Formalizing and applying compliance patterns for business process compliance

A.F.S.A. Elgammal, O. Türetken, W.J.A.M. van den Heuvel, M. Papazoglou

Research output: Contribution to journalArticleScientificpeer-review

Abstract

Today’s enterprises demand a high degree of compliance of business processes to meet diverse regulations and legislations. Several industrial studies have shown that compliance management is a daunting task, and organizations are still struggling and spending billions of dollars annually to ensure and prove their compliance. In this paper, we introduce a comprehensive compliance management framework with a main focus on design-time compliance management as a first step towards a preventive lifetime compliance support. The framework enables the automation of compliance-related activities that are amenable to automation, and therefore can significantly reduce the expenditures spent on compliance. It can help experts to carry out their work more efficiently, cut the time spent on tedious manual activities, and reduce potential human errors. An evident candidate compliance activity for automation is the compliance checking, which can be achieved by utilizing formal reasoning and verification techniques. However, formal languages are well known of their complexity as only versed users in mathematical theories and formal logics are able to use and understand them. However, this is generally not the case with business and compliance practitioners. Therefore, in the heart of the compliance management framework, we introduce the Compliance Request Language (CRL), which is formally grounded on temporal logic and enables the abstract pattern-based specification of compliance requirements. CRL constitutes a series of compliance patterns that spans three structural facets of business processes; control flow, employed resources and temporal perspectives. Furthermore, CRL supports the specification of compensations and non-monotonic requirements, which permit the relaxation of some compliance requirements to handle exceptional situations. An integrated tool suite has been developed as an instantiation artefact, and the validation of the approach is undertaken in several directions, which includes internal validity, controlled experiments, and functional testing.
Original languageEnglish
Pages (from-to)119-146
JournalSoftware & Systems Modeling
Volume15
Issue number1
Early online date8 Feb 2014
DOIs
Publication statusPublished - Feb 2016

Fingerprint

Business Process
Compliance
Industry
Automation
Requirements
Formal logic
Specification
Specifications
Human Error
Formal languages
Temporal logic
Formal Languages
Temporal Logic
Flow Control
Flow control
Facet

Keywords

  • business process compliance
  • compliance patterns
  • formal specification
  • regulatory compliance
  • compliance management tool support
  • design-time compliance management

Cite this

@article{f1d9f1dba00641b7a52f48f1c18f4796,
title = "Formalizing and applying compliance patterns for business process compliance",
abstract = "Today’s enterprises demand a high degree of compliance of business processes to meet diverse regulations and legislations. Several industrial studies have shown that compliance management is a daunting task, and organizations are still struggling and spending billions of dollars annually to ensure and prove their compliance. In this paper, we introduce a comprehensive compliance management framework with a main focus on design-time compliance management as a first step towards a preventive lifetime compliance support. The framework enables the automation of compliance-related activities that are amenable to automation, and therefore can significantly reduce the expenditures spent on compliance. It can help experts to carry out their work more efficiently, cut the time spent on tedious manual activities, and reduce potential human errors. An evident candidate compliance activity for automation is the compliance checking, which can be achieved by utilizing formal reasoning and verification techniques. However, formal languages are well known of their complexity as only versed users in mathematical theories and formal logics are able to use and understand them. However, this is generally not the case with business and compliance practitioners. Therefore, in the heart of the compliance management framework, we introduce the Compliance Request Language (CRL), which is formally grounded on temporal logic and enables the abstract pattern-based specification of compliance requirements. CRL constitutes a series of compliance patterns that spans three structural facets of business processes; control flow, employed resources and temporal perspectives. Furthermore, CRL supports the specification of compensations and non-monotonic requirements, which permit the relaxation of some compliance requirements to handle exceptional situations. An integrated tool suite has been developed as an instantiation artefact, and the validation of the approach is undertaken in several directions, which includes internal validity, controlled experiments, and functional testing.",
keywords = "business process compliance, compliance patterns, formal specification, regulatory compliance, compliance management tool support, design-time compliance management",
author = "A.F.S.A. Elgammal and O. T{\"u}retken and {van den Heuvel}, W.J.A.M. and M. Papazoglou",
year = "2016",
month = "2",
doi = "10.1007/s10270-014-0395-3",
language = "English",
volume = "15",
pages = "119--146",
journal = "Software & Systems Modeling",
issn = "1619-1366",
publisher = "Springer Verlag",
number = "1",

}

Formalizing and applying compliance patterns for business process compliance. / Elgammal, A.F.S.A.; Türetken, O.; van den Heuvel, W.J.A.M.; Papazoglou, M.

In: Software & Systems Modeling, Vol. 15, No. 1, 02.2016, p. 119-146.

Research output: Contribution to journalArticleScientificpeer-review

TY - JOUR

T1 - Formalizing and applying compliance patterns for business process compliance

AU - Elgammal, A.F.S.A.

AU - Türetken, O.

AU - van den Heuvel, W.J.A.M.

AU - Papazoglou, M.

PY - 2016/2

Y1 - 2016/2

N2 - Today’s enterprises demand a high degree of compliance of business processes to meet diverse regulations and legislations. Several industrial studies have shown that compliance management is a daunting task, and organizations are still struggling and spending billions of dollars annually to ensure and prove their compliance. In this paper, we introduce a comprehensive compliance management framework with a main focus on design-time compliance management as a first step towards a preventive lifetime compliance support. The framework enables the automation of compliance-related activities that are amenable to automation, and therefore can significantly reduce the expenditures spent on compliance. It can help experts to carry out their work more efficiently, cut the time spent on tedious manual activities, and reduce potential human errors. An evident candidate compliance activity for automation is the compliance checking, which can be achieved by utilizing formal reasoning and verification techniques. However, formal languages are well known of their complexity as only versed users in mathematical theories and formal logics are able to use and understand them. However, this is generally not the case with business and compliance practitioners. Therefore, in the heart of the compliance management framework, we introduce the Compliance Request Language (CRL), which is formally grounded on temporal logic and enables the abstract pattern-based specification of compliance requirements. CRL constitutes a series of compliance patterns that spans three structural facets of business processes; control flow, employed resources and temporal perspectives. Furthermore, CRL supports the specification of compensations and non-monotonic requirements, which permit the relaxation of some compliance requirements to handle exceptional situations. An integrated tool suite has been developed as an instantiation artefact, and the validation of the approach is undertaken in several directions, which includes internal validity, controlled experiments, and functional testing.

AB - Today’s enterprises demand a high degree of compliance of business processes to meet diverse regulations and legislations. Several industrial studies have shown that compliance management is a daunting task, and organizations are still struggling and spending billions of dollars annually to ensure and prove their compliance. In this paper, we introduce a comprehensive compliance management framework with a main focus on design-time compliance management as a first step towards a preventive lifetime compliance support. The framework enables the automation of compliance-related activities that are amenable to automation, and therefore can significantly reduce the expenditures spent on compliance. It can help experts to carry out their work more efficiently, cut the time spent on tedious manual activities, and reduce potential human errors. An evident candidate compliance activity for automation is the compliance checking, which can be achieved by utilizing formal reasoning and verification techniques. However, formal languages are well known of their complexity as only versed users in mathematical theories and formal logics are able to use and understand them. However, this is generally not the case with business and compliance practitioners. Therefore, in the heart of the compliance management framework, we introduce the Compliance Request Language (CRL), which is formally grounded on temporal logic and enables the abstract pattern-based specification of compliance requirements. CRL constitutes a series of compliance patterns that spans three structural facets of business processes; control flow, employed resources and temporal perspectives. Furthermore, CRL supports the specification of compensations and non-monotonic requirements, which permit the relaxation of some compliance requirements to handle exceptional situations. An integrated tool suite has been developed as an instantiation artefact, and the validation of the approach is undertaken in several directions, which includes internal validity, controlled experiments, and functional testing.

KW - business process compliance

KW - compliance patterns

KW - formal specification

KW - regulatory compliance

KW - compliance management tool support

KW - design-time compliance management

U2 - 10.1007/s10270-014-0395-3

DO - 10.1007/s10270-014-0395-3

M3 - Article

VL - 15

SP - 119

EP - 146

JO - Software & Systems Modeling

JF - Software & Systems Modeling

SN - 1619-1366

IS - 1

ER -