Article

Monitoring business process compliance using compliance rule graphs

Authors:

Stefanie Rinderle-Ma,

David Knuplesch,

Peter DadamAuthors Info & Claims

OTM'11: Proceedings of the 2011th Confederated international conference on On the move to meaningful internet systems - Volume Part I

Pages 82 - 99

Published: 17 October 2011 Publication History

Abstract

Driven by recent trends, effective compliance control has become a crucial success factor for companies nowadays. In this context, compliance monitoring is considered an important building block to support business process compliance. Key to the practical application of a monitoring framework will be its ability to reveal and pinpoint violations of imposed compliance rules that occur during process execution. In this context, we propose a compliance monitoring framework that tackles three major challenges. As a compliance rule can become activated multiple times within a process execution, monitoring only its overall enforcement can be insufficient to assess and deal with compliance violations. Therefore, our approach enables to monitor each activation of a compliance rule individually. In case of violations, we are able to derive the particular root cause, which is helpful to apply specific remedy strategies. Even if a rule activation is not yet violated, the framework can provide assistance in proactively enforcing compliance by deriving measures to render the rule activation satisfied.

References

[1]

Jacobsen, H.A., Muthusamy, V., Li, G.: The PADRES event processing network: Uniform querying of past and future events. IT - Information Technology, 250-261 (2009).

[2]

Ly, L.T., Rinderle-Ma, S., Dadam, P.: Design and Verification of Instantiable Compliance Rule Graphs in Process-Aware Information Systems. In: Pernici, B. (ed.) CAiSE 2010. LNCS, vol. 6051, pp. 9-23. Springer, Heidelberg (2010).

Digital Library

[3]

Dwyer, M.B., Avrunin, G.S., Corbett, J.C.: Patterns in property specifications for finite-state verification. In: Proc. ICSE 1999, pp. 411-420 (1999).

Digital Library

[4]

Montali, M., Maggi, F., Chesani, F., Mello, P., van der Aalst, W.: Monitoring business constraints with the event calculus. Technical report. Universita degli Studi di Bologna (2011).

[5]

Ly, L.T., Knuplesch, D., Rinderle-Ma, S., Göser, K., Pfeifer, H., Reichert, M., Dadam, P.: SeaFlows toolset - compliance verification made easy for process-aware information systems. In: Soffer, P., Proper, E. (eds.) CAiSE Forum 2010. LNBIP, vol. 72, pp. 76-91. Springer, Heidelberg (2011).

[6]

Rinderle, S., Reichert, M., Dadam, P.: Flexible support of team processes by adaptive workflow systems. Distributed and Parallel Databases 16, 91-116 (2004).

Digital Library

[7]

Elgammal, A., Turetken, O., van den Heuvel, W.-J., Papazoglou, M.: On the formal specification of regulatory compliance: A comparative analysis. In: Maximilien, E.M., Rossi, G., Yuan, S.-T., Ludwig, H., Fantinato, M. (eds.) ICSOC 2010. LNCS, vol. 6568, pp. 27-38. Springer, Heidelberg (2011).

Digital Library

[8]

Awad, A., Weske, M.: Visualization of compliance violation in business process models. In: Proc. BPI 2009 (2009).

[9]

Pesic, M., van der Aalst, W.M.P.: A declarative approach for flexible business processes management. In: Eder, J., Dustdar, S. (eds.) BPM Workshops 2006. LNCS, vol. 4103, pp. 169-180. Springer, Heidelberg (2006).

Digital Library

[10]

Maggi, F.M., Montali, M., Westergaard, M., van der Aalst, W.M.P.: Monitoring business constraints with linear temporal logic: An approach based on colored automata. In: Rinderle-Ma, S., Toumani, F., Wolf, K. (eds.) BPM 2011. LNCS, vol. 6896, pp. 132-147. Springer, Heidelberg (2011).

Digital Library

[11]

Alberti, M., Chesani, F., Gavanelli, M., Lamma, E., Mello, P., Montali, M., Torroni, P.: Expressing and verifying business contracts with abductive logic. In: Normative Multi-agent Systems. Number 07122 in Dagstuhl Seminar Proceedings (2007).

[12]

Weidlich, M., Ziekow, H., Mendling, J., Günther, O., Weske, M., Desai, N.: Event-Based Monitoring of Process Execution Violations. In: Rinderle-Ma, S., Toumani, F., Wolf, K. (eds.) BPM 2011. LNCS, vol. 6896, pp. 182-198. Springer, Heidelberg (2011).

Digital Library

[13]

Giblin, C., Müller, S., Pfitzmann, B.: From regulatory policies to event monitoring rules: Towards model-driven compliance automation. Technical Report Research Report RZ-3662. IBM Research GmbH (2006).

[14]

Holmes, T., Mulo, E., Zdun, U., Dustdar, S.: Model-aware monitoring of soas for compliance. In: Dustdar, S., Li, F. (eds.) Service Engineering, pp. 117-136. Springer, Heidelberg (2011).

[15]

Birukou, A., D'Andrea, V., Leymann, F., Serafinski, J., Silveira, P., Strauch, S., Tluczek, M.: An integrated solution for runtime compliance governance in SOA. In: Maglio, P.P., Weske, M., Yang, J., Fantinato, M. (eds.) ICSOC 2010. LNCS, vol. 6470, pp. 122-136. Springer, Heidelberg (2010).

[16]

van der Aalst, W.M.P., de Medeiros, A.K.A.: Process mining and security: Detecting anomalous process executions and checking process conformance. Electr. Notes Theor. Comput. Sci. 121, 3-21 (2005).

Digital Library

[17]

Rozinat, A., van der Aalst, W.M.P.: Conformance checking of processes based on monitoring real behavior. Inf. Syst. 33, 64-95 (2008).

Digital Library

[18]

van der Aalst, W.M.P., van Dongen, B.F., Günther, C.W., Mans, R.S., de Medeiros, A.K.A., Rozinat, A., Rubin, V., Song, M., Verbeek, H.M.W(E.), Weijters, A.J.M.M.T.: ProM 4.0: Comprehensive support for real process analysis. In: Kleijn, J., Yakovlev, A. (eds.) ICATPN 2007. LNCS, vol. 4546, pp. 484-494. Springer, Heidelberg (2007).

Digital Library

Cited By

Maggi FMarrella APatrizi FSkydanienko V(2023)Data-Aware Declarative Process Mining with SATACM Transactions on Intelligent Systems and Technology10.1145/360010614:4(1-26)Online publication date: 10-Aug-2023
https://dl.acm.org/doi/10.1145/3600106
Eder JFranceschetti MKöpke JHung CPapadopoulos G(2019)Controllability of business processes with temporal variablesProceedings of the 34th ACM/SIGAPP Symposium on Applied Computing10.1145/3297280.3297286(40-47)Online publication date: 8-Apr-2019
https://dl.acm.org/doi/10.1145/3297280.3297286
Knuplesch DReichert MKumar A(2017)A framework for visually monitoring business process complianceInformation Systems10.1016/j.is.2016.10.00664:C(381-409)Online publication date: 1-Mar-2017
https://dl.acm.org/doi/10.1016/j.is.2016.10.006
Show More Cited By

Recommendations

A framework for visually monitoring business process compliance

Any enterprise must ensure that its business processes comply with imposed compliance rules. The latter stem, for example, from corporate guidelines, legal regulations, and best practices. In general, a compliance rule may constrain multiple ...
A posteriori compliance control
SACMAT '07: Proceedings of the 12th ACM symposium on Access control models and technologies

While preventative policy enforcement mechanisms can provide theoretical guarantees that policy is correctly enforced, they have limitations in practice. They are inflexible when unanticipated circumstances arise, and most are either inflexible with ...
Visually Monitoring Multiple Perspectives of Business Process Compliance
Proceedings of the 13th International Conference on Business Process Management - Volume 9253

A challenge for any enterprise is to ensure conformance of its business processes with imposed compliance rules. The latter may constrain multiple perspectives of a business process, including control flow, data, time, resources, and interactions with ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

OTM'11: Proceedings of the 2011th Confederated international conference on On the move to meaningful internet systems - Volume Part I

October 2011

430 pages

ISBN:9783642251085

Editors:
Robert Meersman
Vrije Universiteit Brussel, Belgium
,
Tharam Dillon
Curtin University of Technology, Australia
,
Pilar Herrero
Universidad Politécnica de Madrid, Spain
,
Akhil Kumar
Pennsylvania State University
,
Manfred Reichert
University of Ulm, Germany

Sponsors

Collibra: Collibra
OMG: Object Management Group
CUOT: Curtin University of Technology
Vrije Universiteit Brussel: Vrije Universiteit Brussel
Politechnical U of Madrid: Politechnical University of Madrid

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 17 October 2011

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

26
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Maggi FMarrella APatrizi FSkydanienko V(2023)Data-Aware Declarative Process Mining with SATACM Transactions on Intelligent Systems and Technology10.1145/360010614:4(1-26)Online publication date: 10-Aug-2023
https://dl.acm.org/doi/10.1145/3600106
Eder JFranceschetti MKöpke JHung CPapadopoulos G(2019)Controllability of business processes with temporal variablesProceedings of the 34th ACM/SIGAPP Symposium on Applied Computing10.1145/3297280.3297286(40-47)Online publication date: 8-Apr-2019
https://dl.acm.org/doi/10.1145/3297280.3297286
Knuplesch DReichert MKumar A(2017)A framework for visually monitoring business process complianceInformation Systems10.1016/j.is.2016.10.00664:C(381-409)Online publication date: 1-Mar-2017
https://dl.acm.org/doi/10.1016/j.is.2016.10.006
Bo YXia CZhang ZLu X(2017)On the satisfiability of authorization requirements in business processFrontiers of Computer Science: Selected Publications from Chinese Universities10.1007/s11704-016-6016-211:3(528-540)Online publication date: 1-Jun-2017
https://dl.acm.org/doi/10.1007/s11704-016-6016-2
Knuplesch DReichert M(2017)A visual language for modeling multiple perspectives of business process compliance rulesSoftware and Systems Modeling (SoSyM)10.1007/s10270-016-0526-016:3(715-736)Online publication date: 1-Jul-2017
https://dl.acm.org/doi/10.1007/s10270-016-0526-0
Sunkle SKholkar DKulkarni VLethbridge T(2015)Model-driven regulatory complianceProceedings of the 18th International Conference on Model Driven Engineering Languages and Systems10.5555/3351736.3351788(436-445)Online publication date: 30-Sep-2015
https://dl.acm.org/doi/10.5555/3351736.3351788
Awad ABarnawi AElgammal AElshawi RAlmalaise ASakr SWainwright RCorchado JBechini AHong J(2015)Runtime detection of business process compliance violationsProceedings of the 30th Annual ACM Symposium on Applied Computing10.1145/2695664.2699488(1203-1210)Online publication date: 13-Apr-2015
https://dl.acm.org/doi/10.1145/2695664.2699488
Knuplesch DReichert MKumar A(2015)Visually Monitoring Multiple Perspectives of Business Process ComplianceProceedings of the 13th International Conference on Business Process Management - Volume 925310.1007/978-3-319-23063-4_19(263-279)Online publication date: 31-Aug-2015
https://dl.acm.org/doi/10.1007/978-3-319-23063-4_19
Kobayashi K(2014)The minimum firing time of the generalized firing squad synchronization problem for squaresTheoretical Computer Science10.1016/j.tcs.2014.06.016547(46-69)Online publication date: 1-Aug-2014
https://dl.acm.org/doi/10.1016/j.tcs.2014.06.016
Leitner MRinderle-Ma S(2014)A systematic review on security in Process-Aware Information Systems - Constitution, challenges, and future directionsInformation and Software Technology10.1016/j.infsof.2013.12.00456:3(273-293)Online publication date: 1-Mar-2014
https://dl.acm.org/doi/10.1016/j.infsof.2013.12.004
Show More Cited By

View Options

View options

Figures

Tables

Media

View Table of Conten