Compliant Business Process Design Using Refinement Layers

  • Daniel Schleicher
  • Tobias Anstett
  • Frank Leymann
  • David Schumm
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6426)


In recent years compliance has emerged as one of the big IT challenges enterprises are faced with. The management of a multitude of regulations and the complexity of current business processes are problems that need to be addressed.

In this paper we present an approach based on so-called compliance templates to develop and manage compliant business processes involving different stakeholders.

We introduce the concept of a refinement process. In the refinement process each compliance template is refined in a layered way to get an executable business process. The refinement steps are executed on refinement layers by different stakeholders. Compliance constraints are used to restrict the way a compliance template can be refined. Introduced in a certain refinement layer of the refinement process, compliance constraints are propagated to higher refinement layers.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Clarke, E.M., Grumberg, O., Peled, D.A.: Model Checking. MIT Press, Cambridge (2000)Google Scholar
  2. 2.
    U.S. Code. Sarbanes-Oxley Act of 2002, PL 107-204, 116 Stat 745 (2002)Google Scholar
  3. 3.
    Eberle, H., Unger, T., Leymann, F.: Process Fragments. In: Meersman, R., Dillon, T., Herrero, P. (eds.) OTM 2009. LNCS, vol. 5870, pp. 398–405. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
    Governatori, G., Milosevic, Z.: A formal analysis of a business contract language. Int. J. Cooperative Inf. Syst. 15(4), 659–685 (2006)CrossRefGoogle Scholar
  5. 5.
    Halfmann, A.: Siemens versiebenfacht Zahl der Compliance-Mitarbeiter (January 2009)Google Scholar
  6. 6.
    Hopcroft, J.E., Motwani, R., Ullman, J.D.: Introduction to Automata Theory, Languages and Computation, 3rd edn. Pearson Addison-Wesley, Upper Saddle River (2007)zbMATHGoogle Scholar
  7. 7.
    Jureta, I., Siena, A., Mylopoulos, J., Perini, A., Susi, A.: Theory of regulatory compliance for requirements engineering. CoRR, abs/1002.3711, informal publication (2010)Google Scholar
  8. 8.
    Khalaf, R.: Supporting business process fragmentation while maintaining operational semantics: a BPEL perspective. Doctoral thesis, University of Stuttgart, Faculty of Computer Science, Electrical Engineering, and Information Technology, Germany (March 2008)Google Scholar
  9. 9.
    Liu, Y., Müller, S., Xu, K.: A static compliance-checking framework for business process models. IBM Syst. J. 46(2), 335–361 (2007)CrossRefGoogle Scholar
  10. 10.
    Ma, Z., Leymann, F.: Bpel fragments for modularized reuse in modeling bpel processes. In: ICNS 2009: Proceedings of the 2009 Fifth International Conference on Networking and Services, Washington, DC, USA, pp. 63–68. IEEE Computer Society, Los Alamitos (2009)CrossRefGoogle Scholar
  11. 11.
    Mietzner, R., Leymann, F.: Generation of BPEL Customization Processes for SaaS Applications from Variability Descriptors. In: Proceedings of the International Conference on Services Computing, Industry Track, SCC 2008. IEEE, Los Alamitos (Juli 2008)Google Scholar
  12. 12.
    OASIS. Web Services Business Process Execution Language Version 2.0 – OASIS Standard (2007)Google Scholar
  13. 13.
    Sadiq, S.W., Governatori, G., Namiri, K.: Modeling control objectives for business process compliance. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 149–164. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  14. 14.
    Schleicher, D., Anstett, T., Leymann, F., Mietzner, R.: Maintaining Compliance in Customizable Process Models. In: Meersman, R., Dillon, T., Herrero, P. (eds.) OTM 2009. LNCS, vol. 5870, pp. 1–16. Springer, Heidelberg (2009)Google Scholar
  15. 15.
    Schumm, D., Leymann, F., Ma, Z., Scheibler, T., Strauch, S.: Integrating Compliance into Business Processes: Process Fragments as Reusable Compliance Controls. In: Proceedings of the Multikonferenz Wirtschaftsinformatik (MKWI 2010), Universitaetsverlag Goettingen (2010)Google Scholar
  16. 16.
    Yi, W., Pettersson, P., Daniels, M.: Automatic verification of real-time communicating systems by constraint-solving. In: Proc. of the 7th International Conference on Formal Description Techniques, pp. 223–238 (1994)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Daniel Schleicher
    • 1
  • Tobias Anstett
    • 1
  • Frank Leymann
    • 1
  • David Schumm
    • 1
  1. 1.Institute of Architecture of Application SystemsUniversity of StuttgartStuttgartGermany

Personalised recommendations