Information Systems Frontiers

, Volume 14, Issue 2, pp 155–177 | Cite as

On compliance checking for clausal constraints in annotated process models

Article

Abstract

Compliance management is important in several industry sectors where there is a high incidence of regulatory control. It must be ensured that business practices, as reflected in business processes, comply with the rules. Such compliance checks are challenging due to (1) the different life cycles of rules and processes, and (2) their disparate representations. (1) requires retrospective checking of process models. To address (2), we herein devise a framework where processes are annotated to capture the semantics of task execution, and compliance is checked against a set of constraints posing restrictions on the desirable process states. Each constraint is a clause, i.e., a disjunction of literals. If a process can reach a state that falsifies all literals of one of the constraints, then that constraint is violated in that state, and indicates non-compliance. Naively, such compliance can be checked by enumerating all reachable states. Since long waiting times are undesirable, it is important to develop efficient (low-order polynomial time) algorithms that (a) perform exact compliance checking for restricted cases, or (b) perform approximate compliance checking for more general cases. Herein, we observe that methods of both kinds can be defined as a natural extension of our earlier work on semantic business process validation. We devise one method of type (a), and we devise two methods of type (b); both are based on similar restrictions to the processes, where the restrictions made by methods (b) are a subset of those made by method (a). The approximate methods each guarantee either of soundness (finding only non-compliances) or completeness (finding all non-compliances). We describe how one can trace the state evolution back to the process activities which caused the (potential) non-compliance, and hence provide the user with an error diagnosis.

Keywords

Compliant process design Compliance checking Business process design Formal process verification 

References

  1. Aalst, W. (1999a). Formalization and verification of event-driven process chains. Information and Software Technology, 41(10), 639–650.CrossRefGoogle Scholar
  2. Aalst, W. (1999b). Interorganizational workflows: An approach based on message sequence charts and petri nets. Systems Analysis Modelling Simulation, 34(3), 335–367.Google Scholar
  3. Ankolekar, A., Burstein, M., Hobbs, J. R., Lassila, O., Martin, D., McDermott, D., et al. (2002). DAML-S: Web service description for the semantic web. In ISWC.Google Scholar
  4. Aspvall, B., Plass, M., & Tarjan, R. (1979). A linear-time algorithm for testing the truth of certain quantified boolean formulas. Information Processing Letters, 8, 121–123.CrossRefGoogle Scholar
  5. Awad, A., Decker, G., & Weske, M. (2008). Efficient compliance checking using bpmn-q and temporal logic. In M. Dumas, M. Reichert, & M. C. Shan (Eds.), Business process management, 6th international conference, BPM 2008. Lecture notes in computer science (Vol. 5240, pp. 326–341). New York: Springer.Google Scholar
  6. Baader, F., Lutz, C., Milicic, M., Sattler, U., & Wolter, F. (2005). Integrating description logics and action formalisms: First results. In AAAI.Google Scholar
  7. Berthelot, G. (1987). Transformations and decompositions of nets. In W. Brauer, W. Reisig, & G. Rozenberg (Eds.), Advances in petri nets 1986 part I: Petri nets, central models and their properties. LNCS (Vol. 254, pp. 360–376). New York, Springer.Google Scholar
  8. Chopra, A. K., & Sing, M. P. (2007). Producing compliant interactions: Conformance, coverage and interoperability. Declarative agent languages and technologies IV. In M. Baldoni, & U. Endriss (Eds.), LNAI (Vol. 4327, pp. 1–15). Berlin: Springer.Google Scholar
  9. Coalition, T. O. S. (2003). OWL-S: Semantic markup for web services. In M. Burstein, J. Hobbs, O. Lassila, D. McDermott, S. McIlraith, S. Narayanan, M. Paolucci, B. Parsia, T. Payne, E. Sirin, N. Srinivasan, K. Sycara & D. Martin (Eds.),OWL-S: Semantic Markup for Web Services. OWL-S 1.1. http://www.daml.org/services/owl-s/1.1/. Version 1.1
  10. Desel, J., & Esparza, J. (1995). Free choice Petri nets. New York, NY, USA: Cambridge University Press.CrossRefGoogle Scholar
  11. Farrell, A., Sergot, M., Sallé, M., & Bartolini, C. (2005). Using the event calculus for tracking the normative state of contracts. International Journal of Cooperative Information Systems, 14(2–3), 99–129.CrossRefGoogle Scholar
  12. Fensel, D., Lausen, H., Polleres, A., Stollberg, M., Roman, D., de Bruijn, J., et al. (2006). Enabling semantic web services: The web service modeling ontology. New York: Springer.Google Scholar
  13. Garcia-Valles, F., & Colom, J. (1999). Implicit places in net systems. In Petri nets and performance Models, 1999. Proceedings. The 8th international workshop (pp. 104–113).Google Scholar
  14. Ghose, A., & Koliadis, G. (2007). Auditing business process compliance. In Service Oriented Computing, ISOC 2007. LNCS (pp. 169–180). New York: Springer.CrossRefGoogle Scholar
  15. Giacomo, G. D., Lenzerini, M., Poggi, A., & Rosati, R. (2006). On the update of description logic ontologies at the instance level. In AAAI.Google Scholar
  16. Governatori, G., Hoffmann, J., Sadiq, S., & Weber, I. (2008). Detecting regulatory compliance for business process models through semantic annotations. In BPD-08: 4th international workshop on business process design. Google Scholar
  17. Governatori, G., & Milosevic, Z. (2006). A formal analysis of a business contract language. International Journal of Cooperative Information Systems, 15(4), 659–685.CrossRefGoogle Scholar
  18. Governatori, G., Milosevic, Z., Sadiq, S. (2006). Compliance checking between business processes and business contracts. In P. C. K. Hung (Ed.), 10th International Enterprise Distributed Object Computing Conference (EDOC 2006) (pp. 221–232). IEEE Computing Society. doi:10.1109/EDOC.2006.22.
  19. Holzmann, G. (2003). The spin model checker—Primer and reference manual. Reading: Addison-Wesley.Google Scholar
  20. Howell, R., & Rosier, L. (1989). Problems concerning fairness and temporal logic for conflict-free petri nets. Theoretical Computer Science, 64(3), 305–329.CrossRefGoogle Scholar
  21. Liu, Y., Müller, S., & Xu, K. (2007). A static compliance-checking framework for business process models. IBM Systems Journal, 46(2), 335–362.CrossRefGoogle Scholar
  22. Lutz, C., & Sattler, U. (2002). A proposal for describing services with DLs. In DL.Google Scholar
  23. Ly, L. T., Rinderle, S., & Dadam, P. (2006). Semantic correctness in adaptive process management systems. In BPM06: Proc. 4th int’l conf. on business process management (pp. 193–208). Vienna, Austria.Google Scholar
  24. Ly, L. T., Rinderle, S., & Dadam, P. (2008). Integration and verification of semantic constraints in adaptive process management systems. Data and Knowledge Engineering, 64(1), 3–23.CrossRefGoogle Scholar
  25. OASIS (2007). Web services business process execution language version 2.0. http://www.ibm.com/developerworks/webservices/library/ws-bpel/.
  26. OMG (2008). Business process modeling notation—BPMN 1.1. OMG specification. http://www.bpmn.org/.
  27. Roman, D., & Kifer, M. (2007). Reasoning about the behaviour of semantic web services with concurrent transaction logic. In VLDB (pp. 627–638).Google Scholar
  28. Sadiq, S., Governatori, G., & Namiri, K. (2007). Modelling control objectives for business process compliance. In Proc. 5th international conference on business process management. Brisbane, Australia.Google Scholar
  29. Sergot, M. J., Sadri, F., Kowalski, R. A., Kriwaczek, F., Hammond, P., & Cory, H. (1986). The british nationality act as a logic program. Communications of the ACM, 29(5), 370–386.CrossRefGoogle Scholar
  30. van der Aalst, W. M. P., de Beer, H. T., & van Dongen, B. F. (2005). Process mining and verification of properties: An approach based on temporal logic. OTM conferences (1). In R. Meersman, Z. Tari, M. S. Hacid, J. Mylopoulos, B. Pernici, Ö. Babaoglu, et al. (Eds.), Lecture notes in computer science (Vol. 3760, pp. 130–147). New York: Springer.Google Scholar
  31. van der Aalst, W. M. P., & van Hee, K. (2002). Workflow management: Models, methods, and systems (cooperative information systems). Cambridge: MIT. http://www.amazon.ca/exec/obidos/redirect?tag=citeulike04-20&path=ASIN/0262011891.Google Scholar
  32. Vanhatalo, J., Völzer, H., Leymann, F. (2007). Faster and more focused control-flow analysis for business process models though sese decomposition. In B. Krämer, K. Lin, P. Narasimhan (Eds.), 5th international conference on service-oriented computing (ICSOC). Lecture notes in computer science (Vol. 4749, pp. 43–55). Berlin: Springer.Google Scholar
  33. Weber, I., Hoffmann, J., Mendling, J. (2008). Semantic business process validation. In Proceedings of the 3rd international workshop on semantic business process management (SBPM’08).Google Scholar
  34. Winslett, M. (1988). Reasoning about actions using a possible models approach. In AAAI.Google Scholar
  35. zur Muehlen, M., Indulska, M., Kemp, G. (2007). Business process and business rule modeling languages for compliance management: A representational analysis. In Proc. 26th international conference on conceptual modelling - ER2007 - tutorials, posters, panels and industrial contributions. Auckland, New Zealand.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2009

Authors and Affiliations

  1. 1.SAP ResearchKarlsruheGermany
  2. 2.School of Computer Science & EngineeringThe University of New South WalesSydneyAustralia
  3. 3.Queensland Research LaboratoryNICTABrisbaneAustralia

Personalised recommendations