Slide of the paper presented at the 8th International Workshop on Evolutionary Business Process (EVL-BP 2015), Adelaide, September 2015.
We propose an ITC (Information and Communication Technology)
approach to support regulatory compliance for business processes, and we
report on the development and evaluation of a business
process compliance checker called Regorous, based on the
compliance-by-design methodology
proposed by Governatori and Sadiq
The Regorous Approach to Business Process Compliance
1. The Regorous Approach to
Process Compliance
Guido Governatori
22 September 2015
www.data61.csiro.au
2. A Privacy Act
Section 1: (Prohibition to collect personal medical information)
Offence: It is an offence to collect personal medical information.
Defence: It is a defence to the prohibition of collecting personal
medical information, if an entity immediately destroys the
illegally collected personal medical information before
making any use of the personal medical information
Section 2: An entity is permitted to collect personal medical information
if the entity acts under a Court Order authorising the
collection of personal medical information.
Section 3: (Prohibition to collect personal information) It is forbidden to
collect personal information unless an entity is permitted to
collect personal medical information.
Offence: an entity collected personal information
Defence: an entity being permitted to collect personal medical
information.
2 | The Regorous Approach to Process Compliance | Guido Governatori
3. Making Sense of the Act
• Collection of medical information is forbidden.
• Destruction of the illegally collected medical information
excuses the illegal collection.
• Collection of medical information is permitted if there is an
authorising court order.
• Collection of personal information is forbidden.
• Collection of personal information is permitted if the
collection of medical information is permitted
3 | The Regorous Approach to Process Compliance | Guido Governatori
5. No Time for Compliance
Governatori and Hashmi [1] showed that compliance frameworks
based on (linear) temporal logic are not able to handle the scenario
correctly
5 | The Regorous Approach to Process Compliance | Guido Governatori
6. The Regorous Approach
1. Annotated business process models
2. Proper representation of norms based on PCL (Process
Compliance Logic)
3. Simulate execution of traces and round trips to PCL reasoner
1. Determine what are the obligations in force for each state
2. Determine which obligations have been fulfilled, violated, or
pending
3. Determine which violations have been compensated for
http://www.regorous.com
6 | The Regorous Approach to Process Compliance | Guido Governatori
7. Modelling Processes
A
B
D
C
E
F
G
H
t1 : A, B, C, D, E, F, H
t2 : A, B, D, C, E, F, H
t3 : A, D, B, C, E, F, H
t4 : A, B, C, D, E, G, H
t5 : A, B, D, C, E, G, H
t6 : A, D, B, C, E, G, H
7 | The Regorous Approach to Process Compliance | Guido Governatori
8. Annotated Traces
Let Lit be a set of literals, T be the set of traces of a process and
N be the set of natural numbers
State : T × N → 2Lit
The function State returns the set of literals describing “what’s
going on in a trace t after the execution of the n-th task in the
process”.
8 | The Regorous Approach to Process Compliance | Guido Governatori
9. Example
A B
C
D
Tasks
• A: “turn the light on”
• B: “check if glass is empty”
• C: “fill glass with water”
• D: “turn glass upside-down”
Propositions
• p: “the light is on”
• q: “the glass is full”
Trace 1: A, B, D
Trace 2: A, B, C, D
• State(i, 1) = { p }, i ∈ { 1, 2 }
• State(1, 2) = { p, q }
• State(2, 2) = { p, ¬q }
• State(2, 3) = { p, q }
• State(1, 3) = { p, ¬q }
• State(2, 4) = { p, ¬q }
9 | The Regorous Approach to Process Compliance | Guido Governatori
10. Modelling Norms
Norms are modelled as if . . . then . . . rules
• norms are defeasible (handling exceptions)
• two types of norms
constitutive rules: defining terms used in a legal context
A1, . . . , An ⇒ C
prescriptive rules: defining “normative effects” (i.e.,
obligations, permissions, prohibitions . . . )
A1, . . . , An ⇒ [O]C1 ⊗ [O]C2 ⊗ · · · ⊗ [O]Cm
A1, . . . , An ⇒ [P]C
10 | The Regorous Approach to Process Compliance | Guido Governatori
11. Reasoning with Norms
1. A is a fact; or
2. there is an applicable rule for A, and either
1. all the rules for ¬A are discarded (i.e., not applicable) or
2. every applicable rule for ¬A is weaker than an applicable rule
for A.
11 | The Regorous Approach to Process Compliance | Guido Governatori
12. The Regorous Architecture
Compliance Checker
Logical State
Representation
State(t,1)
State(t,2)
State(t,3)
State(t,4)
Rule1
Rule2
Rule3
Rule4
Rule5
Rule6
Rule7
Rule8
Rule9
...
Compliance
Rule Base
Obligations
Input
...
Annotated Business Process
T2
T5
T3
T1
T4
T7 T6
Legalese Formalisation
Recommendation Sub-system recommendations
whatif
analysis
StatusReport
12 | The Regorous Approach to Process Compliance | Guido Governatori
13. Privacy Regorously
• collection of medical information is forbidden
c destruction of medical information compensates the illegal
collection
r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy
• collection of medical information is permitted if acting under a
court order
r2 : courtOrder ⇒ [P]medicalInfo
• collection of personal information is forbidden
r3 : ⇒ [O]¬personalInfo
• collection personal information is permitted if collection of
medical information is permitted
r4 : [P]medicalInfo ⇒ [P]personalInfo
13 | The Regorous Approach to Process Compliance | Guido Governatori
14. Are We Regorously Compliant?
Collect
Medical
Information
Collect
Personal
Information
Destroy
Medical
Information
T1 T2 T3
Start End
r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy
r2 : courtOrder ⇒ [P]medicalInfo
r3 : ⇒ [O]¬personalInfo
r4 : [P]medicalInfo ⇒ [P]personalInfo
14 | The Regorous Approach to Process Compliance | Guido Governatori
15. Are We Regorously Compliant?
Collect
Medical
Information
Collect
Personal
Information
Destroy
Medical
Information
T1 T2 T3
Start End
r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy
r2 : courtOrder ⇒ [P]medicalInfo
r3 : ⇒ [O]¬personalInfo
r4 : [P]medicalInfo ⇒ [P]personalInfo
State(start) : ¬courtOrder
14 | The Regorous Approach to Process Compliance | Guido Governatori
16. Are We Regorously Compliant?
Collect
Medical
Information
Collect
Personal
Information
Destroy
Medical
Information
T1 T2 T3
Start End
r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy
r2 : courtOrder ⇒ [P]medicalInfo
r3 : ⇒ [O]¬personalInfo
r4 : [P]medicalInfo ⇒ [P]personalInfo
State(start) : ¬courtOrder
Force(T1) : [O]¬medicalInfo
[O]¬personalInfo
14 | The Regorous Approach to Process Compliance | Guido Governatori
17. Are We Regorously Compliant?
Collect
Medical
Information
Collect
Personal
Information
Destroy
Medical
Information
T1 T2 T3
Start End
r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy
r2 : courtOrder ⇒ [P]medicalInfo
r3 : ⇒ [O]¬personalInfo
r4 : [P]medicalInfo ⇒ [P]personalInfo
State(start) : ¬courtOrder
Force(T1) : [O]¬medicalInfo
[O]¬personalInfo
State(T1) : medicalInfo
14 | The Regorous Approach to Process Compliance | Guido Governatori
18. Are We Regorously Compliant?
Collect
Medical
Information
Collect
Personal
Information
Destroy
Medical
Information
T1 T2 T3
Start End
r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy
r2 : courtOrder ⇒ [P]medicalInfo
r3 : ⇒ [O]¬personalInfo
r4 : [P]medicalInfo ⇒ [P]personalInfo
State(start) : ¬courtOrder
Force(T1) : [O]¬medicalInfo
[O]¬personalInfo
State(T1) : medicalInfo
Violated(T1) : [O]¬medicalInfo
14 | The Regorous Approach to Process Compliance | Guido Governatori
19. Are We Regorously Compliant?
Collect
Medical
Information
Collect
Personal
Information
Destroy
Medical
Information
T1 T2 T3
Start End
r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy
r2 : courtOrder ⇒ [P]medicalInfo
r3 : ⇒ [O]¬personalInfo
r4 : [P]medicalInfo ⇒ [P]personalInfo
State(start) : ¬courtOrder
Force(T1) : [O]¬medicalInfo
[O]¬personalInfo
State(T1) : medicalInfo
Violated(T1) : [O]¬medicalInfo
Force(T2) : [O]destroy
14 | The Regorous Approach to Process Compliance | Guido Governatori
20. Are We Regorously Compliant?
Collect
Medical
Information
Collect
Personal
Information
Destroy
Medical
Information
T1 T2 T3
Start End
r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy
r2 : courtOrder ⇒ [P]medicalInfo
r3 : ⇒ [O]¬personalInfo
r4 : [P]medicalInfo ⇒ [P]personalInfo
State(start) : ¬courtOrder
Force(T1) : [O]¬medicalInfo
[O]¬personalInfo
State(T1) : medicalInfo
Violated(T1) : [O]¬medicalInfo
Force(T2) : [O]destroy
State(T2) : personalInfo
14 | The Regorous Approach to Process Compliance | Guido Governatori
21. Are We Regorously Compliant?
Collect
Medical
Information
Collect
Personal
Information
Destroy
Medical
Information
T1 T2 T3
Start End
r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy
r2 : courtOrder ⇒ [P]medicalInfo
r3 : ⇒ [O]¬personalInfo
r4 : [P]medicalInfo ⇒ [P]personalInfo
State(start) : ¬courtOrder
Force(T1) : [O]¬medicalInfo
[O]¬personalInfo
State(T1) : medicalInfo
Violated(T1) : [O]¬medicalInfo
Force(T2) : [O]destroy
State(T2) : personalInfo
Violated(T2) : [O]¬persoanlInfo
14 | The Regorous Approach to Process Compliance | Guido Governatori
22. Are We Regorously Compliant?
Collect
Medical
Information
Collect
Personal
Information
Destroy
Medical
Information
T1 T2 T3
Start End
r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy
r2 : courtOrder ⇒ [P]medicalInfo
r3 : ⇒ [O]¬personalInfo
r4 : [P]medicalInfo ⇒ [P]personalInfo
State(start) : ¬courtOrder
Force(T1) : [O]¬medicalInfo
[O]¬personalInfo
State(T1) : medicalInfo
Violated(T1) : [O]¬medicalInfo
Force(T2) : [O]destroy
State(T2) : personalInfo
Violated(T2) : [O]¬persoanlInfo
State(T3) : destroy
14 | The Regorous Approach to Process Compliance | Guido Governatori
23. Are We Regorously Compliant?
Collect
Medical
Information
Collect
Personal
Information
Destroy
Medical
Information
T1 T2 T3
Start End
r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy
r2 : courtOrder ⇒ [P]medicalInfo
r3 : ⇒ [O]¬personalInfo
r4 : [P]medicalInfo ⇒ [P]personalInfo
State(start) : ¬courtOrder
Force(T1) : [O]¬medicalInfo
[O]¬personalInfo
State(T1) : medicalInfo
Violated(T1) : [O]¬medicalInfo
Force(T2) : [O]destroy
State(T2) : personalInfo
Violated(T2) : [O]¬persoanlInfo
State(T3) : destroy
Compensated(T3) : [O]¬medicalInfo
14 | The Regorous Approach to Process Compliance | Guido Governatori
24. The Regorous Evaluation
Formalised Chapter 8 (Complaints) of TCPC 2012. Modelled the
compliant handling/management processes of an Australian telco.
41 tasks, 12 decision points (xor), 2 loops
shortest trace: 6 traces longest trace (loop): 33 tasks
longest trace (no loop): 22 tasks
over 1000 traces, over 25000 states
15 | The Regorous Approach to Process Compliance | Guido Governatori
25. The Regorous Evaluation
TCPC 2012 Chapter 8. Contains over 100 commas, plus 120 terms
(in Terms and Definitions Section).
Required 223 propositions, 176 rules.
Punctual Obligation 5 (5)
Achievement Obligation 90 (110)
Preemptive 41 (46)
Non preemptive 49 (64)
Non perdurant 5 (7)
Maintenance Obligation 11 (13)
Prohibition 7 (9)
Non perdurant 1 (4)
Permission 9 (16)
Compensation 2 (2)
16 | The Regorous Approach to Process Compliance | Guido Governatori