Compliance Management in Business Processes

Business Process Compliance refers to the act of conformance of a business process with policies, regulations and rules that govern the organization. An imperative requirement of business processes in various fields such as Health care, Insurance, Finance and Online Trade is adherence to a large number of compliance requirements, constraints and quality policies from various sources. Lack of compliance may result in huge compensations and loss of customers and reputation. Compliance issues can be handled either retrospectively i.e. after non-complaint situations are observed or they can be handled proactively i.e. anticipation of possibilities leading to non-compliant circumstances during process execution which may prevent occurrence of deviations and thus save upon compensation effects. Hence compliance management tasks need to be incorporated into each phase of the life-cycle of a business process. In this article we discuss contemporary activities related to lifecycle of compliance management in business processes which involve compliance elicitation, compliance formalization, compliance implementation, compliance verification and compliance improvement based on existing literature. Compliance Monitoring Functionalities (CMFs) which may be used to categorize and also assess existing compliance management approaches and frameworks are also discussed.

[1]  H. William Dettmer,et al.  Goldratt's Theory of Constraints: A Systems Approach to Continuous Improvement , 1997 .

[2]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[3]  George S. Avrunin,et al.  Property specification patterns for finite-state verification , 1998, FMSP '98.

[4]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[5]  Gerhard Steinke,et al.  Business rules as the basis of an organization's information systems , 2003, Ind. Manag. Data Syst..

[6]  Gerd Wagner Rule Modeling and Markup , 2005, Reasoning Web.

[7]  Peter G. Hinman,et al.  Fundamentals of Mathematical Logic , 2018 .

[8]  A. Mark Doggett,et al.  Root Cause Analysis: A Framework for Tool Selection , 2005 .

[9]  Xin Zhou,et al.  Regulations Expressed As Logical Models (REALM) , 2005, JURIX.

[10]  Boudewijn F. van Dongen,et al.  Process Mining and Verification of Properties: An Approach Based on Temporal Logic , 2005, OTM Conferences.

[11]  Guido Governatori,et al.  Representing business contracts in RuleML , 2005, Int. J. Cooperative Inf. Syst..

[12]  Jan Vanthienen,et al.  Designing Compliant Business Processes with Obligations and Permissions , 2006, Business Process Management Workshops.

[13]  Shazia Wasim Sadiq,et al.  Compliance checking between business processes and business contracts , 2006, 2006 10th IEEE International Enterprise Distributed Object Computing Conference (EDOC'06).

[14]  Marlon Dumas,et al.  Translating Standard Process Models to BPEL , 2006, CAiSE.

[15]  Wil M. P. van der Aalst,et al.  DecSerFlow: Towards a Truly Declarative Service Flow Language , 2006, WS-FM.

[16]  Marco Pistore,et al.  Run-Time Monitoring of Instances and Classes of Web Service Compositions , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[17]  Rik Eshuis,et al.  Symbolic model checking of UML activity diagrams , 2006, TSEM.

[18]  George Spanoudakis,et al.  Non-Intrusive Monitoring of Service-Based Systems , 2006, Int. J. Cooperative Inf. Syst..

[19]  Yangwei Wang,et al.  Metrics for End-to-End Monitoring and Management of Enterprise Systems , 2007, MILCOM 2007 - IEEE Military Communications Conference.

[20]  Guido Governatori,et al.  Characterising Deadlines in Temporal Modal Defeasible Logic , 2007, Australian Conference on Artificial Intelligence.

[21]  Paola Mello,et al.  Testing Careflow Process Execution Conformance by Translating a Graphical Language to Computational Logic , 2007, AIME.

[22]  Marta Indulska,et al.  Business Process and Business Rule Modeling Languages for Compliance Management: A Representational Analysis , 2007, ER.

[23]  Evelina Lamma,et al.  Expressing and Verifying Business Contracts with Abductive Logic Programming , 2008, Normative Multi-agent Systems.

[24]  Arash Shahin,et al.  Prioritization of key performance indicators: An integration of analytical hierarchy process and goal setting , 2007 .

[25]  Jun Wei,et al.  AOP Based Trustable SLA Compliance Monitoring for Web Services , 2007 .

[26]  Ian Graham,et al.  Business Rules Management and Service Oriented Architecture: A Pattern Language , 2007 .

[27]  Sebastian Abeck,et al.  Definition of Metric Dependencies for Monitoring the Impact of Quality of Services on Quality of Processes , 2007, 2007 2nd IEEE/IFIP International Workshop on Business-Driven IT Management.

[28]  Ahmed Awad,et al.  BPMN-Q: A Language to Query Business Processes , 2007, EMISA.

[29]  Shazia Wasim Sadiq,et al.  Modeling Control Objectives for Business Process Compliance , 2007, BPM.

[30]  Aditya K. Ghose,et al.  Auditing Business Process Compliance , 2007, ICSOC.

[31]  John Mullins,et al.  A Calculus for Generation, Verification and Refinement of BPEL Specifications , 2008, Electron. Notes Theor. Comput. Sci..

[32]  Wil M. P. van der Aalst,et al.  Conformance checking of processes based on monitoring real behavior , 2008, Inf. Syst..

[33]  G. Lewis,et al.  Service Level Agreements in Service-Oriented Architecture Environments , 2008 .

[34]  Lutz Lowis,et al.  A Classification Model for Automating Compliance , 2008, 2008 10th IEEE Conference on E-Commerce Technology and the Fifth IEEE Conference on Enterprise Computing, E-Commerce and E-Services.

[35]  Remco M. Dijkman,et al.  Semantics and analysis of business process models in BPMN , 2008, Inf. Softw. Technol..

[36]  J. Frankland Metrics: IT security metrics: implementation and standards compliance , 2008 .

[37]  Mathias Weske,et al.  Efficient Compliance Checking Using BPMN-Q and Temporal Logic , 2008, BPM.

[38]  Haruhiko Kaiya,et al.  Supporting the Elicitation of Requirements Compliant with Regulations , 2008, CAiSE.

[39]  Schahram Dustdar,et al.  Non-intrusive monitoring and service adaptation for WS-BPEL , 2008, WWW.

[40]  Paolo Falcarin,et al.  Synthesizing Service Composition Models on the Basis of Temporal Business Rules , 2008, Journal of Computer Science and Technology.

[41]  Guido Governatori,et al.  Approximate Compliance Checking for Annotated Process Models , 2008 .

[42]  Mathias Weske,et al.  Resolution of Compliance Violation in Business Process Models: A Planning-Based Approach , 2009, OTM Conferences.

[43]  Schahram Dustdar,et al.  Monitoring web service event trails for business compliance , 2009, 2009 IEEE International Conference on Service-Oriented Computing and Applications (SOCA).

[44]  Mathias Weske,et al.  Specification, Verification and Explanation of Violation for Data Aware Compliance Rules , 2009, ICSOC/ServiceWave.

[45]  Jeff Davis Open Source SOA , 2009 .

[46]  Mathias Weske,et al.  Visualization of Compliance Violation in Business Process Models , 2009, Business Process Management Workshops.

[47]  Roger Villemaire,et al.  Specifying and Validating Data-Aware Temporal Web Service Properties , 2009, IEEE Transactions on Software Engineering.

[48]  Guido Governatori,et al.  The Journey to Business Process Compliance , 2009, Handbook of Research on Business Process Modeling.

[49]  John Domingue,et al.  Ontology-based metrics computation for business process analysis , 2009, SBPM '09.

[50]  Slim Kallel,et al.  Specifying and Monitoring Temporal Properties in Web Services Compositions , 2009, 2009 Seventh IEEE European Conference on Web Services.

[51]  Antonio Ruiz Cortés,et al.  On the Identification of Data-Related Compliance Problems in Business Processes , 2010 .

[52]  Frank Leymann,et al.  Business Process Compliance through Reusable Units of Compliant Processes , 2010, ICWE Workshops.

[53]  Mike P. Papazoglou,et al.  Root-Cause Analysis of Design-Time Compliance Violations on the Basis of Property Patterns , 2010, ICSOC.

[54]  Viara Popova,et al.  Modeling organizational performance indicators , 2010, Inf. Syst..

[55]  Norris Syed Abdullah,et al.  Information Systems Research: Aligning to Industry Challenges in Management of Regulatory Compliance , 2010, PACIS.

[56]  Mike P. Papazoglou,et al.  On the Formal Specification of Regulatory Compliance: A Comparative Analysis , 2010, ICSOC Workshops.

[57]  Peter Dadam,et al.  On Enabling Data-Aware Compliance Checking of Business Process Models , 2010, ER.

[58]  Antonio Ruiz Cortés,et al.  Hints on How to Face Business Process Compliance , 2010 .

[59]  Szabolcs Rozsnyai,et al.  Proactive Business Process Compliance Monitoring with Event-Based Systems , 2011, 2011 IEEE 15th International Enterprise Distributed Object Computing Conference Workshops.

[60]  Gregor Engels,et al.  Pattern-Based Modeling and Formalizing of Business Process Quality Constraints , 2011, CAiSE.

[61]  Frank Leymann,et al.  Compliance Domains: A Means to Model Data-Restrictions in Cloud Environments , 2011, 2011 IEEE 15th International Enterprise Distributed Object Computing Conference.

[62]  Claude Godart,et al.  An Event-Based Reasoning Approach to Web Services Monitoring , 2011, 2011 IEEE International Conference on Web Services.

[63]  Giuseppe Contissa,et al.  Modelling temporal legal rules , 2011, ICAIL.

[64]  Dirk Fahland,et al.  Separating Compliance Management and Business Process Management , 2011, Business Process Management Workshops.

[65]  Olaf Zimmermann,et al.  Compliance by design - Bridging the chasm between auditors and IT architects , 2011, Comput. Secur..

[66]  Peter Dadam,et al.  Monitoring Business Process Compliance Using Compliance Rule Graphs , 2011, OTM Conferences.

[67]  Manuel Resinas,et al.  Defining and Analysing Resource Assignments in Business Processes with RAL , 2011, ICSOC.

[68]  Jana Koehler The Process-Rule Continuum - Can BPMN & SBVR Cope with the Challenge? , 2011, 2011 IEEE 13th Conference on Commerce and Enterprise Computing.

[69]  Akhil Kumar,et al.  Conceptual model for online auditing , 2011, Decis. Support Syst..

[70]  Luciano Baresi,et al.  Self-Supervising BPEL Processes , 2011, IEEE Transactions on Software Engineering.

[71]  J. Leon Zhao,et al.  Constraint-centric workflow change analytics , 2011, Decis. Support Syst..

[72]  Mathias Weske,et al.  Event-Based Monitoring of Process Execution Violations , 2011, BPM.

[73]  Ahmed Awad,et al.  An Iterative Approach for Business Process Template Synthesis from Compliance Rules , 2011, CAiSE.

[74]  Mike P. Papazoglou,et al.  Capturing Compliance Requirements: A Pattern-Based Approach , 2012, IEEE Software.

[75]  Moe Thandar Wynn,et al.  Business Process Data Compliance , 2012, RuleML.

[76]  Schahram Dustdar,et al.  Application-level performance monitoring of cloud services based on the complex event processing paradigm , 2012, 2012 Fifth IEEE International Conference on Service-Oriented Computing and Applications (SOCA).

[77]  Marco Montali,et al.  An Operational Decision Support Framework for Monitoring Business Constraints , 2012, FASE.

[78]  Willem-Jan van den Heuvel,et al.  Using Patterns for the Analysis and Resolution of Compliance Violations , 2012, Int. J. Cooperative Inf. Syst..

[79]  Dirk Fahland,et al.  Where Did I Misbehave? Diagnostic Information in Compliance Checking , 2012, BPM.

[80]  Andrea Zisman,et al.  Proactive adaptation of service composition , 2012, 2012 7th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS).

[81]  Jörg Becker,et al.  Generalizability and Applicability of Model-Based Business Process Compliance-Checking Approaches — A State-of-the-Art Analysis and Research Roadmap , 2012 .

[82]  Fabio Casati,et al.  Aiding Compliance Governance in Service-Based Business Processes , 2012 .

[83]  Peter Dadam,et al.  On enabling integrated process compliance with semantic constraints in process management systems , 2012, Inf. Syst. Frontiers.

[84]  Guido Governatori,et al.  Rule Based Business Process Compliance , 2012, RuleML.

[85]  Marco Montali,et al.  A Framework for the Systematic Comparison and Evaluation of Compliance Monitoring Approaches , 2013, 2013 17th IEEE International Enterprise Distributed Object Computing Conference.

[86]  Marta Rukoz,et al.  Reliable Composite Web Services Execution: Towards a Dynamic Recovery Decision , 2014, CLEI Selected Papers.

[87]  Fabio Casati,et al.  SOA-enabled compliance management: instrumenting, assessing, and analyzing service-based business processes , 2013, Service Oriented Computing and Applications.

[88]  Jun Shen,et al.  Incremental service level agreements violation handling with time impact analysis , 2013, J. Syst. Softw..

[89]  David Llewellyn-Jones,et al.  Event Driven Monitoring of Composite Services , 2013, 2013 International Conference on Social Computing.

[90]  Dong Qiu,et al.  Monitoring Web Services for Conformance , 2013, 2013 IEEE Seventh International Symposium on Service-Oriented System Engineering.

[91]  Guido Boella,et al.  Managing legal interpretation in regulatory compliance , 2013, ICAIL.

[92]  J Joyce Nakatumba,et al.  Resource-aware business process management : analysis and support , 2013 .

[93]  Hareton K. N. Leung,et al.  WS-PSC Monitor: A tool chain for monitoring BPEL-based web service composition with scenario-based specifications. , 2014 .

[94]  Dirk Fahland,et al.  Diagnostic Information for Compliance Checking of Temporal Compliance Requirements , 2013, CAiSE.

[95]  Moe Thandar Wynn,et al.  Modeling Obligations with Event-Calculus , 2014, RuleML.

[96]  Michael Fellmann,et al.  State-of-the-art of Business Process Compliance Approaches: A Survey (Extended Abstract) , 2014, EMISA.

[97]  Mohamed Jmaiel,et al.  CEP4Cloud: Complex Event Processing for Self-Healing Clouds , 2014, 2014 IEEE 23rd International WETICE Conference.

[98]  Mike P. Papazoglou,et al.  Formalizing and appling compliance patterns for business process compliance , 2016, Software & Systems Modeling.

[99]  Marco Montali,et al.  Compliance monitoring in business processes: Functionalities, application, and tool-support , 2015, Inf. Syst..

[100]  Guido Governatori,et al.  No Time for Compliance , 2015, 2015 IEEE 19th International Enterprise Distributed Object Computing Conference.

[101]  J. Kruskal,et al.  Metrics for Radiologists in the Era of Value-based Health Care Delivery. , 2015, Radiographics : a review publication of the Radiological Society of North America, Inc.

[102]  Rio D'Souza,et al.  Cross layer property verification with Property Sequence Charts , 2015, 2015 International Conference on Soft-Computing and Networks Security (ICSNS).

[103]  Shazia Wasim Sadiq,et al.  Managing Regulatory Compliance in Business Processes , 2015, Handbook on Business Process Management.

[104]  José Miguel Pérez-Álvarez,et al.  Compliance validation and diagnosis of business data constraints in business processes at runtime , 2015, Inf. Syst..

[105]  Moe Thandar Wynn,et al.  Normative requirements for regulatory compliance: An abstract formal framework , 2015, Information Systems Frontiers.

[106]  Sherif Sakr,et al.  An Anti-Pattern-based Runtime Business Process Compliance Monitoring Framework , 2016 .

[107]  Rio D'Souza,et al.  Metrics for Monitoring a Hierarchical Service-Based System , 2016 .

[108]  Isabel M. Ramos,et al.  A survey on business processes management suites , 2017, Comput. Stand. Interfaces.

[109]  Akhil Kumar,et al.  Controlled violation of temporal process constraints - Models, algorithms and results , 2017, Inf. Syst..

[110]  E Elham Ramezani,et al.  Understanding non-compliance , 2017 .

[111]  Bernd Freisleben,et al.  CEP4HFP: Complex Event Processing for Heart Failure Prediction , 2017, IEEE Transactions on NanoBioscience.

[112]  Moe Thandar Wynn,et al.  Are we done with business process compliance: state of the art and challenges ahead , 2018, Knowledge and Information Systems.