Fig 1 - uploaded by David Knuplesch
Content may be subject to copyright.
Source publication
Business processes are subject to semantic constraints that stem from regu-lations, laws and guidelines, and are also known as compliance rules. Hence, process-aware information systems have to ensure compliance with those rules in order to guarantee semantically correct and error-free executability as well as changeability of their business proces...
Contexts in source publication
Context 1
... 1 (Compliance Rules). Consider the process model S med from Figure 1. It shows a pre-specified process model for planning and per- forming a keyhole surgery in a hospital. ...
Context 2
... consider the informal compliance rules from Table 1, which must be satisfied by all medical processes of the respective hospital. In particular, these compliance rules have to be obeyed by the pre-specified process model from Figure 1 as well. When analyzing the dynamic behavior of the process model, its soundness [1,2] can be easily verified. ...
Context 3
... 6 (Compliance of a Pre-specified Process Model). Reconsider the pre-specified process model S med from Figure 1 and the compliance rules from Table 1 and Fig. 4 respectively. Process model S med (to- tally) complies with compliance rules c 2 , c 5 , c 6 , and c 7 . ...
Context 4
... consider the traces σ I3 and σ I4 from Figure 6. These correspond to the running process instances I 3 = (S med , σ I3 ) and I 4 = (S med , σ I4 ), which are executed on the pre-specified process model S med from Figure 1. ...
Context 5
... sider now compliance rule c 3 from Table 1 (see also Table 2 and Figure 4) and change ∆ 2 from Figure 8 that transforms S med into S med . Further, consider the process instances I 8 = (S med , σ I8 ) and I 9 = (S med , σ I9 ) from Figure 9 that both depend on the pre-specified process model S med from Figure 1. Regarding I 8 , ∆ 2 violates c 3 : I 8 = (S med , σ I8 ) potentially violates c 3 temporarily, whereas (S med , σ I8 ) permanently violates this rule. ...
Citations
... x x x x x nein (Awad, Smirnov and Weske, 2009b) x x x nein (Curbera and Doganata, 2009) x x ja (Awad, Smirnov and Weske, 2009a) x x x ja (Arbab, Kokash and Meng, 2009) x x x x nein (Hoffmann et al., 2009) x x x x x x nein (Gerke, Cardoso and Claus, 2009) x x x ja x x x x ja x x x x x nein (Chesani et al., 2009) x x x x x ja (Hany and Awad, 2010) x x x x x nein (Knuplesch et al., 2010) x x ja (D'aprile et al., 2010) x x x x x nein (Elgammal et al., 2010) x x x nein (Schumm, Leymann and Streule, 2010) x x x x ja (Silveira et al., 2010) x x ja (Birukou et al., 2010) x x x x x ja (Governatori and Rotolo, 2010) x x x nein (Becker, Bergener, Delfmann and Weiß, 2011) x x ja (Awad, Weidlich and Weske, 2011) x x x x x ja (Reichert and Knuplesch, 2011) x x x x x ja (Becker, Bergener, Delfmann, Eggert, et al., 2011) x ...
Regarding the rising amount of legal regulations, businesses should get the opportunity
to use software to fulfill their Compliance Management with the usage of compliance
pattern. These patterns are used to represent substantive and structural parts of the
processes. This means companies can increase their efficiency and react to new regulations quickly to avoid possible violation which can lead to monetary losses or legal consequences. In the literature are many approaches that deal with compliance pattern but currently there does not exist any list with necessary compliance pattern that companies should face at (Delfmann and Hübers, 2015). The following bachelor thesis classifies 80 research contributions regarding their different approaches of compliance pattern. For that a systematic literature review was executed. As a result, the author developed a graphical classification context that provides an overview of connections between different compliance approaches. Furthermore, an appendix with 32 compliance patterns of the analyzed papers was developed that contains real-world patterns with the classification of the previous sections.
... To demonstrate the feasibility of a posteriori compliance checking [43] based on the eCRG language, we implemented a proof-of-concept prototype. ...
... Business process compliance has gained increasing attention over the last years, and several surveys have emerged [1,11,23,40,47]. On the one hand, there exist frameworks that address the integration of business process compliance throughout the entire process lifecycle [43,61,77]. On the other, there are approaches dealing with business process compliance in a particular stage of the process lifecyle. ...
A fundamental challenge for enterprises is to ensure compliance of their business processes with imposed compliance rules stemming from various sources, e.g., corporate guidelines, best practices, standards, and laws. In general, a compliance rule may refer to multiple process perspectives including control flow, time, data, resources, and interactions with business partners. On one hand, compliance rules should be comprehensible for domain experts who must define, verify, and apply them. On the other, these rules should have a precise semantics to avoid ambiguities and enable their automated processing. Providing a visual language is advantageous in this context as it allows hiding formal details and offering an intuitive way of modeling the compliance rules. However, existing visual languages for compliance rule modeling have focused on the control flow perspective so far, but lack proper support for the other process perspectives. To remedy this drawback, this paper introduces the extended Compliance Rule Graph language, which enables the visual modeling of compliance rules with the support of multiple perspectives. Overall, this language will foster the modeling and verification of compliance rules in practice.
... control flow), data, time, resources, and interactions with business partners [6][7][8][9] . In addition, business process compliance needs to be ensured for the various phases of the process life cycle [10,11] . In particular, ensuring compliance during process enactment is covered by compliance monitoring approaches. ...
... They utilize colors and annotations to emphasize the state of ongoing processes and integrate multiple process perspectives. Finally, other issues addressed in the literature include the integration of business process compliance throughout the entire process lifecycle [10,11] as well as the real-time monitoring of performance measures in the context of artifact-centric process models [65] . ...
Any enterprise must ensure that its business processes comply with imposed compliance rules. The latter stem, for example, from corporate guidelines, legal regulations, and best practices. In general, a compliance rule may constrain multiple perspectives of a business process, including behavior (i.e. control flow), data, time, resources, and interactions with business partners. As a particular challenge, compliance cannot be completely ensured at design time, but needs to be continuously monitored during process enactment as well, i.e., it has to be dynamically checked whether compliance rules are satisfied or temporarily/permanently violated. This paper presents a comprehensive framework for visually monitoring business process compliance. As opposed to existing approaches, the framework supports the visual monitoring of all relevant process perspectives based on the extended Compliance Rule Graph (eCRG) language. Furthermore, it not only allows for the detection of violations, but additionally highlights their causes. Finally, the framework assists users in both monitoring business process compliance and ensuring the compliant continuation of running business processes. Overall, the framework provides a fundamental contribution towards the real-time monitoring of compliance in process-driven enterprises.
... In many domains, business processes are subject to laws, regulations, and guidelines [1]. Approaches, methods and techniques ensuring the compliance of a process with respective rules and constraints are covered under the term business process compliance [22]. In particular, the specification of compliance rules has been addressed by several approaches; e.g, [23,4] provide sets of compliance patterns, whereas [2,24,19] introduce visual notations. ...
... In particular, the specification of compliance rules has been addressed by several approaches; e.g, [23,4] provide sets of compliance patterns, whereas [2,24,19] introduce visual notations. Besides the formal specification of compliance rules, their integration along the process lifecycle has been discussed [3,22,25]. Different techniques are applied to a priori check the compliance of process models at design time; e.g., [2] applies model checking, whereas [26] relies on Mixed-Integer Programming. In turn, [27,28,5,29] address compliance monitoring and continous auditing [30] at runtime. ...
An emerging challenge for collaborating business partners is to properly define and evolve their cross-organizational processes with respect to imposed global compliance rules. Since compliance verification is known to be very costly, reducing the number of compliance rules to be rechecked in the context of process changes will be crucial. Opposed to intra-organizational processes, however, change effects cannot be easily assessed in such distributed scenarios, where partners only provide restricted public views and assertions on their private processes. Even if local process changes are invisible to partners, they might affect the compliance of the cross-organizational process with the mentioned rules. This paper provides an approach for ensuring compliance when evolving a cross-organizational process. For this purpose, we construct qualified dependency graphs expressing relationships between process activities, process assertions, and compliance rules. Based on such graphs, we are able to determine the subset of compliance rules that might be affected by a particular change. Altogether, our approach increases the efficiency of compliance checking in cross-organizational settings.
... At such a complex process a single undetected error can result in lawsuits or loss of confidence [6]. Therefore, it becomes necessary to constantly apply tests to ensure, for example, process soundness and compliance [7]. However, testing cross-organizational process models is substantially more complex than testing, for example, process models which are only used internally at one organization. ...
Testing is a key concern when developing process-oriented solutions as it
supports modeling experts who have to deal with increasingly complex models and
scenarios such as cross-organizational processes. However, the complexity of
the research landscape and the diverse set of approaches and goals impedes the
analysis and advancement of research and the identification of promising
research areas, challenges, and research directions. Hence, a systematic
literature review is conducted to identify interesting areas for future
research and to provide an overview of existing work. Over 6300 potentially
matching publications were determined during the search (literature databases,
selected conferences\journals, and snowballing). Finally, 153 publications from
2002 to 2013 were selected, analyzed, and classified. It was found that the
software engineering domain has influenced process model testing approaches
(e.g., regarding terminology and concepts), but recent publications are
presenting independent approaches. Additionally, historical data sources are
not exploited to their full potential and current testing related publications
frequently contain evaluations of relatively weak quality. Overall, the
publication landscape is unevenly distributed so that over 31 publications
concentrate on test-case generation but only 4 publications conduct performance
test. Hence, the full potential of such insufficiently covered testing areas is
not exploited. This systematic review provides a comprehensive overview of the
interdisciplinary topic of process model testing. Several open research
questions are identified, for example, how to apply testing to
cross-organizational or legacy processes and how to adequately include users
into the testing methods.
... While early work focused on syntactical correctness and soundness (e.g., absence of deadlocks and lifelocks), the compliance of business processes with semantic constraints has been comprehensively considered during the last years. Usually, compliance rules stem from domain-specific requirements, e.g., corporate standards or legal regulations [1], and need to be ensured in all phases of the process life cycle [2]. ...
A challenge for enterprises is to ensure conformance of their business processes with imposed compliance rules. Usually, the latter may constrain multiple perspectives of a business process, including control flow, data, time, resources, and interactions with business partners. Like in process modeling, visual languages for specifying compliance rules have been proposed. However, business process compliance cannot be completely decided at design time, but needs to be monitored during run time as well. This paper introduces an approach for visually monitoring business process compliance. As opposed to existing ones, our approach covers all relevant process perspectives. Furthermore, compliance violations cannot only be detected, but also be visually highlighted emphasizing their causes. Finally, approach assists users in ensuring compliant continuations of a running business process.
... The motivation for such a concrete syntax is given by [32], pointing out that complex description languages such as LTL are not understood by domain experts. Thus, more comprehensible notations are necessary. ...
Context: Organizations act in a highly competitive markets, which forces them to be able to quickly adapt and optimize their processes. Case Management Model and Notation (CMMN) supports modelling run-time adaptation of partially structured business process models, but does neither allow selection nor sequence of tasks. Objective: Our goal is to develop an approach that computes sequences of tasks such that a context-specific goal is satisfied. We apply the SMA* algorithm to support run-time planning of partly structured parts of a business process in order to find an appropriate sequence of tasks. Method: We perform a literature review in
order to derive the most suitable heuristic search algorithm. To support the selection and specification of tasks, we extend the CMMN metamodel. A running example is presented to show practical applicability of the approach. Results: The extension of the CMMN metamodel reflects the requirements for serializing tasks at run-time. Furthermore, we modified the SMA* algorithm and defined a heuristic function. Conclusion: Our approach allows to automatically derive execution plans for partly structured business processes depending on the context.
... While earlier work focused on syntactical correctness and soundness constraints (e.g., absence of deadlocks and lifelocks), the compliance of business processes with semantic constraints has been increasingly considered during the last years [4,5]. Usually, compliance rules stem from domain-specific constraints, e.g., referring to corporate standards, legal regulations or evidenced best practices [6,7] , and need to be ensured in all phases of the process life cycle [8,9]. ...
... For a decade, business process compliance has increasingly gained attention and several surveys have been published in the meantime (e.g., [19,8,20,21,5]). Along this trend, interest in compliance monitoring and continous auditing [12] has grown as well. ...
... Finally, there are few frameworks, which address the integration of business process compliance throughout the entire process lifecycle [9,36,8,37,38]. ...
Specifies an operational semantics for the eCRG language in order to enable compliance monitoring.
... To cope with the discussed shortcomings, this report introduces the extended Compliance Rule Graph (eCRG) and its formal semantics. The eCRG builds on the Compliance Rule Graph (CRG) language developed in previous work [15,24], but additionally comprises elements enabling the visual modeling of compliance rules with the support of the process, data, time, and resource perspectives. Furthermore, we introduce concepts that allow defining compliance rules in respect to message flows and partner interactions; i.e., the eCRG language is able to specify compliance requirements for cross-organizational process scenarios (i.e. ...
... During the last years the interaction, time, resource, and data perspectives have been considered in business process modeling in addition to the control flow perspective (e.g., [25][26][27][28][29][30][31][32][33]). The integration of business process compliance throughout the entire process lifecycle has been discussed in [24,[34][35][36]; [37] examined compliance issues in the context of cross-organizational processes developing a logic-based formalism for describing the semantics of normative specifications as well as compliance checking procedures. This approach allows modeling business obligations regulating the execution of business processes. ...
... The compliance rule graph (CRG) language [15,24] allows visually modeling compliance rules whose semantics is defined over event traces. More precisely, a CRG is an acyclic graph consisting of an antecedence pattern as well as at least one related consequence pattern. ...
Extends our ER'13 paper: provides a formal semantics for the eCRG language and uses the eCRG to model compliance patterns
... The Compliance Rule Graph (CRG) language allows for the visual modeling of compliance rules focusing on the control flow perspective (i.e. sequence flow) of business processes [16,17,18]. More precisely, a CRG constitutes an acyclic graph that consists of an antecedence pattern and one or several related consequence patterns. ...
... In turn, [21,22,23,24,25,26] discuss the interaction, time, and data perspectives of business processes. The integration of business process compliance throughout the entire process lifecycle is investigated in [7,18,27]; [28] examines compliance issues in the context of cross-organizational processes developing a logic-based formalism for describing both the semantics of normative specifications and compliance checking procedures. In turn, [29] introduces a semantic layer that interprets process instances according to an independently designed set of internal controls. ...
... While compliance rule modeling has been addressed by a plethora of approaches, the visual modeling of the data, time, and resource perspectives has not been sufficiently addressed yet [6,13,14]. To remedy this drawback, this paper introduces an extension of the compliance rule graph (CRG) language [16,17,18] in order to cover the resource perspective in visual compliance rules as well. Each language element has been presented in detail and illustrated along an example. ...
Process-aware information systems must ensure compliance of the business processes they implement with global compliance rules related to security constraints, domain-specific guidelines, standards, and laws. Usually, respective compliance rules cover multiple process perspectives; i.e., they not only deal with the control flow perspective that restricts the sequence in which the process activities shall be executed, but also refer to other process perspectives like data, time, and resource. Although there are various approaches for specifying compliance rules (e.g., based on temporal logic and narrative patterns), only few languages allow for the visual modeling of compliance rules. In turn, existing visual languages focus on the control flow perspective, but treat the other process perspectives as second class citizens. To remedy this drawback, this paper presents an approach for the visual modeling of business process compliance rules, including the resource perspective. The suitability of this approach is evaluated in a case study that was performed by business analysts in the healthcare domain.
