Business Process Compliance through Reusable Units of Compliant Processes

  • David Schumm
  • Oktay Turetken
  • Natallia Kokash
  • Amal Elgammal
  • Frank Leymann
  • Willem-Jan van den Heuvel
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6385)


Compliance management is essential for ensuring that organizational business processes and supporting information systems are in accordance with a set of prescribed requirements originating from laws, regulations, and various legislative or technical documents such as Sarbanes-Oxley Act or ISO 17799. As the violation of such requirements may lead to significant punishment for an organization, compliance management should be supported at the very early stages of business process development. In this paper, we present an integrated approach to compliance management that helps process designers to adhere to compliance requirements relevant for their processes. Firstly, we introduce a conceptual model for specifying compliance requirements originating from various compliance sources. Secondly, we propose a framework for augmenting business processes with reusable fragments to ensure process compliance to certain requirements by design. Furthermore, we discuss the formalization of compliance requirements using mathematical logics and integrate the framework for process reuse with automated software verification tools.


Compliance Business Process Management Process Fragment Formal Modeling Process Verification 


  1. 1.
    Abouzaid, F., Mullins, J.: A Calculus for Generation, Verification, and Refinement of BPEL Specifications. In: Proc. of the WWV 2007, pp. 43–68 (2007)Google Scholar
  2. 2.
    Arbab, F.: Reo: A Channel-based Coordination Model for Component Composition. Mathematical Structures in Computer Science 14, 329–366 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Arbab, F., Koehler, C., Maraikar, Z., Moon, Y., Proenca, J.: Modeling, Testing and Executing Reo Connectors with the Eclipse Coordination Tools. In: Tool Demo Session at FACS 2008 (2008)Google Scholar
  4. 4.
    Awad, A., Decker, G., Weske, M.: Efficient Compliance Checking using BPMN-Q and Temporal Logic. In: Dumas, M., Reichert, M., Shan, M.-C. (eds.) BPM 2008. LNCS, vol. 5240, pp. 326–341. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. 5.
    Changizi, B., Kokash, N., Arbab, F.: A Unified Toolset for Business Process Model Formalization. In: Proc. of the Int. Workshop on Formal Engineering approaches to Software Components and Architectures (FESCA 2010) (2010)Google Scholar
  6. 6.
    Dwyer, M., Avrunin, G., Corbett, J.: Property Specification Patterns for Finite-State Verification. In: Int. Workshop on Formal Methods on Software Practice, pp. 7–15 (1998)Google Scholar
  7. 7.
    Fragmento - Fragment-oriented Repository. Online Documentation (2010),
  8. 8.
    Giblin, C., Liu, A., Muller, S., Pfitzmann, B., Zhou, X.: Regulations Expressed As Logical Models. In: Proc of the 18th Int. Annual Conf. on Legal Knowledge and Information Systems (2005)Google Scholar
  9. 9.
    Gruhn, V., Laue, R.: Specification Patterns for Time-Related Properties. In: 12th Int’l Symposium on Temporal Representation and Reasoning, USA, pp. 198–191 (2005)Google Scholar
  10. 10.
    Yu, J., Manh, T., Han, J., Jin, Y.: Pattern-Based Property Specification and Verification for Service Composition. In: Aberer, K., Peng, Z., Rundensteiner, E.A., Zhang, Y., Li, X. (eds.) WISE 2006. LNCS, vol. 4255, pp. 156–168. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Kokash, N., Arbab, F.: Formal Behavioral Modeling and Compliance Analysis for Service-Oriented Systems. In: de Boer, F.S., Bonsangue, M.M., Madelaine, E. (eds.) FMCO 2008. LNCS, vol. 5751, pp. 21–41. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    Kokash, N., Krause, C., de Vink, E.: Data-aware design and verification of service composition with Reo and mCRL2. In: Proc. of the SAC 2010. ACM Press, New York (2010)Google Scholar
  13. 13.
    Eberle, H., Unger, T., Leymann, F.: Process Fragments. In: Proc. of the 17th Int. Conference on Cooperative Information Systems (CoopIS). Springer, Heidelberg (2009)Google Scholar
  14. 14.
    Liu, Y., Muller, S., Xu, K.: A Static Compliance-Checking Framework for Business Process Models. IBM Systems Journal 46 (2007)Google Scholar
  15. 15.
    mCRL2 toolset,
  16. 16.
    Namiri, K., Stojanovic, N.: Pattern-based Design and Validation of Business Process Compliance, pp. 59–76. Springer, Heidelberg (2007)Google Scholar
  17. 17.
    Pnueli, A.: The Temporal Logic of Programs, In: Proc. of the 18th IEEE Symposium on Foundations of Computer Science, Providence, pp. 46–57 (1977)Google Scholar
  18. 18.
    Probabilistic model checker,
  19. 19.
    Sadiq, S., Governatori, G., Naimiri, K.: Modeling Control Objectives for Business Process Compliance. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 149–164. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  20. 20.
    Schumm, D., Leymann, F., Ma, Z., Scheibler, T., Strauch, S.: Integrating Compliance into Business Processes: Process Fragments as Reusable Compliance Controls. In: Proc. of the MKWI 2010, Universitätsverlag Göttingen (2010)Google Scholar
  21. 21.
    Tretmans, J.: Model Based Testing with Labelled Transition Systems. In: Hierons, R.M., Bowen, J.P., Harman, M. (eds.) FORTEST 2008. LNCS, vol. 4949, pp. 1–38. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  22. 22.
    Vardi, M.: Branching vs. Linear Time: Final Showdown. In: Margaria, T., Yi, W. (eds.) TACAS 2001. LNCS, vol. 2031, pp. 1–22. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  23. 23.
    Vereofy model checking tool,

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • David Schumm
    • 1
  • Oktay Turetken
    • 2
  • Natallia Kokash
    • 3
  • Amal Elgammal
    • 2
  • Frank Leymann
    • 1
  • Willem-Jan van den Heuvel
    • 2
  1. 1.Institute of Architecture of Application Systems (IAAS)University of StuttgartStuttgartGermany
  2. 2.European Research Institute in Service Science (ERISS)Tilburg UniversityTilburgNetherlands
  3. 3.Centrum Wiskunde & Informatica (CWI)AmsterdamNetherlands

Personalised recommendations