A conceptually rich model of business process compliance

In this paper we extend the preliminary work developed elsewhere and investigate how to characterise many aspects of the compliance problem in business process modeling. We first define a formal and conceptually rich language able to represent, and reason about, chains of reparational obligations of various types. Second, we devise a mechanism for normalising a system of legal norms. Third, we specify a suitable language for business process modeling able to automate and optimise business procedures and to embed normative constraints. Fourth, we develop an algorithm for compliance checking and discuss some computational issues regarding the possibility of checking compliance runtime or of enforcing it at design time.

[1]  Shazia Wasim Sadiq,et al.  Using a temporal constraint network for business process execution , 2006, ADC.

[2]  Harald C. Gall,et al.  Generation of Business Process Models for Object Life Cycle Compliance , 2007, BPM.

[3]  M. Rosemann,et al.  Integrating Risks in Business Process Models , 2005 .

[4]  Marek J. Sergot,et al.  Using the event calculus for tracking the normative state of contracts , 2005, Int. J. Cooperative Inf. Syst..

[5]  Ying Liu,et al.  A static compliance-checking framework for business process models , 2007, IBM Syst. J..

[6]  Frank Leymann,et al.  Taming Compliance with Sarbanes-Oxley Internal Controls Using Database Technology , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[7]  Guido Governatori,et al.  Representing business contracts in RuleML , 2005, Int. J. Cooperative Inf. Syst..

[8]  Michael J. Maher,et al.  Representation results for defeasible logic , 2000, TOCL.

[9]  Jan Vanthienen,et al.  Designing Compliant Business Processes with Obligations and Permissions , 2006, Business Process Management Workshops.

[10]  Andrew J. I. Jones,et al.  Deontic Logic and Contrary-to-Duties , 2002 .

[11]  Guido Governatori,et al.  Temporalised normative positions in defeasible logic , 2005, ICAIL '05.

[12]  Munindar P. Singh,et al.  Checking correctness of business contracts via commitments , 2008, AAMAS.

[13]  Guido Governatori,et al.  Changing Legal Systems: Abrogation and Annulment. Part II: Temporalised Defeasible Logic , 2008, NORMAS.

[14]  Shazia Wasim Sadiq,et al.  Modeling Control Objectives for Business Process Compliance , 2007, BPM.

[15]  Frank Leymann,et al.  Faster and More Focused Control-Flow Analysis for Business Process Models Through SESE Decomposition , 2007, ICSOC.

[16]  Birgit Pfitzmann,et al.  From Regulatory Policies to Event Monitoring Rules: Towards Model-Driven Compliance Automation , 2006 .

[17]  Guido Governatori,et al.  A methodological framework for aligning business processes and regulatory compliance , 2010 .

[18]  Guido Governatori,et al.  Compliance aware business process design , 2008 .

[19]  Shazia Wasim Sadiq,et al.  Detecting Regulatory Compliance for Business Process Models through Semantic Annotations , 2008, Business Process Management Workshops.

[20]  Guido Governatori,et al.  Characterising Deadlines in Temporal Modal Defeasible Logic , 2007, Australian Conference on Artificial Intelligence.

[21]  Aditya K. Ghose,et al.  Auditing Business Process Compliance , 2007, ICSOC.

[22]  Guido Governatori,et al.  An Algorithm for Business Process Compliance , 2008, JURIX.

[23]  Guido Governatori,et al.  Logic of Violations: A gentzen systems for reasoning with contrary-to-duty obligations , 2006 .

[24]  Guido Governatori,et al.  The Journey to Business Process Compliance , 2009, Handbook of Research on Business Process Modeling.