Abstract
Today’s business environment demands a high degree of compliance of business processes with business rules, policies, regulations and laws. Compliance regulations, such Sarbanes-Oxley force enterprises to continuously review their business processes and service-enabled applications and ensure that they satisfy the set of relevant compliance constraints. Compliance management should be considered from the very early stages of the business process design. In this paper, a taxonomy of compliance constraints for business processes is introduced based on property specification patterns, where patterns can be used to facilitate the formal specification of compliance constraints. This taxonomy serves as the backbone of the root-cause analysis, which is conducted to reason about and eventually resolve design-time compliance violations. Based on the root-cause analysis, appropriate guidelines and instructions can be provided as remedies to alleviate design-time compliance deviations in service-enabled business processes.
Chapter PDF
Similar content being viewed by others
Keywords
References
Papazoglou, M., Traverso, P., Dustdar, S., Leymann, F.: Service-Oriented Computing: State of the Art and Research Challenges. Computer 40, 38–45 (2007)
Sadiq, S., Governatori, G., Naimiri, K.: Modeling Control Objectives for Business Process Compliance. In: 10th International Conference on BPM, Australia, pp. 149–164 (2007)
ITIL: Information Technology Infrastructure Library (2010)
Dwyer, M., Avrunin, G., Corbett, J.: Property Specification Patterns for Finite-State Verification. In: Workshop on Formal Methods on Software Practice, USA, pp. 7–15 (1998)
Liu, Y., Muller, S., Xu, K.: A Static Compliance-Checking Framework for Business Process Models. IBM Systems Journal 46 (2007)
Pnueli, A.: The Temporal Logic of Programs. In: 18th IEEE Symposium on Foundations of Computer Science, pp. 46–57 (1977)
Dettmer, H.: Goldratt’s Theory of Constraints: a systems approach to continuous improvement, pp. 62–119. ASQC Quality Press (1997)
Mosely, H.: Current Reality Trees: An Action Learning Tool for Root Cause Analysis (2006), http://www.jhuccp.org/training/scope/starguide/toc/rootcauseanalysis.ppt
Buchi, K.: On a Decision Method in Restricted Second Order Arithmetic. In: International Congress on Logic, Method, Philosophy of Science, Stanford, pp. 1–11 (1960)
Clarke, E., Grumberg, J., Peled, D.: Model Checking. MIT Press, Cambridge (2000)
Yu, J., Manh, T., Han, J., Jin, Y.: Pattern-Based Property Specification and Verification for Service Composition. In: Aberer, K., Peng, Z., Rundensteiner, E.A., Zhang, Y., Li, X. (eds.) WISE 2006. LNCS, vol. 4255, pp. 156–168. Springer, Heidelberg (2006)
COMPAS official web site – Project description, http://www.compas-ict.eu/project.php
Arbab, F., Kokash, N., Meng, S.: Towards Using Reo for Compliance-Aware Business Process Modeling. In: ISOLA 2008, Greece, pp. 108–123 (2008)
Governatori, G., Milosevic, Z., Sadiq, S.: Compliance Checking Between Business Processes and Business Contracts. In: EDOC 2006, Hong Kong, pp. 221–232 (2006)
Governatori, G., Milosevic, Z.: Dealing with Contract Violations: Formalism and Domain-Specific Language. In: EDOC 2005, pp. 46–57 (2005)
Goedertier, S., Vanthienen, J.: Designing Compliant Business Processes with Obligations and Permissions. In: The International BPM Workshops, Austria, pp. 5–14 (2006)
Governatori, G., Rotolo, A.: Logic of Violations: A Gentzen System for Reasoning with Contrary-to-duty Obligations. Australasian Journal of Logic (2006)
Governatori, G.: Representing Business Contracts in RuleML. International Journal of Cooperative Information Systems (2005)
Milosevic, Z., Sadiq, S., Orlowska, M.: Translating business contract into compliant business processes. In: EDOC 2006, pp. 211–220 (2006)
Lu, R., Sadiq, S., Governatori, G.: Compliance Aware Business Process Design. In: ter Hofstede, A.H.M., Benatallah, B., Paik, H.-Y. (eds.) BPM Workshops 2007. LNCS, vol. 4928, pp. 120–131. Springer, Heidelberg (2008)
Abouzaid, F., Mullins, J.: A Calculus for Generation, Verification, and Refinement of BPEL Specifications. In: WWV 2007, pp. 43–68 (2007)
Giblin, C., Liu, A., Muller, S., B., P., Zhou, X.: Regulations Expressed As Logical Models. 18th Conference of legal knowledge and information systems, pp. 37-48, Belgium (2005),
Awad, A., Weidlich, M., Weske, M.: Specification, Verification and Explanation of Violation for Data Aware Compliance Rules. In: Baresi, L., Chi, C.-H., Suzuki, J. (eds.) ICSOC-ServiceWave 2009. LNCS, vol. 5900, pp. 500–515. Springer, Heidelberg (2009)
Namiri, K., Stojanovic, N.: Pattern-based Design and Validation of Business Process Compliance. LNCS, pp. 59–76 (2007)
Gruhn, V., Laue, R.: Specification Patterns for Time-Related Properties. In: 12th Int’l Symposium on Temporal Representation and Reasoning, pp. 191–198 (2005)
Ghose, A., Koliadis, G.: Auditing Business Process Compliance. In: Krämer, B.J., Lin, K.-J., Narasimhan, P. (eds.) ICSOC 2007. LNCS, vol. 4749, pp. 169–180. Springer, Heidelberg (2007)
Lu, R., Sadiq, S., Governatori, G.: Measurement of Compliance Distance in Business Processes. Information Systems Management 25, 344–355 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Elgammal, A., Turetken, O., van den Heuvel, WJ., Papazoglou, M. (2010). Root-Cause Analysis of Design-Time Compliance Violations on the Basis of Property Patterns. In: Maglio, P.P., Weske, M., Yang, J., Fantinato, M. (eds) Service-Oriented Computing. ICSOC 2010. Lecture Notes in Computer Science, vol 6470. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17358-5_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-17358-5_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17357-8
Online ISBN: 978-3-642-17358-5
eBook Packages: Computer ScienceComputer Science (R0)