Normative Requirements for Business Process Compliance

  • Mustafa Hashmi
  • Guido Governatori
  • Moe Thandar Wynn
Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 177)


Norms regulate the behaviour of their subjects and define what is legal and what is illegal. Norms typically describe the conditions under which they are applicable and the normative effects as a result of their applications. On the other hand, process models specify how a business operation or service is to be carried out to achieve a desired outcome. Norms can have a significant impact on how business operations are conducted and they can apply to the whole or a part of a business process. For example, they may impose conditions on the different aspects of a process (e.g., perform tasks in a specific sequence (control-flow), at a specific time or within a certain time frame (temporal aspect), by specific people (resources). We propose a framework that provides the formal semantics of the normative requirements for determining whether a business process complies with a normative document (where a normative document can be understood in a very broad sense, ranging from internal policies to best practice policies, to statutory acts). We also present a classification of normal requirements based on the notion of different types of obligations and the effects of violating these obligations.


Norms Regulatory compliance Business process compliance 


  1. 1.
    Accorsi, R., Lowis, L., Sato, Y.: Automated certification for compliant cloud-based business processes. Bus. Inf. Syst. Eng. 3(3), 145–154 (2011)CrossRefGoogle Scholar
  2. 2.
    Tosatto, S.C., Governatori, G., Kelsen, P., van der Torre, L.: Business process compliance is hard. Technical report, NICTA (2012)Google Scholar
  3. 3.
    Elgammal, A., Turetken, O., van den Heuvel, W.-J., Papazoglou, M.: Root-cause analysis of design-time compliance violations on the basis of property patterns. In: Maglio, P.P., Weske, M., Yang, J., Fantinato, M. (eds.) ICSOC 2010. LNCS, vol. 6470, pp. 17–31. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  4. 4.
    Elgammal, A., Turetken, O., van den Heuvel, W.-J., Papazoglou, M.: On the formal specification of regulatory compliance: a comparative analysis. In: Maximilien, E.M., Rossi, G., Yuan, S.-T., Ludwig, H., Fantinato, M. (eds.) ICSOC 2010. LNCS, vol. 6568, pp. 27–38. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  5. 5.
    Gordon, T.F., Governatori, G., Rotolo, A.: Rules and norms: requirements for rule interchange languages in the legal domain. In: Governatori, G., Hall, J., Paschke, A. (eds.) RuleML 2009. LNCS, vol. 5858, pp. 282–296. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  6. 6.
    Governatori, G.: Representing business contracts in RuleML. Int. J. Coop. Inf. Syst. 14(2–3), 181–216 (2005)CrossRefGoogle Scholar
  7. 7.
    Governatori, G., Milosevic, Z.: Dealing with contract violations: formalism and domain specific language. In: EDOC 2005, pp. 46–57 (2005)Google Scholar
  8. 8.
    Governatori, G., Rotolo, A.: A conceptually rich model of business process compliance. In: Proceeding of APCCM’10, vol. 110, pp. 3–12 (2010)Google Scholar
  9. 9.
    Governatori, G., Rotolo, A.: Norm compliance in business process modeling. In: Dean, M., Hall, J., Rotolo, A., Tabet, S. (eds.) RuleML 2010. LNCS, vol. 6403, pp. 194–209. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  10. 10.
    Governatori, G., Sadiq, S.: The journey to business process compliance. In: Cardoso, J., van der Aalst, W. (eds.) Handbook of Research on Business Process Management, pp. 426–454. IGI Global, Hershey (2009) CrossRefGoogle Scholar
  11. 11.
    Kiepuszewski, B., ter Hofstede, A.H.M., Bussler, C.J.: On structured workflow modelling. In: Wangler, B., Bergman, L.D. (eds.) CAiSE 2000. LNCS, vol. 1789, pp. 431–445. Springer, Heidelberg (2000) CrossRefGoogle Scholar
  12. 12.
    Murata, T.: Petri nets: properties, analysis and applications. Proc. IEEE 77(4), 541–580 (1989)CrossRefGoogle Scholar
  13. 13.
    Orriëns, B., Yang, J., Papazoglou, M.P.: A framework for business rule driven service composition. In: Benatallah, B., Shan, M.-C. (eds.) TES 2003. LNCS, vol. 2819, pp. 14–27. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  14. 14.
    Sadiq, W., Governatori, G., Namiri, K.: Modeling control objectives for business process compliance. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 149–164. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  15. 15.
    Sartor, G.: Legal Reasoning: A Cognitive Approach to the Law. Springer, Dordrecht (2005)Google Scholar
  16. 16.
    van der Aalst, W.M.P.: The application of petri nets to workflow management. J. Circuits Syst. Comput. 8(1), 21–66 (1998)CrossRefGoogle Scholar
  17. 17.
    van der Aalst, W.M.P.: Workflow verification: finding control-flow errors using petri-net-based techniques. In: van der Aalst, W.M.P., Desel, J., Oberweis, A. (eds.) Business Process Management. LNCS, vol. 1806, p. 161. Springer, Heidelberg (2000) CrossRefGoogle Scholar
  18. 18.
    Weigand, H., van den Heuvel, W.-J., Hiel, M.: Business policy compliance in service-oriented systems. Inf. Syst. 36(4), 791–807 (2011)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Mustafa Hashmi
    • 1
    • 2
  • Guido Governatori
    • 1
    • 2
  • Moe Thandar Wynn
    • 1
    • 2
  1. 1.NICTA, Queensland Research LaboratoryBrisbaneAustralia
  2. 2.Queensland University of Technology (QUT)BrisbaneAustralia

Personalised recommendations