Software & Systems Modeling

, Volume 16, Issue 3, pp 715–736 | Cite as

A visual language for modeling multiple perspectives of business process compliance rules

Theme Section Paper

Abstract

A fundamental challenge for enterprises is to ensure compliance of their business processes with imposed compliance rules stemming from various sources, e.g., corporate guidelines, best practices, standards, and laws. In general, a compliance rule may refer to multiple process perspectives including control flow, time, data, resources, and interactions with business partners. On one hand, compliance rules should be comprehensible for domain experts who must define, verify, and apply them. On the other, these rules should have a precise semantics to avoid ambiguities and enable their automated processing. Providing a visual language is advantageous in this context as it allows hiding formal details and offering an intuitive way of modeling the compliance rules. However, existing visual languages for compliance rule modeling have focused on the control flow perspective so far, but lack proper support for the other process perspectives. To remedy this drawback, this paper introduces the extended Compliance Rule Graph language, which enables the visual modeling of compliance rules with the support of multiple perspectives. Overall, this language will foster the modeling and verification of compliance rules in practice.

Keywords

Business process compliance Extended Compliance Rule Graphs Business process modeling Smart processes 

References

  1. 1.
    Abdullah, N.S., Sadiq, S.W., Indulska, M.: Emerging challenges in information systems research for regulatory compliance management. In: CAiSE’10, LNCS, vol. 6051, pp. 251–265. Springer (2010)Google Scholar
  2. 2.
    Accorsi, R., Lowis, L., Sato, Y.: Automated certification for compliant cloud-based business processes. Bus. Inf. Syst. Eng. 3(3), 145–154 (2011)CrossRefGoogle Scholar
  3. 3.
    Alberti, M., Chesani, F., Gavanelli, M., Lamma, E., Mello, P., Montali, M., Torroni, P.: Expressing and verifying business contracts with abductive logic programming. Int. J. Electron. Commerce 12(4), 9–38 (2008)CrossRefMATHGoogle Scholar
  4. 4.
    Alles, M., Kogan, A., Vasarhelyi, M.: Putting continuous auditing theory into practice: lessons from two pilot implementations. Inf. Sys. 22(2), 195–214 (2008)Google Scholar
  5. 5.
    Awad, A., Decker, G., Weske, M.: Efficient compliance checking using BPMN-Q and temporal logic. In: BPM’08, LNCS, vol. 5240, pp. 326–341. Springer (2008)Google Scholar
  6. 6.
    Awad, A., Weidlich, M., Weske, M.: Specification, verification and explanation of violation for data aware compliance rules. In: ICSOC’09, LNCS, vol. 5900, pp. 500–515. Springer (2009)Google Scholar
  7. 7.
    Awad, A., Weidlich, M., Weske, M.: Visually specifying compliance rules and explaining their violations for business processes. J. Vis. Lang. Comput. 22(1), 30–55 (2011)CrossRefGoogle Scholar
  8. 8.
    Barba, I., Lanz, A., Weber, B., Reichert, M., Valle, C.D.: Optimized time management for declarative workflows. In: BPMDS’12, LNCS, vol. 113, pp. 195–210. Springer (2012)Google Scholar
  9. 9.
    Barros, A., Dumas, M., ter Hofstede, A.: Service interaction patterns. In: BPM’05, LNCS, vol. 3649, pp. 302–318. Springer (2005)Google Scholar
  10. 10.
    Baumgrass, A., Baier, T., Mendling, J., Strembeck, M.: Conformance checking of rbac policies in process-aware information systems. In: BPM’12 Workshops, LNBIP, vol. 100, pp. 435–446. Springer (2012)Google Scholar
  11. 11.
    Becker, J., Delfmann, P., Eggert, M., Schwittay, S.: Generalizability and applicability of model-based business process compliance-checking approaches—a state-of-the-art analysis and research roadmap. BuR Bus. Res. 5(2), 221–247 (2012)CrossRefGoogle Scholar
  12. 12.
    Berry, A., Milosevic, Z.: Extending choreography with business contract constraints. Coop. Inf. Sys. 14(2–3), 131–179 (2005)CrossRefGoogle Scholar
  13. 13.
    Businska, L.: Multidimensional business process modeling approach. In: ADBIS’10, LNCS, vol. 5968, pp. 247–256. Springer (2010)Google Scholar
  14. 14.
    Cabanillas, C., Knuplesch, D., Resinas, M., Reichert, M., Mendling, J., Ruiz-Cortes, A.: RALph: a graphical notation for resource assignments in business processes. In: CAiSE’15, LNCS, vol. 9097, pp. 53–68. Springer (2015)Google Scholar
  15. 15.
    Cabanillas, C., Resinas, M., Cortés, A.R.: Defining and analysing resource assignments in business processes with RAL. In: ICSOC’11, LNCS, vol. 7084, pp. 477–486. Springer (2011)Google Scholar
  16. 16.
    Cabanillas, C., Resinas, M., Ruiz-Cortés, A.: Hints on how to face business process compliance. In: JISBD’10, pp. 26–32 (2010)Google Scholar
  17. 17.
    Cohen, J.: Statistical Power Analysis for the Behavioral Sciences. Lawrence Erlbaum, Hillsdale (1998)MATHGoogle Scholar
  18. 18.
    Decker, G., Weske, M.: Interaction-centric modeling of process choreographies. Inf. Syst. 36(2), 292–312 (2011)CrossRefGoogle Scholar
  19. 19.
    Delfmann, P., Steinhorst, M., Dietrich, H.A., Becker, J.: The generic model query language GMQL conceptual specification, implementation, and runtime evaluation. Inf. Syst. 47, 129–177 (2015)CrossRefGoogle Scholar
  20. 20.
    Dwyer, M.B., Avrunin, G.S., Corbett, J.C.: Property specification patterns for finite-state verification. In: FMSP’98, pp. 7–15. ACM (1998)Google Scholar
  21. 21.
    Eder, J., Tahamtan, A.: Temporal conformance of federated choreographies. In: DEXA’08, LNCS, vol. 5181, pp. 668–675. Springer (2008)Google Scholar
  22. 22.
    Feja, S., Speck, A., Witt, S., Schulz, M.: Checkable graphical business process representation. In: ADBIS’11, LNCS, vol. 6295, pp. 176–189. Springer (2011)Google Scholar
  23. 23.
    Fellmann, M., Zasada, A.: State-of-the-art of business process compliance approaches: a survey. In: ECIS’14, pp. 1–17 (2014)Google Scholar
  24. 24.
    Field, A., Hole, G.: How to Design and Report Experiments. Sage, Beverley Hills (2003)Google Scholar
  25. 25.
    Frank, U.: Multi-perspective enterprise modeling: foundational concepts, prospects and future research challenges. Softw. Syst. Model. 13(3), 941–962 (2014)CrossRefGoogle Scholar
  26. 26.
    Ghose, A.K., Koliadis, G.: Auditing business process compliance. In: ICSOC’07, LNCS, vol. 4749, pp. 169–180. Springer (2007)Google Scholar
  27. 27.
    Giblin, C., Müller, S., Pfitzmann, B.: From regulatory policies to event monitoring rules: towards model-driven compliance automation. Technical report RZ-3662, IBM (2006)Google Scholar
  28. 28.
    Goedertier, S., Vanthienen, J.: Designing compliant business processes with obligations and permissions. In: BPM’06 Workshops, LNCS, vol. 4103, pp. 5–14. Springer (2006)Google Scholar
  29. 29.
    Governatori, G., Hoffmann, J., Sadiq, S., Weber, I.: Detecting regulatory compliance for business process models through semantic annotations. In: BPM’08 Workshops, LNBIP, vol. 17, pp. 5–17. Springer (2009)Google Scholar
  30. 30.
    Governatori, G., Milosevic, Z., Sadiq, S.: Compliance checking between business processes and business contracts. In: EDOC’06, pp. 221–232. IEEE (2006)Google Scholar
  31. 31.
    Governatori, G., Sadiq, S.: The journey to business process compliance. In: Cardoso, J., van der Aalst, W.M.P. (eds.) Handbook of Research on BPM, pp. 426–454. IGI Global, Hershey (2009)Google Scholar
  32. 32.
    Grosof, B.N., Labrou, Y.: An approach to using XML and a rule-based content language with an agent communication language. In: Issues in Agent Communication, LNCS, vol. 1916, pp. 96–117. Springer (2000)Google Scholar
  33. 33.
    Haisjackl, C., Barba, I., Zugal, S., Soffer, P., Hadar, I., Reichert, M., Pinggera, J., Weber, B.: Understanding declare models: strategies, pitfalls, empirical results. Softw. Syst. Model. 1–28 (2014). doi:10.1007/s10270-014-0435-z
  34. 34.
    Haisjackl, C., Zugal, S.: Investigating differences between graphical and textual declarative process models. In: CAiSE’14 Workshops, LNBIP, vol. 178, pp. 194–206. Springer (2014)Google Scholar
  35. 35.
    Herbst, H.: Business rules in systems analysis: a meta-model and repository system. Inf. Syst. 21(2), 147–166 (1996)CrossRefGoogle Scholar
  36. 36.
    Hildebrandt, T., Mukkamala, R., Slaats, T.: Nested dynamic condition response graphs. In: FSEN’12, LNCS, vol. 7141, pp. 343–350. Springer (2012)Google Scholar
  37. 37.
    Höhn, S.: Model-based reasoning on the achievement of business goals. In: SAC’09, pp. 1589–1593. ACM (2009)Google Scholar
  38. 38.
    Höst, M., Regnell, B., Wohlin, C.: Using students as subjects a comparative study of students and professionals in lead-time impact assessment. Empir. Softw. Eng. 5(3), 201–214 (2000)CrossRefMATHGoogle Scholar
  39. 39.
    Hull, R.: Artifact-centric business process models: brief survey of research results and challenges. In: OTM’08, LNCS, vol. 5332, pp. 1152–1163. Springer (2008)Google Scholar
  40. 40.
    Kharbili, M.E., de Medeiros, A., Stein, S., van der Aalst, W.M.P.: Business process compliance checking: current state and future challenges. In: MobIS’08, pp. 107–113 (2008)Google Scholar
  41. 41.
    Knuplesch, D., Ly, L.T., Rinderle-Ma, S., Pfeifer, H., Dadam, P.: On enabling data-aware compliance checking of business process models. In: ER’2010, LNCS, vol. 6412, pp. 332–346. Springer (2010)Google Scholar
  42. 42.
    Knuplesch, D., Pryss, R., Reichert, M.: Data-aware interaction in distributed and collaborative workflows: modeling, semantics, correctness. In: CollaborateCom’12, pp. 223–232. IEEE (2012)Google Scholar
  43. 43.
    Knuplesch, D., Reichert, M.: Ensuring business process compliance along the process life cycle. Technical report 2011-06, Ulm University (2011)Google Scholar
  44. 44.
    Knuplesch, D., Reichert, M., Fdhila, W., Rinderle-Ma, S.: On enabling compliance of cross-organizational business processes. In: BPM’13, LNCS, vol. 8094, pp. 146–154. Springer (2013)Google Scholar
  45. 45.
    Knuplesch, D., Reichert, M., Ly, L.T., Kumar, A., Rinderle-Ma, S.: On the formal semantics of the extended compliance rule graph. Technical Report 2013-05, Ulm University (2013)Google Scholar
  46. 46.
    Knuplesch, D., Reichert, M., Ly, L.T., Kumar, A., Rinderle-Ma, S.: Visual modeling of business process compliance rules with the support of multiple perspectives. In: ER’2013, LNCS, vol. 8217, pp. 106–120. Springer (2013)Google Scholar
  47. 47.
    Knuplesch, D., Reichert, M., Mangler, J., Rinderle-Ma, S., Fdhila, W.: Towards compliance of cross-organizational processes and their changes. In: BPM’12 Workshops, LNBIP, vol. 132, pp. 649–661. Springer (2013)Google Scholar
  48. 48.
    Knuplesch, D., Reichert, M., Pryss, R., Fdhila, W., Rinderle-Ma, S.: Ensuring compliance of distributed and collaborative workflows. In: CollaborateCom’13, pp. 133–142. IEEE (2013)Google Scholar
  49. 49.
    Konyen, I., Reichert, M., Schultheiß, B.: Organisationsstrukturen einer Universitätsklinik am Beispiel der Uni-Frauenklinik Ulm. Technical report DBIS-18, University of Ulm (1996)Google Scholar
  50. 50.
    Konyen, I., Reichert, M., Schultheiß, B., Frank, S., Mangold, R.: Ein Prozessentwurf für den Bereich der minimal invasiven Chirugie. Technical report DBIS-14, University of Ulm (1996)Google Scholar
  51. 51.
    Konyen, I., Schultheiß, B., Reichert, M.: Prozessentwurf eines Ablaufs im Labor. Technical report DBIS-16, University of Ulm (1996)Google Scholar
  52. 52.
    Konyen, I., Schultheiß, B., Reichert, M.: Prozessentwurf für den Ablauf einer radiologischen Untersuchung. Technical report DBIS-15, University of Ulm (1996)Google Scholar
  53. 53.
    Kumar, A., Yao, W., Chu, C.: Flexible process compliance with semantic constraints using mixed-integer programming. INFORMS J. Comput. 25(3), 543–559 (2013)CrossRefGoogle Scholar
  54. 54.
    Künzle, V., Reichert, M.: PHILharmonicFlows: towards a framework for object-aware process management. J. Softw. Maint. Evol. Res. Pract. 23(4), 205–244 (2011)CrossRefGoogle Scholar
  55. 55.
    Küster, J., Ryndina, K., Gall, H.: Generation of business process models for object life cycle compliance. In: BPM’07, LNCS, vol. 4714. Springer (2007)Google Scholar
  56. 56.
    Lanz, A., Reichert, M., Weber, B.: Process time patterns: a formal foundation. Inf. Syst. 57, 38–68 (2016)CrossRefGoogle Scholar
  57. 57.
    Lanz, A., Weber, B., Reichert, M.: Time patterns for process-aware information systems. Requir. Eng. 19, 1–29 (2012)Google Scholar
  58. 58.
    Liu, Y., Müller, S., Xu, K.: A static compliance-checking framework for business process models. IBM Syst. J. 46(2), 335–361 (2007)CrossRefGoogle Scholar
  59. 59.
    Lumley, T., Diehr, P., Emerson, S., Chen, L.: The importance of the normality assumption in large public health data sets. Annu. Rev. Public Health 23(1), 151–169 (2002)CrossRefGoogle Scholar
  60. 60.
    Ly, L.T., Maggi, F.M., Montali, M., Rinderle-Ma, S., van der Aalst, W.M.P.: A framework for the systematic comparison and evaluation of compliance monitoring approaches. In: EDOC’13, pp. 7–16. IEEE (2013)Google Scholar
  61. 61.
    Ly, L.T., Rinderle, S., Dadam, P.: Integration and verification of semantic constraints in adaptive process management systems. Data Knowl. Eng. 64(1), 3–23 (2008)CrossRefGoogle Scholar
  62. 62.
    Ly, L.T., Rinderle-Ma, S., Dadam, P.: Design and verification of instantiable compliance rule graphs in process-aware information systems. In: CAiSE’10, LNCS, vol. 6051, pp. 9–23. Springer (2010)Google Scholar
  63. 63.
    Ly, L.T., Rinderle-Ma, S., Knuplesch, D., Dadam, P.: Monitoring business process compliance using compliance rule graphs. In: OTM’11, LNCS, vol. 7044, pp. 82–99. Springer (2011)Google Scholar
  64. 64.
    Maggi, F., Montali, M., Westergaard, M., van der Aalst, W.M.P.: Monitoring business constraints with linear temporal logic: an approach based on colored automata. In: BPM’11, LNCS, vol. 6896, pp. 132–147. Springer (2011)Google Scholar
  65. 65.
    Maggi, F.M., Francescomarino, C.D., Dumas, M., Ghidini, C.: Predictive monitoring of business processes. In: CAiSE’14, LNCS, vol. 8484, pp. 457–472. Springer (2014)Google Scholar
  66. 66.
    Meyer, A., Pufahl, L., Batoulis, K., Kruse, S., Lindhauer, T., Stoff, T., Fahland, D., Weske, M.: Automating data exchange in process choreographies. In: CAiSE’14, LNCS, vol. 8484. Springer (2014)Google Scholar
  67. 67.
    Meyer, A., Pufahl, L., Fahland, D., Weske, M.: Modeling and enacting complex data dependencies in business processes. In: BPM’13, LNCS, vol. 8094, pp. 171–186. Springer (2013)Google Scholar
  68. 68.
    Montali, M., Chesani, F., Mello, P., Maggi, F.M.: Towards data-aware constraints in declare. In: SAC’13, pp. 1391–1396. ACM (2013)Google Scholar
  69. 69.
    Moody, D.L.: The physics of notations: toward a scientific basis for constructing visual notations in software engineering. IEEE Trans. Softw. Eng. 35(6), 756–779 (2009)CrossRefGoogle Scholar
  70. 70.
    Namiri, K., Stojanovic, N.: Pattern-based design and validation of business process compliance. In: OTM’07, LNCS, pp. 59–76. Springer (2007)Google Scholar
  71. 71.
    OMG: BPMN 2.0. Recommendation, OMG (2011)Google Scholar
  72. 72.
    OMG: SBVR 1.3. Recommendation, OMG (2015)Google Scholar
  73. 73.
    Ottensooser, A., Fekete, A., Reijers, H.A., Mendling, J., Menictas, C.: Making sense of business process descriptions: an experimental comparison of graphical and textual notations. J. Syst. Softw. 85(3), 596–606 (2012)CrossRefGoogle Scholar
  74. 74.
    Outmazgin, N., Soffer, P.: A process mining-based analysis of business process work-arounds. Softw. Syst. Model. 1–15 (2014). doi:10.1007/s10270-014-0420-6
  75. 75.
    Pesic, M., Schonenberg, H., van der Aalst, W.M.P.: DECLARE: full support for loosely-structured processes. In: EDOC’07, pp. 287–300. IEEE (2007)Google Scholar
  76. 76.
    Ramezani, E., Fahland, D., van der Aalst, W.M.P.: Where did I misbehave? Diagnostic information in compliance checking. In: BPM’12, LNCS, vol. 7481, pp. 262–278. Springer (2012)Google Scholar
  77. 77.
    Ramezani, E., Fahland, D., van der Werf, J.M., Mattheis, P.: Separating compliance management and business process management. In: BPM’11 Workshops, LNBIP, vol. 100, pp. 459–464. Springer (2012)Google Scholar
  78. 78.
    Ramezani Taghiabadi, E., Fahland, D., van Dongen, B.F., van der Aalst, W.M.P.: Diagnostic information for compliance checking of temporal compliance requirements. In: CAiSE’13, LNCS, vol. 7908, pp. 304–320. Springer (2013)Google Scholar
  79. 79.
    Ratcliffe, J.F.: The effect on the t distribution of non-normality in the sampled population. J. R. Stat. Soc. Ser. C (Appl. Stat.) 17(1), 42–48 (1968)MathSciNetGoogle Scholar
  80. 80.
    Reichert, M., Dadam, P.: ADEPT\(_{flex}\)—supporting dynamic changes of workflows without losing control. Intell. Inf. Sys. 10(2), 93–129 (1998)CrossRefGoogle Scholar
  81. 81.
    Reichert, M., Rinderle, S., Kreher, U., Dadam, P.: Adaptive process management with ADEPT2. In: ICDE’05, pp. 1113–1114. IEEE (2005)Google Scholar
  82. 82.
    Reichert, M., Weber, B.: Business Process Compliance, pp. 297–320. Springer, Berlin (2012)Google Scholar
  83. 83.
    Reichert, M., Weber, B.: Enabling Flexibility in Process-Aware Information Systems—Challenges, Methods, Technologies. Springer, Berlin (2012)CrossRefMATHGoogle Scholar
  84. 84.
    Russell, N., van der Aalst, W.M.P., ter Hofstede, A.H.M., Edmond, D.: Workflow resource patterns: identification, representation and tool support. In: CAiSE’05, LNCS, vol. 3520, pp. 216–232. Springer (2005)Google Scholar
  85. 85.
    Salnitri, M., Dalpiaz, F., Giorgini, P.: Modeling and verifying security policies in business processes. In: BPMDS’14, LNBIP, vol. 175, pp. 200–214. Springer (2014)Google Scholar
  86. 86.
    Schultheiß, B., Meyer, J., Mangold, R., Zemmler, T., Reichert, M.: Prozessentwurf für den Ablauf einer stationären Chemotherapie. Technical report DBIS-5, University of Ulm (1996)Google Scholar
  87. 87.
    Schultheiß, B., Meyer, J., Mangold, R., Zemmler, T., Reichert, M., Dadam, P., Kreienberg, R.: Prozessentwurf am Beispiel eines Ablaufs aus dem OP-Bereich - Ergebnisse einer Analyse an der Universitätsfrauenklinik Ulm. Technical report DBIS-6, University of Ulm (1996)Google Scholar
  88. 88.
    Schultheiß, B., Meyer, J., Mangold, R., Zemmler, T., Reichert, M., Dadam, P., Kreienberg, R.: Prozessentwurf für den Ablauf einer ambulanten Chemotherapie. Technical report DBIS-7, University of Ulm (1996)Google Scholar
  89. 89.
    Semmelrodt, F.: Modellierung klinischer Prozesse und Compliance Regeln mittels BPMN 2.0 und eCRG. Master thesis, Ulm University, Germany (2013)Google Scholar
  90. 90.
    Semmelrodt, F., Knuplesch, D., Reichert, M.: Modeling the resource perspective of business process compliance rules with the extended compliance rule graph. In: BPMDS’14, LNBIP, vol. 175, pp. 48–63. Springer (2014)Google Scholar
  91. 91.
    Sunkle, S., Kholkar, D., Kulkarni, V.: Toward better mapping between regulations and operational details of enterprises using vocabularies and semantic similarity. In: CAiSE’15 Forum, pp. 229–236. CEUR-WS (2015)Google Scholar
  92. 92.
    Svahnberg, M., Aurum, A., Wohlin, C.: Using students as subjects—an empirical evaluation. In: ESEM’08, pp. 288–290. ACM (2008)Google Scholar
  93. 93.
    Turetken, O., Elgammal, A., van den Heuvel, W.J., Papazoglou, M.: Capturing compliance requirements: a pattern-based approach. IEEE Softw. 29, 29–36 (2012)CrossRefGoogle Scholar
  94. 94.
    van der Aalst, W.M.P.: Verification of workflow nets. In: ICATPN’97, LNCS, vol. 1248, pp. 407–426. Springer (1997)Google Scholar
  95. 95.
    van der Aalst, W.M.P., Beer, H.D., van Dongen, B.: Process mining and verification of properties: an approach based on temporal logic. In: OTM’05, LNCS, vol. 3760, pp. 130–147 (2005)Google Scholar
  96. 96.
    van der Aalst, W.M.P., ter Hofstede, A.H.: YAWL: yet another workflow language. Inf. Syst. 30(4), 245–275 (2005)CrossRefGoogle Scholar
  97. 97.
    van der Aalst, W.M.P., Lohmann, N., Massuthe, P., Stahl, C., Wolf, K.: Multiparty contracts: agreeing and implementing interorganizational processes. Comput. J. 53(1), 90–106 (2010)CrossRefGoogle Scholar
  98. 98.
    Zasada, A., Fellmann, M.: A pattern-based approach to transform natural text from laws into compliance controls in the food industry. In: LWA’15 Workshops, pp. 230–238. CEUR-WS (2015)Google Scholar
  99. 99.
    Zugal, S., Soffer, P., Haisjackl, C., Pinggera, J., Reichert, M., Weber, B.: Investigating expressiveness and understandability of hierarchy in declarative business process models. Softw. Syst. Model. 14(3), 1081–1103 (2015)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  1. 1.Institute of Database and Information SystemsUlm UniversityUlmGermany

Personalised recommendations