Skip to main content
SpringerLink
Log in
Book cover

International Conference on Cloud Computing and Services Science

CLOSER 2016: Cloud Computing and Services Science pp 209–231Cite as

An Universal Approach for Compliance Management Using Compliance Descriptors

  • Conference paper
  • First Online:

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 740))

Abstract

Trends like outsourcing and cloud computing have led to a distribution of business processes among different IT systems and organizations. Still, businesses need to ensure compliance regarding laws and regulations of these distributed processes. This need gave way to many new solutions for compliance management and checking. Compliance requirements arise from legal documents and are implemented in all parts of enterprise IT, creating a business IT gap between legal texts and software implementation. Compliance solutions must bridge this gap as well as support a wide variety of compliance requirements. To achieve these goals, we developed an integrating compliance descriptor for compliance modeling on the legal, requirement and technical level, incorporating arbitrary rule languages for specific types of requirements. Using a modeled descriptor a compliance checking architecture can be configured, including specific rule checking implementations. The graphical notation of the compliance descriptor and the formalism it’s based on are described and evaluated using a prototype as well as expert interviews. Based on evaluation results, an extension for compliance management in unstructured processes is outlined.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    www.oasis-open.org/committees/tosca/ (accessed 12.3.2015).

  2. 2.

    http://bpt.hpi.uni-potsdam.de/Oryx (accessed 18.3.2015).

References

  1. Abdullah, N.S., Indulska, M., Sadiq, S.W.: A study of compliance management in information systems research. In: ECIS, pp. 1711–1721 (2009)

    Google Scholar 

  2. Aschenbrenner, M., Dicke, R., Karnarski, B., Schweiggert, F.: Informationsverarbeitung in Versicherungsunternehmen. Springer, Heidelberg (2010)

    Book  Google Scholar 

  3. Awad, A., Decker, G., Weske, M.: Efficient compliance checking using BPMN-Q and temporal logic. In: Dumas, M., Reichert, M., Shan, M.-C. (eds.) BPM 2008. LNCS, vol. 5240, pp. 326–341. Springer, Heidelberg (2008). doi:10.1007/978-3-540-85758-7_24

    Chapter  Google Scholar 

  4. Awad, A., Weske, M.: Visualization of compliance violation in business process models. In: Rinderle-Ma, S., Sadiq, S., Leymann, F. (eds.) BPM 2009. LNBIP, vol. 43, pp. 182–193. Springer, Heidelberg (2010). doi:10.1007/978-3-642-12186-9_17

    Chapter  Google Scholar 

  5. BDO AG Wirtschaftsprüfungsgesellschaft: Compliance Survey bei Versicherungen (2010). http://www.bdo.de/uploads/media/BDO_Compliance_Studie.pdf

  6. Bobrik, R., Reichert, M., Bauer, T.: View-based process visualization. In: Desel, J., Pernici, B., Weske, M. (eds.) BPM 2004. LNCS, vol. 3080. Springer, Heidelberg (2004). doi:10.1007/978-3-540-75183-0_7

    Google Scholar 

  7. Bundesdatenschutzgesetz (BDSG): Gesetze im Internet - Bundesdatenschutzgesetz (BDSG) (1990). http://www.gesetze-im-internet.de/bundesrecht/bdsg_1990/gesamt.pdf. Accessed 19 Jan 2016

  8. Comuzzi, M.: Aligning monitoring and compliance requirements in evolving business networks. In: Meersman, R., Panetto, H., Dillon, T., Missikoff, M., Liu, L., Pastor, O., Cuzzocrea, A., Sellis, T. (eds.) OTM 2014. LNCS, vol. 8841, pp. 166–183. Springer, Heidelberg (2014). doi:10.1007/978-3-662-45563-0_10

    Google Scholar 

  9. Dongen, B.F., Medeiros, A.K.A., Verbeek, H.M.W., Weijters, A.J.M.M., Aalst, W.M.P.: The ProM framework: a new era in process mining tool support. In: Ciardo, G., Darondeau, P. (eds.) ICATPN 2005. LNCS, vol. 3536, pp. 444–454. Springer, Heidelberg (2005). doi:10.1007/11494744_25

    Chapter  Google Scholar 

  10. El Kharbili, M., Stein, S., Markovic, I., Pulvermüller, E.: Towards a framework for semantic business process compliance management. In: Proceedings of the 1st GRCIS, pp. 1–15 (2008)

    Google Scholar 

  11. El Kharbili, M., Stein, S., Pulvermüller, E.: Policy-based semantic compliance checking for business process management. In: MobIS Workshops, vol. 420, pp. 178–192. Citeseer (2008)

    Google Scholar 

  12. Fehling, C., Koetter, F., Leymann, F.: Compliance Modeling - Formal Descriptors and Tools (2014). http://www.iaas.uni-stuttgart.de/institut/mitarbeiter/fehling/TR-2014-Compliance-Modeling.pdf

  13. German Insurance Association (GDV): Verhaltensregeln fuer den Umgang mit personenbezogenen Daten durch die deutsche Versicherungswirtschaft (2012). http://www.gdv.de/wp-content/uploads/2013/03/GDV_Code-of-Conduct_Datenschutz_2012.pdf. Accessed 19 Jan 2016

  14. Ghose, A., Koliadis, G.: Auditing business process compliance. In: Krämer, B.J., Lin, K.-J., Narasimhan, P. (eds.) ICSOC 2007. LNCS, vol. 4749, pp. 169–180. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74974-5_14

    Chapter  Google Scholar 

  15. Goedertier, S., Vanthienen, J.: Designing compliant business processes with obligations and permissions. In: Eder, J., Dustdar, S. (eds.) BPM 2006. LNCS, vol. 4103, pp. 5–14. Springer, Heidelberg (2006). doi:10.1007/11837862_2

    Chapter  Google Scholar 

  16. Karagiannis, D., Moser, C., Mostashari, A.: Compliance evaluation featuring heat maps (CE-HM): a meta-modeling-based approach. In: Ralyté, J., Franch, X., Brinkkemper, S., Wrycza, S. (eds.) CAiSE 2012. LNCS, vol. 7328, pp. 414–428. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31095-9_27

    Chapter  Google Scholar 

  17. Kharbili, M.E., de Medeiros, A.K.A., Stein, S., van der Aalst, W.M.P.: Business process compliance checking: current state and future challenges. In: MobIS, LNI, vol. 141, pp. 107–113. GI (2008)

    Google Scholar 

  18. Kintz, M.: A semantic dashboard description language for a process-oriented dashboard design methodology. In: Proceedings of 2nd MODIQUITOUS 2012, Copenhagen, Denmark (2012)

    Google Scholar 

  19. Kleene, S.C.: Introduction to Metamathematics. North-Holland Publishing Co., Amsterdam (1952)

    MATH  Google Scholar 

  20. Knuplesch, D., Reichert, M.: A visual language for modeling multiple perspectives of business process compliance rules. In: Software and Systems Modeling, pp. 1–22. Springer, Heidelberg (2016)

    Google Scholar 

  21. Knuplesch, D., Reichert, M., Pryss, R., Fdhila, W., Rinderle-Ma, S.: Ensuring compliance of distributed and collaborative workflows. In: 9th Collaboratecom, pp. 133–142. IEEE (2013)

    Google Scholar 

  22. Kochanowski, M., Fehling, C., Koetter, F., Leymann, F., Weisbecker, A.: Compliance in BPM today - an insight into experts’ views and industry challenges. In: Proceedings of INFORMATIK 2014, GI (2014)

    Google Scholar 

  23. Koetter, F., Kochanowski, M.: A model-driven approach for event-based business process monitoring. In: Rosa, M., Soffer, P. (eds.) BPM 2012. LNBIP, vol. 132, pp. 378–389. Springer, Heidelberg (2013). doi:10.1007/978-3-642-36285-9_41

    Chapter  Google Scholar 

  24. Koetter, F., Kochanowski, M.: A model-driven approach for event-based business process monitoring. In: Information Systems and e-Business Management, pp. 1–32 (2014)

    Google Scholar 

  25. Koetter, F., Kochanowski, M., Kintz, M.: Leveraging model-driven monitoring for event-driven business process control. In: Workshop zur Ereignismodellierung und -verarbeitung im Geschaeftsprozessmanagement (EMOV) (2014, to appear)

    Google Scholar 

  26. Koetter, F., Kochanowski, M., Renner, T., Fehling, C., Leymann, F.: Unifying compliance management in adaptive environments through variability descriptors (short paper). In: IEEE SOCA 2013, pp. 214–219. IEEE (2013)

    Google Scholar 

  27. Koetter, F., Kochanowski, M., Weisbecker, A., Fehling, C., Leymann, F.: Integrating compliance requirements across business and IT. In: 18th EDOC, pp. 218–225. IEEE (2014)

    Google Scholar 

  28. Ly, L.T., Knuplesch, D., Rinderle-Ma, S., Göser, K., Pfeifer, H., Reichert, M., Dadam, P.: SeaFlows toolset – compliance verification made easy for process-aware information systems. In: Soffer, P., Proper, E. (eds.) CAiSE Forum 2010. LNBIP, vol. 72, pp. 76–91. Springer, Heidelberg (2011). doi:10.1007/978-3-642-17722-4_6

    Chapter  Google Scholar 

  29. Mietzner, R., Metzger, A., Leymann, F., Pohl, K.: Variability modeling to support customization and deployment of multi-tenant-aware software as a service applications. In: Proceedings of PESOS 2009, pp. 18–25. IEEE Computer Society, Washington, DC (2009)

    Google Scholar 

  30. Papazoglou, M.: Making business processes compliant to standards and regulations. In: 2011 15th IEEE International Enterprise Distributed Object Computing Conference (EDOC), pp. 3–13, August 2011

    Google Scholar 

  31. Patig, S., Casanova-Brito, V., Vögeli, B.: IT requirements of business process management in practice – an empirical study. In: Hull, R., Mendling, J., Tai, S. (eds.) BPM 2010. LNCS, vol. 6336, pp. 13–28. Springer, Heidelberg (2010). doi:10.1007/978-3-642-15618-2_4

    Chapter  Google Scholar 

  32. Ramezani, E., Fahland, D., Aalst, W.M.P.: Supporting domain experts to select and configure precise compliance rules. In: Lohmann, N., Song, M., Wohed, P. (eds.) BPM 2013. LNBIP, vol. 171, pp. 498–512. Springer, Cham (2014). doi:10.1007/978-3-319-06257-0_39

    Chapter  Google Scholar 

  33. Ramezani, E., Fahland, D., Werf, J.M., Mattheis, P.: Separating compliance management and business process management. In: Daniel, F., Barkaoui, K., Dustdar, S. (eds.) BPM 2011. LNBIP, vol. 100, pp. 459–464. Springer, Heidelberg (2012). doi:10.1007/978-3-642-28115-0_43

    Chapter  Google Scholar 

  34. Reichert, M., Weber, B.: Enabling Flexibility in Process-aware Information Systems: Challenges, Methods, Technologies. Springer, Heidelberg (2012)

    Book  MATH  Google Scholar 

  35. Sadiq, S., Governatori, G., Namiri, K.: Modeling control objectives for business process compliance. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 149–164. Springer, Heidelberg (2007). doi:10.1007/978-3-540-75183-0_12

    Chapter  Google Scholar 

  36. SAI Global: 2013 Insurance Industry Compliance Benchmark Study (2013). http://compliance.saiglobal.com/community/resources/-whitepapers

  37. Scherer, G.S.H.: Assekuranz 2015 - Eine Standortbestimmung. Universität Sankt Gallen - Institut für Versicherungswirtschaft, Sankt Gallen, Schweiz (2015)

    Google Scholar 

  38. Schleicher, D., Fehling, C., Grohe, S., Leymann, F., Nowak, A., Schneider, P., Schumm, D.: Compliance domains: a means to model data-restrictions in cloud environments. In: 15th EDOC, pp. 257–266. IEEE (2011)

    Google Scholar 

  39. Semmelrodt, F., Knuplesch, D., Reichert, M.: Modeling the resource perspective of business process compliance rules with the extended compliance rule graph. In: Bider, I., Gaaloul, K., Krogstie, J., Nurcan, S., Proper, H.A., Schmidt, R., Soffer, P. (eds.) BPMDS/EMMSAD -2014. LNBIP, vol. 175, pp. 48–63. Springer, Heidelberg (2014). doi:10.1007/978-3-662-43745-2_4

    Google Scholar 

  40. Takabi, H., Joshi, J.B., Ahn, G.J.: Security and privacy challenges in cloud computing environments. IEEE Secur. Priv. 8(6), 24–31 (2010)

    Article  Google Scholar 

  41. Wagner, R., Steinhüser, D., Engelbrefcht, O., Meinherz, A.: Agenda 2015: Compliance Management als stetig wachsende Herausforderung für Versicherungen (2010)

    Google Scholar 

  42. Waizenegger, T., et al.: Policy4TOSCA: a policy-aware cloud service provisioning approach to enable secure cloud computing. In: Meersman, R., Panetto, H., Dillon, T., Eder, J., Bellahsene, Z., Ritter, N., Leenheer, P., Dou, D. (eds.) OTM 2013. LNCS, vol. 8185, pp. 360–376. Springer, Heidelberg (2013). doi:10.1007/978-3-642-41030-7_26

    Chapter  Google Scholar 

  43. Wei, Y., Blake, M.B.: Service-oriented computing and cloud computing: challenges and opportunities. IEEE Internet Comput. 14(6), 72–75 (2010)

    Article  Google Scholar 

  44. Weigand, H., Elsas, P.: Model-based auditing using REA. Int. J. Account. Inf. Syst. 13(3), 287–310 (2011). Research Symposium on Information Integrity and Information Systems Assurance (2012)

    Article  Google Scholar 

Download references

Acknowledgements

The work published in this article was funded by the Co.M.B. project of the Deutsche Forschungsgemeinschaft (DFG) under the promotional reference SP 448/27-1.

Author information

Authors and Affiliations

  1. University of Stuttgart IAT and Fraunhofer IAO, Nobelstr. 12, Stuttgart, Germany

    Falko Koetter, Maximilien Kintz, Monika Kochanowski, Thatchanok Wiriyarattanakul & Anette Weisbecker

  2. University of Stuttgart IAAS, Universitätsstr. 38, Stuttgart, Germany

    Christoph Fehling, Philipp Gildein, Sebastian Wagner & Frank Leymann

Authors
  1. Falko Koetter
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Maximilien Kintz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Monika Kochanowski
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Thatchanok Wiriyarattanakul
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Christoph Fehling
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Philipp Gildein
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Sebastian Wagner
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Frank Leymann
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. Anette Weisbecker
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Falko Koetter .

Editor information

Editors and Affiliations

  1. Dublin City University, Dublin, Ireland

    Markus Helfert

  2. Columbia University, New York, New York, USA

    Donald Ferguson

  3. Escola d’Enginyeria, Bellaterra, Barcelona, Spain

    Victor Méndez Muñoz

  4. Departamento de Engenharia Informática, Universidade de Coimbra, Coimbra, Portugal

    Jorge Cardoso

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Koetter, F. et al. (2017). An Universal Approach for Compliance Management Using Compliance Descriptors. In: Helfert, M., Ferguson, D., Méndez Muñoz, V., Cardoso, J. (eds) Cloud Computing and Services Science. CLOSER 2016. Communications in Computer and Information Science, vol 740. Springer, Cham. https://doi.org/10.1007/978-3-319-62594-2_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-62594-2_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-62593-5

  • Online ISBN: 978-3-319-62594-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation