Formalizing and applying compliance patterns for business process compliance

A.F.S.A. Elgammal, O. Türetken, W.J.A.M. van den Heuvel, M. Papazoglou

Research output: Contribution to journalArticleScientificpeer-review

76 Citations (Scopus)

Abstract

Today’s enterprises demand a high degree of compliance of business processes to meet diverse regulations and legislations. Several industrial studies have shown that compliance management is a daunting task, and organizations are still struggling and spending billions of dollars annually to ensure and prove their compliance. In this paper, we introduce a comprehensive compliance management framework with a main focus on design-time compliance management as a first step towards a preventive lifetime compliance support. The framework enables the automation of compliance-related activities that are amenable to automation, and therefore can significantly reduce the expenditures spent on compliance. It can help experts to carry out their work more efficiently, cut the time spent on tedious manual activities, and reduce potential human errors. An evident candidate compliance activity for automation is the compliance checking, which can be achieved by utilizing formal reasoning and verification techniques. However, formal languages are well known of their complexity as only versed users in mathematical theories and formal logics are able to use and understand them. However, this is generally not the case with business and compliance practitioners. Therefore, in the heart of the compliance management framework, we introduce the Compliance Request Language (CRL), which is formally grounded on temporal logic and enables the abstract pattern-based specification of compliance requirements. CRL constitutes a series of compliance patterns that spans three structural facets of business processes; control flow, employed resources and temporal perspectives. Furthermore, CRL supports the specification of compensations and non-monotonic requirements, which permit the relaxation of some compliance requirements to handle exceptional situations. An integrated tool suite has been developed as an instantiation artefact, and the validation of the approach is undertaken in several directions, which includes internal validity, controlled experiments, and functional testing.
Original languageEnglish
Pages (from-to)119-146
JournalSoftware & Systems Modeling
Volume15
Issue number1
Early online date8 Feb 2014
DOIs
Publication statusPublished - Feb 2016

Keywords

  • business process compliance
  • compliance patterns
  • formal specification
  • regulatory compliance
  • compliance management tool support
  • design-time compliance management

Fingerprint

Dive into the research topics of 'Formalizing and applying compliance patterns for business process compliance'. Together they form a unique fingerprint.

Cite this