Service Oriented Computing and Applications

, Volume 7, Issue 4, pp 275–292 | Cite as

SOA-enabled compliance management: instrumenting, assessing, and analyzing service-based business processes

  • Carlos Rodríguez
  • Daniel Schleicher
  • Florian Daniel
  • Fabio Casati
  • Frank Leymann
  • Sebastian Wagner
Original Research Paper


Facilitating compliance management, that is, assisting a company’s management in conforming to laws, regulations, standards, contracts, and policies, is a hot but non-trivial task. The service-oriented architecture (SOA) has evolved traditional, manual business practices into modern, service-based IT practices that ease part of the problem: the systematic definition and execution of business processes. This, in turn, facilitates the online monitoring of system behaviors and the enforcement of allowed behaviors—all ingredients that can be used to assist compliance management on the fly during process execution. In this paper, instead of focusing on monitoring and runtime enforcement of rules or constraints, we strive for an alternative approach to compliance management in SOAs that aims at assessing and improving compliance. We propose two ingredients: (i) a model and tool to design compliant service-based processes and to instrument them in order to generate evidence of how they are executed and (ii) a reporting and analysis suite to create awareness of a company’s compliance state and to enable understanding why and where compliance violations have occurred. Together, these ingredients result in an approach that is close to how the real stakeholders—compliance experts and auditors—actually assess the state of compliance in practice and that is less intrusive than enforcing compliance.


Service-based compliance governance Compliance assessment Signaling instrumentation Key indicators Root cause analysis Reporting dashboard 



This work was supported by funds from the European Commission (Contract Nbr. 216917 for the FP7-ICT-2007-1 project MASTER).


  1. 1.
    Apte C, Bibelnieks E, Natarajan R, Pednault E, Tipu F, Campbell D, Nelson B (2001) Segmentation-based modeling for advanced targeted marketing. In: KDD’01, pp. 408–413Google Scholar
  2. 2.
    Brauer B, Kline S (2005) SOA governance: a key ingredient of the adaptive enterprise. Tech rep, Hewlett-Packard.
  3. 3.
    Brown W, Moore G, Tegan W (2006) SOA governance: IBM’s approach. Tech rep, IBM.
  4. 4.
    Casati F, Castellanos M, Dayal U, Salazar N (2007) A generic solution for warehousing business process data. In: VLDB’07. VLDB Endowment, pp 1128–1137Google Scholar
  5. 5.
    Daniel F, Casati F, D’Andrea V, Strauch S, Schumm D, Leymann F, Mulo E, Zdun U, Dustdar S, Sebahi S, de Marchi F, Hacid MS (2009) Business compliance governance in service-oriented architectures. In: AINA’09. IEEE PressGoogle Scholar
  6. 6.
    Dunn P (2004) Measurement and data analysis for engineering and science. McGraw-Hill Science, New YorkGoogle Scholar
  7. 7.
    Goedertier S, Vanthienen J (2006) Designing compliant business processes from obligations and permission. In: BPM workshops, vol. 4103. Springer, pp 5–14Google Scholar
  8. 8.
    Governatori G, Hoffmann J, Sadiq SW, Weber I (2008) Detecting regulatory compliance for business process models through semantic annotations. In: BPM workshops, pp 5–17Google Scholar
  9. 9.
    Governatori G, Sadiq S (2009) The journey to business process compliance. In: Handbook of research on business process management, pp 426–454Google Scholar
  10. 10.
    Greco G, Guzzo A, Pontieri L, Sacca D (2006) Discovering expressive process models by clustering log traces. IEEE TKDE 18(8):1010–1027Google Scholar
  11. 11.
    Grigori D, Casati F, Castellanos M, Dayal U, Sayal M, Shan M (2004) Business process intelligence. Comput Ind 53(3):321–343CrossRefGoogle Scholar
  12. 12.
    Grigori D, Casati F, Dayal U, Shan MC (2001) Improving business process quality through exception understanding, prediction, and prevention. In: VLDB’01. San Francisco, CA, USA, pp 159–168Google Scholar
  13. 13.
    Hagerty J, Hackbush J, Gaughan D, Jacobson S (2008) The governance, risk management, and compliance spending report, 2008–2009: Inside the $32B GRC Market. Tech rep, AMR ResearchGoogle Scholar
  14. 14.
    Hoffmann J, Weber I, Governatori G (2012) On compliance checking for clausal constraints in annotated process models. Inf Syst Frontiers 14(2):155–177Google Scholar
  15. 15.
    Khalaf R, Karastoyanova D, Leymann F (2007) Pluggable framework for enabling the execution of extended BPEL behavior. In: WESOA’07. SpringerGoogle Scholar
  16. 16.
    Motahari-Nezhad HR, Saint-Paul R, Benatallah B, Asati F (2008) Deriving protocol models from imperfect service conversation logs. IEEE Trans Knowl Data Eng 20(12):1683–1698CrossRefGoogle Scholar
  17. 17.
    Musaraj K, Yoshida T, Daniel F, Hacid MS, Casati F, Benatallah B (2010) Message correlation and web service protocol mining from inaccurate logs. In: Proceedings of ICWS’10Google Scholar
  18. 18.
    Oracle (2007) SOA governance: framework and best practices. Tech rep, Oracle. URL
  19. 19.
    Pinter SS, Golani M (2004) Discovering workflow models from activities’ lifespans. Comput Ind 53(3):283–296CrossRefGoogle Scholar
  20. 20.
    Popova V, Sharpanskykh A (2010) Modeling organizational performance indicators. Inf Syst 35(4):505–527CrossRefGoogle Scholar
  21. 21.
    Rodriguez C, Daniel F, Casati F, Anstett T, Schleicher D, Burri S (2009) Warehouse model and diagnostic algorithms. Deliverable d6.2.2, MASTER project. URL
  22. 22.
    Rodríguez C, Daniel F, Casati F, Cappiello C (2009) Computing uncertain key indicators from uncertain data. In: ICIQ’09, pp 106–120Google Scholar
  23. 23.
    Rodriguez C, Daniel F, Casati F, Cappiello C (2010) Toward uncertain business intelligence: the case of key indicators. IEEE Internet comput 14(4):32–40 Google Scholar
  24. 24.
    Rozinat A, van der Aalst WMP (2008) Conformance checking of processes based on monitoring real behavior. Inf Syst 33(1):64–95CrossRefGoogle Scholar
  25. 25.
    Rozinat A, van der Aalst WMP (2006) Decision mining in business processes (BETA publicatie: working papers, No. 164) Eindhoven: Technische Universiteit Eindhoven, 16 pp.
  26. 26.
    Rozinat A, Van der Aalst W (2006) Conformance testing: measuring the fit and appropriateness of event logs and process models. In: Business process management workshops. Springer, pp 163–176Google Scholar
  27. 27.
    Sadiq SW, Governatori G, Namiri K (2007) Modeling control objectives for business process compliance. In: BPM’07, pp 149–164Google Scholar
  28. 28.
    Sap AG (2007) Governance for modeling and implementing enterprise services at SAP. URL
  29. 29.
    Sayal M, Casati F, Dayal U, Shan MC (2002) Business process Cockpit. In: VLDB ’02. VLDB Endowment, pp 880–883Google Scholar
  30. 30.
    Schleicher D, Anstett T, Leymann F, Mietzner R (2009) Maintaining compliance in customizable process models. In: CoopIS’09. LNCS, vol 5870, pp 60–75Google Scholar
  31. 31.
    Seol H, Choi J, Park G, Park Y (2007) A framework for benchmarking service process using data envelopment analysis and decision tree. Expert Syst Appl 32(2):432–440CrossRefGoogle Scholar
  32. 32.
    Silveira P, Rodríguez C, Casati F, Daniel F, D’Andrea V, Worledge C, Taheri Z (2009) On the design of compliance governance dashboards for effective compliance and audit management. In: NFPSLAM-SOC’09. SpringerGoogle Scholar
  33. 33.
    Software AG (2007) SOA governance: “Rule your SOA”. Tech rep, Software AG. URL
  34. 34.
    Tarantino A (2008) Governance, risk, and compliance handbook. Wiley, New YorkCrossRefGoogle Scholar
  35. 35.
    Trent H (2008) Products for managing governance, risk, and compliance: market fluff or relevant stuff?. In-depth research report, Burton GroupGoogle Scholar
  36. 36.
    Tsang S, Kao B, Yip KY, Ho WS, Lee SD (2009) Decision trees for uncertain data. In: ICDE’09. IEEE, pp 441–444Google Scholar
  37. 37.
    van Lessen T, Leymann F, Mietzner R, Nitzsche J, Schleicher D (2008) A management framework for WS-BPEL. In: ECOWS’08. IEEE, pp 187–196Google Scholar
  38. 38.
    Walton M (1988) The deming management method. Perigee Books, New YorkGoogle Scholar

Copyright information

© Springer-Verlag London 2013

Authors and Affiliations

  • Carlos Rodríguez
    • 1
  • Daniel Schleicher
    • 2
  • Florian Daniel
    • 1
  • Fabio Casati
    • 1
  • Frank Leymann
    • 2
  • Sebastian Wagner
    • 2
  1. 1.Department of Information Engineering and Computer ScienceUniversity of TrentoPovoItaly
  2. 2.Institute of Architecture of Application SystemsUniversity of StuttgartStuttgartGermany

Personalised recommendations