Advertisement

Information Systems Frontiers

, Volume 14, Issue 2, pp 195–219 | Cite as

On enabling integrated process compliance with semantic constraints in process management systems

Requirements, challenges, solutions
  • Linh Thao LyEmail author
  • Stefanie Rinderle-Ma
  • Kevin Göser
  • Peter Dadam
Article

Abstract

Key to broad use of process management systems (PrMS) in practice is their ability to foster and ease the implementation, execution, monitoring, and adaptation of business processes while still being able to ensure robust and error-free process enactment. To meet these demands a variety of mechanisms has been developed to prevent errors at the structural level (e.g., deadlocks). In many application domains, however, processes often have to comply with business level rules and policies (i.e., semantic constraints) as well. Hence, to ensure error-free executions at the semantic level, PrMS need certain control mechanisms for validating and ensuring the compliance with semantic constraints. In this paper, we discuss fundamental requirements for a comprehensive support of semantic constraints in PrMS. Moreover, we provide a survey on existing approaches and discuss to what extent they are able to meet the requirements and which challenges still have to be tackled. In order to tackle the particular challenge of providing integrated compliance support over the process lifecycle, we introduce the SeaFlows framework. The framework introduces a behavioural level view on processes which serves a conceptual process representation for constraint specification approaches. Further, it provides general compliance criteria for static compliance validation but also for dealing with process changes. Altogether, the SeaFlows framework can serve as formal basis for realizing integrated support of semantic constraints in PrMS.

Keywords

Adaptive process management systems Semantic constraints Process verification Compliance validation 

Notes

Acknowledgements

We would like to thank our students Heiko Fröhlich, Philipp Merkel, Barbara Panzer, and Andreas Pröbstle for implementing the SeaFlows prototype presented in this paper.

References

  1. Agrawal, R., Johnson, C., Kiernan, J., & Leymann, F. (2006). Taming compliance with Sarbanes-Oxley internal controls using database technology. In Proc. of the 22nd int’l conf. on data engineering (ICDE’06) (p. 92). Los Alamitos: IEEE Computer Society.CrossRefGoogle Scholar
  2. Alberti, M., et al. (2006). Computational logic for run-time verification of web services choreographies: Exploiting the SOCS-SI tool. In Proc. 3rd int’l workshop on web services and formal methods. LNCS (Vol. 4184, pp. 58–72). New York: Springer.CrossRefGoogle Scholar
  3. Alberti, M., et al. (2007). Expressing and verifying business contracts with abductive logic. In Normative multi-agent systems, dagstuhl seminar proceedings (No. 07122). Internationales Begegnungs- und Forschungszentrum fuer Informatik.Google Scholar
  4. Attie, P., Singh, M., Sheth, A., & Rusinkiewicz, M. (1993). Specifying and enforcing intertask dependencies. In Proc. VLDB ’93 (pp. 134–145). San Mateo: Morgan Kaufmann.Google Scholar
  5. Baader, F., et al. (2003). The description logic handbook—theory, implementation and applications. Cambridge: Cambridge University Press.Google Scholar
  6. Blackburn, P., de Rijke, M., & Venema, Y. (2002). Modal logic. Cambridge tracts in theoretical computer science. Cambridge: Cambridge University Press.Google Scholar
  7. Bobrik, R., Reichert, M., & Bauer, T. (2005). Requirements for the visualization of system-spanning business processes. In Proc. 1st int’l workshop on business process monitoring and performance management (BPMPM’05).Google Scholar
  8. Casati, F., Ceri, S., Pernici, B., & Pozzi, G. (1998). Workflow evolution. Data & Knowledge Engineering, 24(3), 211–238.CrossRefGoogle Scholar
  9. Dadam, P., et al. (2008). Towards truly flexible and adaptive process-aware information systems. In Proc. UNISCON ’08. Klagenfurt, Austria.Google Scholar
  10. Davulcu, H., Kifer, M., Ramakrishnan, C. R., & Ramakrishnan, I. V. (1998). Logic based modeling and analysis of workflows. In PODS ’98 (pp. 25–33).Google Scholar
  11. Directive 2006/43/EC of the European Parliament and of the Council of 17 May 2006 (2006). http://www.eur-lex.europa.eu.
  12. Dwyer, M. B., Avrunin, G. S., & Corbett, J. C. (1999). Patterns in property specifications for finite-state verification. In Proc. of the 21st int’l conf. on software engineering (pp. 411–420).Google Scholar
  13. Ellis, C., Keddara, K., & Rozenberg, G. (1995). Dynamic change within workflow systems. In Proc. of the int’l ACM conf. COOCS ’95 (pp. 10–21).Google Scholar
  14. Emprise (2008). BONAPART Sarbanes-Oxley analyzer.Google Scholar
  15. Foster, H., Uchitel, S., Magee, J., & Kramer, J. (2006). Model-based analysis of obligations in web service choreography. In Proc. of the advanced int’l conf. on telecommunications and int’l conf. on internet and web applications and services (p. 149). Los Alamitos: IEEE Computer Society.Google Scholar
  16. Förster, A., Engels, G., Schattkowsky, T., & Van der Straeten, R. (2007). Verficiation of business process quality constraints based on visual process patterns. In Proc. 1st joint IEEE/IFIP symposium on theoretical aspects of sofware engineering.Google Scholar
  17. Fötsch, D., Pulvermüller, E., & Rossak, W. (2006). Modeling and verifying workflow-based regulations. In Workshop on regulations modelling and their validation and verification. Google Scholar
  18. Ghose, A., & Koliadis, G. (2007). Auditing business process compliance. In Proc. ICSOC ’07. LNCS (Vol. 4749, pp. 169–180). New York: Springer.Google Scholar
  19. Giblin, C., Müller, S., & Pfitzmann, B. (2006). From regulatory policies to event monitoring rules: Towards model-driven compliance automation. Tech. Rep. Research Report RZ-3662, IBM Research GmbH.Google Scholar
  20. Goldszmidt, G., Joseph, J., & Sachdeva, N. (2005). On demand business process life cycle, part 6: Apply customization policies and rules. Tech. rep., IBM.Google Scholar
  21. Gomez-Perez, A., Fernandez-Lopez, M., & Corcho-Garcia, O. (2004). Ontological engineering. New York: Springer.Google Scholar
  22. Governatori, G. (2005). Representing business contracts in RuleML. International Journal of Cooperative Information System, 14(2–3), 181–216.CrossRefGoogle Scholar
  23. Governatori, G., Hoffmann, J., Sadiq, S., & Weber, I. (2008). Detecting regulatory compliance for business process models through semantic annotations. In Proc. of the 4th int’l workshop on business process design. Google Scholar
  24. Governatori, G., Milosevic, Z., & Sadiq, S. (2006). Compliance checking between business processes and business contracts. In Proc. EDOC’06 (pp. 221–232). Los Alamitos: IEEE Computer Society.Google Scholar
  25. Greiner, U., Ramsch, J., Heller, B., Löffler, M., Müller, R., & Rahm, E. (2004). Adaptive guideline-based treatment workflows with adaptflow. In Proc. of symposium on computerized guidelines and protocols, (Vol. 101, pp. 113–117). Amsterdam: IOS.Google Scholar
  26. Heinlein, C. (2001). Workflow and process synchronisation with interaction expressions and graphs. In Proc. of the 17th int’l conf. on data engineering (ICDE ’01). Piscataway: IEEE.Google Scholar
  27. Herbst, H., Knolmayer, G., Myrach, T., & Schlesinger, M. (1994). The specification of business rules: A comparison of selected methodologies. In Methods and associated tools for the information system life cycle (pp. 29–46). Amsterdam: Elsevier.Google Scholar
  28. Huth, M., & Ryan, M. (2004). Logic in computer science—modelling and reasoning about systems. Cambridge: Cambridge University Press.Google Scholar
  29. IDS Scheer (2008). Governance, risk and compliance management with ARIS. (in german).Google Scholar
  30. ILOG (2005). ILOG JRules and IBM MQWF—White paper.Google Scholar
  31. Kharbili, M.E., Stein, S., Markovic, I., & Pulvermüller, E. (2008). Towards a framework for semantic business process compliance management. In Proc. of the 1st int’l workshop on governance, risk and compliance (GRCIS’08) (pp. 1–15).Google Scholar
  32. Konyen, I., et al. (1996). Process design for minimally-invasive surgeries. Interne Ulmer Informatik-Berichte DBIS-14, Ulm University. (in german).Google Scholar
  33. Lenz, R., & Reichert, M. (2007). It support for healthcare processes—premises, challenges, perspectives. Data & Knowledge Engineering, 61(1), 39–58.CrossRefGoogle Scholar
  34. Linehan, M., & Ferguson, D. (2005). Business rule standards—interoperability and portability. In W3C workshop on rule languages for interoperability. Google Scholar
  35. Liu, Y., Müller, S., & Xu, K. (2007). A static compliance-checking framework for business process models. IBM Systems Journal, 46(2), 335–261.CrossRefGoogle Scholar
  36. Lu, R., Sadiq, S., & Governatori, G. (2008). Compliance aware process design. In Proc. BPM workshops ’07. LNCS (Vol. 4928, pp. 120–131). New York: Springer.CrossRefGoogle Scholar
  37. Lu, R., Sadiq, S., Padmanabhan, V., & Governatori, G. (2006). Using a temporal constraint network for business process execution. In Proc. of the 17th Australasian database conference (pp. 157–166). Adelaide: Australian Computer Society.Google Scholar
  38. Ly, L. T., Rinderle, S., & Dadam, P. (2006). Semantic correctness in adaptive process management systems. In Proc. BPM’06. LNCS (Vol. 4102, pp. 193–208). New York: Springer.Google Scholar
  39. Ly, L. T., Rinderle-Ma, S., & Dadam, P. (2007). Integration and verification of semantic constraints in adaptive process management systems. Data & Knowledge Engineering, 64, 3–23.CrossRefGoogle Scholar
  40. Marchetti, A. M. (2007). Sarbanes-Oxley ongoing compliance guide: Key processes and summary checklists. New York: Wiley.Google Scholar
  41. Milosevic, Z., Josang, A., Dimitrakos, T., & Patton, M. (2002). Discretionary enforcement of electronic contracts. In Proc. EDOC ’02 (pp. 3–14). Los Alamitos: IEEE Computer Society.Google Scholar
  42. Müller, D., Herbst, J., Hammori, M., & Reichert, M. (2006). IT support for release management processes in the automotive industry. In Proc. BPM’06. LNCS (Vol. 4102, pp. 368–377). New York: Springer.Google Scholar
  43. Müller, R., Greiner, U., & Rahm, E. (2004). Agentwork: A workflow system supporting rule-based workflow adaption. Data & Knowledge Engineering, 51, 223–256.CrossRefGoogle Scholar
  44. Namiri, K., & Stojanovic, N. (2007a). A formal approach for internal controls compliance in business processes. In 8th Workshop on business process modeling, development, and support. Google Scholar
  45. Namiri, K., & Stojanovic, N. (2007b). Pattern-based design and validation of business process compliance. In OTM 2007, part I. LNCS (Vol. 4803, pp. 59–76). New York: Springer.Google Scholar
  46. Newcastle Guideline Development and Research Unit (2004). Management of dyspepsia in adults in primary care.Google Scholar
  47. OMG (2008). Semantics of business vocabulary and business rules (sbvr), version 1.0. http://www.omg.org/spec/SBVR/1.0/PDF.
  48. Peleg, M., Soffer, P., & Ghattas, J. (2008). Mining process execution and outcomes—position paper. In BPM’07 workshops. LNCS (Vol. 4928, pp. 395–400). New York: Springer.Google Scholar
  49. Pesic, M., & van der Aalst, W. M. P. (2006). A declarative approach for flexible business processes management. In BPM’06 workshops. LNCS (Vol. 4103, pp. 169–180). New York: Springer.Google Scholar
  50. Reichert, M., & Dadam, P. (1998). ADEPTflex—supporting dynamic changes of workflows without losing control. Journal of Intelligent Information Systems, Special Issue on Workflow Management Systems, 10(2), 93–129.Google Scholar
  51. Rinderle, S., Reichert, M., & Dadam, P. (2004a). Correctness criteria for dynamic changes in workflow systems—a survey. Data & Knowledge Engineering, 50(1), 9–34.CrossRefGoogle Scholar
  52. Rinderle, S., Reichert, M., & Dadam, P. (2004b). Flexible support of team processes by adaptive workflow systems. Distributed and Parallel Databases, 16(1), 91–116.CrossRefGoogle Scholar
  53. Sadiq, S., Governatori, G., & Naimiri, K. (2007). Modeling control objectives for business process compliance. In Proc. BPM’07. LNCS (Vol. 4714, pp. 149–164). New York: Springer.Google Scholar
  54. Sadiq, S., Orlowska, M., & Sadiq, W. (2005). Specification and validation of process constraints for flexible workflows. Information Systems, 30(5), 349–378.CrossRefGoogle Scholar
  55. Schneider, K. (2004). Verification of reactive systems: Formal methods and algorithms. New York: Springer.Google Scholar
  56. Singh, M. P. (1996). Semantical considerations on workflows: An algebra for intertask dependencies. In Proc. of the 5th int’l workshop on database programming languages (p. 5). New York: Springer.Google Scholar
  57. The Business Rules Group (2000). Defining business rules—what are they really? http://www.businessrulesgroup.org/first_paper/BRG-whatisBR_3ed.pdf.
  58. The Business Rules Group (2007). The business motivation model—business governance in a volatile world. 1.2 http://www.businessrulesgroup.org/second_paper/BRG-BMM.pdf.
  59. van der Aalst, W. (2000). Workflow verification: Finding control-flow errors using petri-net-based techniques. In Proc. BPM ’00 (pp. 161–183).Google Scholar
  60. van der Aalst, W., & Basten, T. (2002). Inheritance of workflows: An approach to tackling problems related to change. Theoretical Computer Science, 270(1–2), 125–203.CrossRefGoogle Scholar
  61. van der Aalst, W., de Beer, H., & van Dongen, B. (2005). Process mining and verification of properties: An approach based on temporal logic. In Proc. OTM conferences ’05. LNCS (Vol. 3761, pp. 130–147).Google Scholar
  62. van der Aalst, W., et al. (2007). Prom 4.0: Comprehensive support for real process analysis. In Proc. of application and theory of Petri Nets and other models of concurrency, LNCS (Vol. 4546, pp. 484–494). New York: Springer.Google Scholar
  63. van den Heuvel, J., & Weigand, H. (2000). Cross-organizational workflow integration using contracts. In Proc. business object workshop ’00.Google Scholar
  64. Wagner, G. (2002). How to design a general rule markup language. In Proc. of the workshop XML technologies for the semantic web.Google Scholar
  65. Weber, B., Reichert, M., & Rinderle-Ma, S. (2008). Change patterns and change support features—enhancing flexibility in process-aware information systems. Data & Knowledge Engineering, 66, 438–466.CrossRefGoogle Scholar
  66. Weber, B., Reichert, M., Wild, W., & Rinderle-Ma, S. (2009). Providing integrated life cycle support in process-aware information systems. International Journal of Cooperative Information Systems (IJCIS), 18(1), 115–165.CrossRefGoogle Scholar
  67. Weber, I., Governatori, G., & Hoffmann, J. (2008). Approximate compliance checking for annotated process models. In Proc. of the 1st int’l workshop on governance, risk and compliance (GRCIS’08) (pp. 46–60).Google Scholar
  68. Weber, I., Hoffmann, J., & Mendling, J. (2008). Semantic business process validation. In Proc. semantics for BPM.Google Scholar
  69. Weske, M. (2001) Formal foundation and conceptual design of dynamic adaptations in a workflow management system. In: HICSS-34, (p. 7051). Google Scholar
  70. Yu, J., Manh, T. P., Hand, J., & Jin, Y. (2006). Pattern-based property specification and verification for service composition. CeCSES Report SUT.CeCSES-TR010, Swinburne University of Technology.Google Scholar
  71. zur Muehlen, M. (2004). Organizational management in workflow applications—issues and perspectives. Information Technology and Management, 5(3–4), 271–291.CrossRefGoogle Scholar
  72. zur Muehlen, M., Indulska, M., & Kamp, G. (2007). Business process and business rule modeling languages for compliance management: A representational analysis. In ER (tutorials, posters, panels & industrial contributions) (pp. 127–132).Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2009

Authors and Affiliations

  • Linh Thao Ly
    • 1
    Email author
  • Stefanie Rinderle-Ma
    • 1
  • Kevin Göser
    • 2
  • Peter Dadam
    • 1
  1. 1.Institute of Databases and Information SystemsUlm UniversityUlmGermany
  2. 2.AristaFlow GmbHUlmGermany

Personalised recommendations