and verification of compliance rules in practice.

[1]  Fabrizio Maria Maggi,et al.  Predictive Monitoring of Business Processes , 2013, CAiSE.

[2]  Benjamin N. Grosof,et al.  An Approach to Using XML and a Rule-Based Content Language with an Agent Communication Language , 2000, Issues in Agent Communication.

[3]  Shazia Wasim Sadiq,et al.  Compliance checking between business processes and business contracts , 2006, 2006 10th IEEE International Enterprise Distributed Object Computing Conference (EDOC'06).

[4]  Birgit Pfitzmann,et al.  From Regulatory Policies to Event Monitoring Rules: Towards Model-Driven Compliance Automation , 2006 .

[5]  Manfred Reichert,et al.  Investigating expressiveness and understandability of hierarchy in declarative business process models , 2015, Software & Systems Modeling.

[6]  Rüdiger Pryss,et al.  Ensuring compliance of distributed and collaborative workflows , 2013, 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing.

[7]  Richard Hull,et al.  Artifact-Centric Business Process Models: Brief Survey of Research Results and Challenges , 2008, OTM Conferences.

[8]  Marco Montali,et al.  A Framework for the Systematic Comparison and Evaluation of Compliance Monitoring Approaches , 2013, 2013 17th IEEE International Enterprise Distributed Object Computing Conference.

[9]  Peter Dadam,et al.  Design and Verification of Instantiable Compliance Rule Graphs in Process-Aware Information Systems , 2010, CAiSE.

[10]  Michael Fellmann,et al.  A Pattern-Based Approach to Transform Natural Text From Laws Into Compliance Controls in the Food Industry , 2015, LWA.

[11]  Manfred Reichert,et al.  Time patterns for process-aware information systems , 2014, Requirements Engineering.

[12]  Manfred Reichert,et al.  Ensuring business process compliance along the process life cycle , 2012 .

[13]  Mathias Weske,et al.  Interaction-centric modeling of process choreographies , 2011, Inf. Syst..

[14]  Cristina Cabanillas Macías,et al.  Summary of "Defining and Analysing Resource Assignments in Business Processes with RAL" , 2012 .

[15]  Stefanie Rinderle-Ma,et al.  On the Formal Semantics of the Extended Compliance Rule Graph , 2013 .

[16]  Manfred Reichert,et al.  Data-aware interaction in distributed and collaborative workflows: Modeling, semantics, correctness , 2012, 8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom).

[17]  Miklos A. Vasarhelyi,et al.  Putting Continuous Auditing Theory into Practice: Lessons from Two Pilot Implementations , 2008, J. Inf. Syst..

[18]  Franziska Semmelrodt,et al.  Modellierung klinischer Prozesse und Compliance Regeln mittels BPMN 2.0 und eCRG , 2013 .

[19]  Akhil Kumar,et al.  Flexible Process Compliance with Semantic Constraints Using Mixed-Integer Programming , 2013, INFORMS J. Comput..

[20]  Mathias Weske,et al.  Efficient Compliance Checking Using BPMN-Q and Temporal Logic , 2008, BPM.

[21]  Jörg Becker,et al.  Generalizability and Applicability of Model-Based Business Process Compliance-Checking Approaches — A State-of-the-Art Analysis and Research Roadmap , 2012 .

[22]  Wil M. P. van der Aalst,et al.  Verification of Workflow Nets , 1997, ICATPN.

[23]  Vinay Kulkarni,et al.  Toward Better Mapping between Regulations and Operations of Enterprises Using Vocabularies and Semantic Similarity , 2015, Complex Syst. Informatics Model. Q..

[24]  Claes Wohlin,et al.  Using Students as Subjects—A Comparative Study of Students and Professionals in Lead-Time Impact Assessment , 2000, Empirical Software Engineering.

[25]  Manfred Reichert,et al.  Adeptflex—Supporting Dynamic Changes of Workflows Without Losing Control , 1998, Journal of Intelligent Information Systems.

[26]  Stefanie Rinderle-Ma,et al.  On Enabling Compliance of Cross-Organizational Business Processes , 2013, BPM.

[27]  Mark Strembeck,et al.  Conformance Checking of RBAC Policies in Process-Aware Information Systems , 2011, Business Process Management Workshops.

[28]  Wil M. P. van der Aalst,et al.  DECLARE: Full Support for Loosely-Structured Processes , 2007, 11th IEEE International Enterprise Distributed Object Computing Conference (EDOC 2007).

[29]  Stefan Zugal,et al.  Investigating Differences between Graphical and Textual Declarative Process Models , 2014, CAiSE Workshops.

[30]  Ying Liu,et al.  A static compliance-checking framework for business process models , 2007, IBM Syst. J..

[31]  J. Ratcliffe The Effect on the T Distribution of Non‐Normality in the Sampled Population , 1968 .

[32]  Mike P. Papazoglou,et al.  Capturing Compliance Requirements: A Pattern-Based Approach , 2012, IEEE Software.

[33]  Andreas Meyer,et al.  Modeling and Enacting Complex Data Dependencies in Business Processes , 2013, BPM.

[34]  Mathias Weske,et al.  Specification, Verification and Explanation of Violation for Data Aware Compliance Rules , 2009, ICSOC/ServiceWave.

[35]  Paola Mello,et al.  Towards data-aware constraints in declare , 2013, SAC '13.

[36]  Manfred Reichert,et al.  Enabling Flexibility in Process-Aware Information Systems , 2012, Springer Berlin Heidelberg.

[37]  Peter Dadam,et al.  On Enabling Data-Aware Compliance Checking of Business Process Models , 2010, ER.

[38]  Akhil Kumar,et al.  Visual Modeling of Business Process Compliance Rules with the Support of Multiple Perspectives , 2013, ER.

[39]  Antonio Ruiz Cortés,et al.  Hints on How to Face Business Process Compliance , 2010 .

[40]  ReichertManfred,et al.  Adept _flex Supporting Dynamic Changes of Workflows Without Losing Control , 1998 .

[41]  Michael Fellmann,et al.  State-of-the-art of Business Process Compliance Approaches: A Survey (Extended Abstract) , 2014, EMISA.

[42]  Manfred Reichert,et al.  RALph: A Graphical Notation for Resource Assignments in Business Processes , 2015, CAiSE.

[43]  Marlon Dumas,et al.  Service Interaction Patterns , 2005, Business Process Management.

[44]  Peter Dadam,et al.  Monitoring Business Process Compliance Using Compliance Rule Graphs , 2011, OTM Conferences.

[45]  Manfred Reichert,et al.  Business Process Compliance , 2012 .

[46]  Graham J Hole,et al.  How to Design and Report Experiments , 2002 .

[47]  Sebastian Höhn,et al.  Model-based reasoning on the achievement of business goals , 2009, SAC '09.

[48]  Daniel L. Moody,et al.  The “Physics” of Notations: Toward a Scientific Basis for Constructing Visual Notations in Software Engineering , 2009, IEEE Transactions on Software Engineering.

[49]  Peter Dadam,et al.  Integration and verification of semantic constraints in adaptive process management systems , 2008, Data Knowl. Eng..

[50]  Patrick Delfmann,et al.  The generic model query language GMQL - Conceptual specification, implementation, and runtime evaluation , 2015, Inf. Syst..

[51]  Nenad Stojanovic,et al.  Pattern-Based Design and Validation of Business Process Compliance , 2007, OTM Conferences.

[52]  Manfred Reichert,et al.  Enabling Flexibility in Process-Aware Information Systems: Challenges, Methods, Technologies , 2012 .

[53]  Manfred Reichert,et al.  Optimized Time Management for Declarative Workflows , 2012, BMMDS/EMMSAD.

[54]  Evelina Lamma,et al.  Expressing and Verifying Business Contracts with Abductive Logic Programming , 2008, Normative Multi-agent Systems.

[55]  Dirk Fahland,et al.  Separating Compliance Management and Business Process Management , 2011, Business Process Management Workshops.

[56]  Manfred Reichert,et al.  Understanding Declare models: strategies, pitfalls, empirical results , 2016, Software & Systems Modeling.

[57]  Shazia Wasim Sadiq,et al.  Detecting Regulatory Compliance for Business Process Models through Semantic Annotations , 2008, Business Process Management Workshops.

[58]  W. M. P. V. D. Aalsta,et al.  YAWL : yet another workflow language , 2015 .

[59]  Jacob Cohen Statistical Power Analysis for the Behavioral Sciences , 1969, The SAGE Encyclopedia of Research Design.

[60]  Holger Herbst,et al.  Business Rules in Systems Analysis: a Meta-Model and Repository System , 1996, Inf. Syst..

[61]  Raghava Rao Mukkamala,et al.  Nested Dynamic Condition Response Graphs , 2011, FSEN.

[62]  Marco Montali,et al.  Monitoring Business Constraints with Linear Temporal Logic: An Approach Based on Colored Automata , 2011, BPM.

[63]  Manfred Reichert,et al.  Modeling the Resource Perspective of Business Process Compliance Rules with the Extended Compliance Rule Graph , 2014, BMMDS/EMMSAD.

[64]  Manfred Reichert,et al.  Process time patterns: A formal foundation , 2016, Inf. Syst..

[65]  Jan Mendling,et al.  Making sense of business process descriptions: An experimental comparison of graphical and textual notations , 2012, J. Syst. Softw..

[66]  Guido Governatori,et al.  The Journey to Business Process Compliance , 2009, Handbook of Research on Business Process Modeling.

[67]  Stefanie Rinderle-Ma,et al.  Detecting the Effects of Changes on the Compliance of Cross-Organizational Business Processes , 2015, ER.

[68]  Claes Wohlin,et al.  Using students as subjects - an empirical evaluation , 2008, ESEM '08.

[69]  Marta Indulska,et al.  Emerging Challenges in Information Systems Research for Regulatory Compliance Management , 2010, CAiSE.

[70]  Dirk Fahland,et al.  Diagnostic Information for Compliance Checking of Temporal Compliance Requirements , 2013, CAiSE.

[71]  George S. Avrunin,et al.  Property specification patterns for finite-state verification , 1998, FMSP '98.

[72]  Harald C. Gall,et al.  Generation of Business Process Models for Object Life Cycle Compliance , 2007, BPM.

[73]  Johann Eder,et al.  Temporal Conformance of Federated Choreographies , 2008, DEXA.

[74]  Jan Vanthienen,et al.  Designing Compliant Business Processes with Obligations and Permissions , 2006, Business Process Management Workshops.

[75]  Andreas Speck,et al.  Checkable Graphical Business Process Representation , 2010, ADBIS.

[76]  Wil M. P. van der Aalst,et al.  Multiparty Contracts: Agreeing and Implementing Interorganizational Processes , 2010, Comput. J..

[77]  Marwane El Kharbili,et al.  Business Process Compliance Checking: Current State and Future Challenges , 2008, MobIS.

[78]  T. Lumley,et al.  The importance of the normality assumption in large public health data sets. , 2002, Annual review of public health.

[79]  Peter Dadam,et al.  Adaptive process management with ADEPT2 , 2005, 21st International Conference on Data Engineering (ICDE'05).

[80]  Andreas Meyer,et al.  Automating Data Exchange in Process Choreographies , 2014, CAiSE.

[81]  Aditya K. Ghose,et al.  Auditing Business Process Compliance , 2007, ICSOC.

[82]  Boudewijn F. van Dongen,et al.  Process Mining and Verification of Properties: An Approach Based on Temporal Logic , 2005, OTM Conferences.

[83]  Mathias Weske,et al.  Visually specifying compliance rules and explaining their violations for business processes , 2011, J. Vis. Lang. Comput..

[84]  Vinay Kulkarni,et al.  Toward Better Mapping between Regulations and Operational Details of Enterprises Using Vocabularies and Semantic Similarity , 2015, CAiSE Forum.

[85]  William Brace,et al.  CORAMOD: a checklist-oriented model-based requirements analysis approach , 2012, Requirements Engineering.

[86]  Pnina Soffer,et al.  A process mining-based analysis of business process work-arounds , 2014, Software & Systems Modeling.

[87]  Ulrich Frank,et al.  Multi-perspective enterprise modeling: foundational concepts, prospects and future research challenges , 2014, Software & Systems Modeling.

[88]  SofferPnina,et al.  A process mining-based analysis of business process work-arounds , 2016 .

[89]  Stefanie Rinderle-Ma,et al.  Towards Compliance of Cross-Organizational Processes and Their Changes - Research Challenges and State of Research , 2012, Business Process Management Workshops.

[90]  Vera Künzle,et al.  PHILharmonicFlows: towards a framework for object-aware process management , 2011, J. Softw. Maintenance Res. Pract..

[91]  Andrew Berry,et al.  Extending choreography with business contract constraints , 2005, Int. J. Cooperative Inf. Syst..

[92]  Wil M. P. van der Aalst,et al.  Workflow Resource Patterns: Identification, Representation and Tool Support , 2005, CAiSE.

[93]  Dirk Fahland,et al.  Where Did I Misbehave? Diagnostic Information in Compliance Checking , 2012, BPM.

[94]  Paolo Giorgini,et al.  Modeling and Verifying Security Policies in Business Processes , 2014, BMMDS/EMMSAD.

[95]  Yoshinori Sato,et al.  Automated Certification for Compliant Cloud-based Business Processes , 2011, Bus. Inf. Syst. Eng..

[96]  Ligita Businska Multidimensional Business Process Modeling Approach , 2009, ADBIS.