SlideShare a Scribd company logo

Business Process Compliance Modelling

Guido Governatori
Guido Governatori

Temporal logic has been successfully used for the verification of software and hardware. Business Process Compliance can be seen as special form of verification where the formal specifications for a process are verified again formal specifications for the norms. Temporal logics have been advanced as a tool for this type of verification as well. In the first part of the presentation we propose an abstract semantics for the normative requirements. In the second part we investigate the suitability of temporal logic to model compliance, and we point out some shortcomings.

EducationTechnologyNews & Politics
1 of 46
Download to read offline
Thou Shalt is not You Will Guido Governatori Bologna, 8 January 2012 NICTA Funding and Supporting Members and Partners Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 1/46
Outline • Definition of (business process) compliance • Process specifications • Normative requirements • Modelling Norms in (Linear) Temporal Logic Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 2/46
What is Compliance? Ensuring that business operations, processes, and practices are in accordance with a given prescriptive (often legal) document Regulatory • Basel II • Sarbanes-Oxley • OFAC (USA Patriot Act) Standards • Best practice models • SAP solution maps • ISO 9000 • Medical guidelines Contracts • Service Agreement • Customer Contract • Warranty • Insurance Policy • Business Partnership Copyright NICTA 2014 Guido Governatori • OSFI “blocked entity” lists • HIPAA • Graham-Leach-Bliley Thou Shalt is not You Will 3/46
How to ensure compliance? Compliance is a relationship between two sets of specifications Alignment of formal specifications for business processes and formal specifications for prescriptive (legal) documents. • Conceptually sound representation of processes • Conceptually sound representation of and reasoning with norms Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 4/46
Part I Business Process Models Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 5/46
Business Process Model Self-contained, temporal and logical order in which a set of activities are executed to achieve a business goal. It describes: • What needs be done and when (control flows) • What we need to work on (data) • Who is doing the work (human and system resources) Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 6/46
Execution Traces B C A D F H E G t1 : A, B, C, D, E, F , H t2 : A, D, B, C, E, G, H t3 : A, D, B, C, E, F , H ... Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 7/46
Trace: From sequence of tasks to sequence of states Let Lit be a set of literals, T be the set of traces of a process and N be the set of natural numbers State : T × N → 2Lit The function State returns the set of literals describing “what’s going on in a trace t after the execution of the n-th task in the process”. Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 8/46
Example C A B Tasks • A: “turn the light on” D Trace 1: A, B, D Trace 2: A, B, C, D • B: “check if glass is empty” • State(i, 1) = { p }, i ∈ { 1, 2 } • C: “fill glass with water” • State(1, 2) = { p, q } • D: “turn glass upside-down” • State(2, 2) = { p, ¬q } • State(2, 3) = { p, q } Propositions • p: “the light is on” • State(1, 3) = { p, ¬q } • q: “the glass is full” • State(2, 4) = { p, ¬q } Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 9/46
Part II Modelling Norms Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 10/46
Normative Reasoning 101 Norms are modelled as if . . . then rules A1 , . . . , An ⇒ C • norms are defeasible (handling exceptions) • two types of norms • constitutive rules: defining terms used in a legal context • prescriptive rules: defining “normative effects” (i.e., obligations, permissions, prohibitions . . . ) Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 11/46
Defeasibility: Reasonable results with minimum effort Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 12/46
Defeasiblity: Example 1 TELECOMMUNICATIONS CONSUMER PROTECTIONS CODE (C628:2012) Section 2.1. Definitions Complaint means an expression of dissatisfaction made to a Supplier in relation to its Telecommunications Products or the complaints handling process itself, where a response or Resolution is explicitly or implicitly expected by the Consumer. An initial call to a provider to request a service or information or to request support is not necessarily a Complaint. An initial call to report a fault or service difficulty is not a Complaint. However, if a Customer advises that they want this initial call treated as a Complaint, the Supplier will also treat this initial call as a Complaint. If a Supplier is uncertain, a Supplier must ask a Customer if they wish to make a Complaint and must rely on the Customer’s response. Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 13/46
Defeasiblity: Example 2 NATIONAL CONSUMER CREDIT PROTECTION ACT 2009 (Act No. 134 of 2009) Section 29 (1) A person must not engage in a credit activity if the person does not hold a licence authorising the person to engage in the credit activity. (3) For the purposes of subsections (1) and (2), it is a defence if: (a) the person engages in the credit activity on behalf of another person (the principal); and (b) the person is: (i) an employee or director of the principal or of a related body corporate of the principal; or (ii) a credit representative of the principal; and . . . Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 14/46
Normative Effects Obligation A situation, an act, or a course of action to which a bearer is legally bound, and if it is not achieved or performed results in a violation. Prohibition A situation, an act, or a course of action which a bearer should avoid, and if it is achieved results in a violation. Permission Something is permitted if the obligation or the prohibition to the contrary does not hold. Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 15/46
A Legal Zoo Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 16/46
Modelling Obligations Let Lit be a set of literals, T be the set of traces of a process and N be the set of natural numbers Force : T × N → 2Lit The function Force returns the set of literals describing what is obligatory for a particular task. Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 17/46
Persistent vs immediate obligations • An immediate (or punctual or non-persistent) obligation must be satisfied in the task where it occurs. ‘complaints in person or by phone must be acknowledged immediately’ • A persistent obligation is activated and it remain in force in the future after it has been activated. ‘A service provider must not disclose personal information without the written consent of the customer’ Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 18/46
Modelling Punctual obligation Definition (Punctual Obligation) An obligation o is a punctual obligation in t if and only if ∃n ∈ N : o ∈ Force(t, n – 1), o ∈ Force(t, n + 1), o ∈ Force(t, n). / / A punctual obligation o is violated in t if and only if o ∈ State(t, n). / Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 19/46
Graphical Illustration of a Punctual Obligation t 1 n–1 o ∈ Force(t, n) n n+1 z o ∈ State(t, n) / violation of o Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 20/46
Persistent Obligations: Achievement vs Maintenance • For an achievement obligation, a certain condition must occur at least once before the deadline ‘Customers must pay before the delivery of the good, after receiving the invoice’ • For maintenance obligations, a certain condition must obtain during all instants before the deadline: ‘After opening a bank account, customers must keep a positive balance until bank charges are taken out’ Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 21/46
Modelling Maintenance Obligation Definition (Maintenance Obligation) An obligation o is a maintenance obligation in t if and only if ∃n, m ∈ N : n < m, o ∈ Force(t, n – 1), / o ∈ Force(t, m + 1), / ∀k : n ≤ k ≤ m, o ∈ Force(t, k ) A maintenance obligation o is violated in t if and only if ∃k : n ≤ k ≤ m, o ∈ State(t, k ). / It is possible to relax/strengthen the condition by dropping the conditions on m. Maintenance obligations can be used to model prohibitions. Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 22/46
Graphical Illustration of a Maintenance Obligation o ∈ Force o ∈ Force / t Thou Shalt is not You Will 1 n–1 n o ∈ Force / k m m+1 o ∈ State(t, k ) / violation of o Copyright NICTA 2014 z Guido Governatori 23/46
Achievement Obligations: Preemptive vs Non-preemptive • preemptive obligations: the fulfillment of an obligation can happen before the obligation has been triggered. (1) A report under section 53 must be given: (a) if the movement of the physical currency is to be effected by a person bringing the physical currency into Australia with the person—at the time worked out under subsection (2); or [. . .] (d) in any other case—at any time before the movement of the physical currency takes place.’ • non preemptive obligations: the fulfillment of an obligation can happen only after the obligation has been triggered. ‘Executors and administrators of a decedent’s estate will be required to give notice to each beneficiary named in the Will within 60 days after the date when an order admitting a will to probate has been signed.’ Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 24/46
Modelling Achievement Obligations Definition (Achievement Obligation) An obligation o is an achievement obligation in t if and only if ∃n, m ∈ N : n < m, o ∈ Force(t, n – 1), / o ∈ Force(t, m + 1), / ∀k : n ≤ k ≤ m, o ∈ Force(t, k ) An achievement obligation o is violated in t if and only if • o is preemptive and ∀k : k ≤ m, o ∈ State(t, k ); / • o is non-preemptive and ∀k : n ≤ k ≤ m, o ∈ State(t, k ). / Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 25/46
Graphical Illustration of Achievement Obligations Achievement preemptive o ∈ Force o ∈ Force / t 1 n–1 n o ∈ Force / m o ∈ State / z m+1 violation of o Achievement non-preemptive o ∈ Force o ∈ Force / t 1 n–1 n m o ∈ State / Thou Shalt is not You Will o ∈ Force / Copyright NICTA 2014 z m+1 violation of o Guido Governatori 26/46
Perdurant vs Non-Perdurant • perdurant obligation: the violation of the obligation does not extinguish the obligation itself. ‘A billing error must be fixed in the next billing cycle’ • non-perdurant obligation: the violation of the obligation terminates the obligation. ‘The assignment must be submitted by the due date’ Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 27/46
Modelling Perdurant Obligations Definition (Perdurant Obligation) An obligation o is a perdurant obligation in t if and only if ∃n, m ∈ N : n < m, o ∈ Force(t, n – 1), / o ∈ Force(t, m + 1), / ∀k : n ≤ k ≤ m, o ∈ Force(t, k ) A perdurant obligation o is violated in t if and only if ∃k : n < k < m, ∀j, j ≤ k , o ∈ State(t, j) / Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 28/46
Graphical Illustration of Perdurant Obligations o ∈ Force o ∈ Force / t 1 n–1 n o ∈ State(t, k ) / Thou Shalt is not You Will Copyright NICTA 2014 d o ∈ Force / m m+1 violation of o z Guido Governatori 29/46
Compensable vs Non-compensable • compensable obligations: fulfilling the penalty related to the violation of the obligation makes the process compliant. ‘Each complaint must be either resolved or escalated and reported to the Telecommunication Ombudsmen’ • non-compensable obligations: violating the obligation makes the process non-compliant. ‘To pass the course a student has to pass the final exam’ Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 30/46
Compensations or Acceptable Alternatives? TCPC 2012, Section 8.1.1 . . . implement, operate and comply with a Complaint handling process that: (vii) requires all Complaints to be: A. Resolved in an objective, efficient and fair manner; and B. escalated and managed under the Supplier’s internal escalation process if requested by the Consumer or a former Customer. YAWL Deed of Assignment, Clause 5.2. Each Contributor indemnifies and will defend the Foundation against any claim, liability, loss, damages, cost and expenses suffered or incurred by the Foundation as a result of any breach of the warranties given by the Contributor under clause 5.1. Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 31/46
Modelling Compensations Definition (Compensation) A compensation is a function Comp : Lit → 2Lit . Definition (Compensable Obligation) An obligation o is compensable in t if and only if Comp(o) = ∅ and ∀o ∈ Comp(o), ∃n ∈ N : o ∈ Force(t, n). Definition (Compensated Obligation) An obligation o is compensated in t if and only if it is violated and for every o ∈ Comp(o) either: 1 o is not violated in t, or 2 o is compensated in t. Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 32/46
Is the Proposed Compliance Semantics Appropriate? • Mathematically the proposed classification is complete (exhaustive) • It is supported by current legal theory • Evaluated empirically with real life (industry scale) case study • formalised Chapter 8 (Complaints) of TCPC 2012 • Modelled the compliant handling/management processes of an Australian telco Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 33/46
Evaluation (1) Managing Complaints Process 41 tasks, 12 decision points (xor), 2 loops shortest trace: 6 traces longest trace (loop): 33 tasks longest trace (no loop): 22 tasks over 1000 traces, over 25000 states Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 34/46
Evaluation (2) TCPC 2012 Chapter 8. Contains over 100 commas, plus 120 terms (in Terms and Definition Section). Required 223 propositions, 176 rules. Punctual Obligation 5 (5) 90 (110) 41 49 5 (46) (64) (7) 11 (13) 7 1 (9) (4) Permission 9 (16) Compensation 2 (2) Achievement Obligation Preemptive Non preemptive Non perdurant Maintenance Obligation Prohibition Non perdurant Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 35/46
Part III Modelling Compliance Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 36/46
Formalising Compliance Given a business process and a regulation: • How do we populate the State, Force and Comp functions. Can we model the normative statements in (Linear) Temporal Logic Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 37/46
Linear Temporal Logic 101 (Syntax) • Xφ: at the next time φ holds; • Fφ: eventually φ holds (sometimes in the future φ); and • Gφ: globally φ holds (always in the future φ). In addition we have three binary operators: • φ U ψ (until): φ holds until ψ holds; • φ W ψ (weak until): φ holds until ψ holds and ψ might not hold. Interdefinability • Fφ ≡ φ U , • Gφ ≡ ¬F¬φ, • φ W ψ ≡ (φ U ψ ) ∨ Gψ Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 38/46
Linear Temporal Logic 102 (Semantics) Transition system TS = (S, R, v ) • S set of states • R ⊆ S × S such that ∀s ∈ S ∃t ∈ S : (s, t) ∈ R • v valuation function Fullpath (trace or run) s0 , s1 , s2 . . . such that (si , si+1 ) ∈ R σ = s0 , s1 , . . . , σi subsequence of σ starting from the i-the element, σ [i] i-th element of σ Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 39/46
Linear Temporal Logic 103 (Semantics) • TS, σ |= p (p ∈ Prop) iff p ∈ v (σ [0]); • TS, σ |= ¬φ iff TS, σ |= φ; • TS, σ |= φ ∧ ψ iff TS, σ |= φ and TS, σ |= ψ ; • TS, σ |= Xφ iff TS, σ1 |= φ; • TS, σ |= φ U ψ iff ∃k : k ≥ 0, TS, σk |= ψ and ∀j : 0 ≤ j < k TS, σj |= φ; • TS, σ |= Gφ iff ∀k ≥ 0, TS, σk |= φ; • TS, σ |= Fφ iff ∃k ≥ 0, TS, σk |= φ; A formula φ is true in a fullpath σ iff it is true at the first element of the fullpath. A formula is true in a state S TS, s |= φ iff ∀σ : σ [0] = s, TS, σ |= φ. Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 40/46
Temporal Logic and Compliance • Temporal logic and model checking have been used to verification of software and hardware systems • Mature technology • Structural Compliance • Does not distinguish normative positions • Standard Deontic Logic can be simulated in Temporal Logic • Permissions must always be instantiated Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 41/46
Running out of time (1) How do we model obligations in LTL? • Achievement obligations: F (sometimes in the future) • Maintenance obligations: G (always in the future) Fp ≡ ¬G¬p In deontic logic the dual of obligation is permission. Pp ≡ ¬O¬p Obligation implies permission Op → Pp How do we model permission in LTL? Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 42/46
Running out of time (2) • tautologies are not obligatory (i.e., ¬O ) • obligations, prohibitions and permissions cannot be obtained from a model, but are given by bodies with the power to issue them. In every factual model, in every path and every state in the path we have ‘if planet Earth exists the Sun rises in the East’. O(Earth → SunriseEast) Who do we sue if one morning the Sun does not rise in the East? • aggregation and distribution are problematic Oa p ∧ Oa q O(p ∧ q) Thou Shalt is not You Will Copyright NICTA 2014 Oa (p ∧ q) Op ∧ Oq Guido Governatori 43/46
A Privacy Dilemma Section 1: (Prohibition to collect personal medical information) Offence: It is an offence to collect personal medical information. Defence: It is a defence to the prohibition of collecting personal medical information, if an entity immediately destroys the illegally collected personal medical information before making any use of the personal medical information Section 2: An entity is permitted to collect personal medical information if the entity acts under a Court Order authorising the collection of personal medical information. Section 3: (Prohibition to collect personal information) It is forbidden to collect personal information unless an entity is permitted to collect personal medical information. Offence: an entity collected personal information Defence: an entity being permitted to collect personal medical information. Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 44/46
Definitely running out of time • ‘b’ is forbidden, its violation is compensated by ‘c’: O¬b ⊗ c • if ‘a’ is the case then ‘b’ is permitted: a → Pb • ‘d’ is forbidden: O¬d • if ‘b’ is permitted, so is ‘d’: Pb → Pd t0 ¬a t1 t3 ¬a, b ¬a, c, d the trace is (weakly) compliant in LTL, but the prohibition of ‘d’ is violated. Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 45/46
We Are Here Now Questions? Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 46/46

Recommended

Orientation integrative ecosocial design
Orientation integrative ecosocial designOrientation integrative ecosocial design
Orientation integrative ecosocial designSimha Bode
 
Het leven waard om geleefd te worden zeker met zijn tweeën
Het leven waard om geleefd te worden zeker met zijn tweeën Het leven waard om geleefd te worden zeker met zijn tweeën
Het leven waard om geleefd te worden zeker met zijn tweeën Harrie Duijzend
 
Understanding the census
Understanding the censusUnderstanding the census
Understanding the censusPayment Systems Corp.
 
Binary options reviews
Binary options reviewsBinary options reviews
Binary options reviewsDanielsJames98
 
Tips to make property investment successful
Tips to make property investment successfulTips to make property investment successful
Tips to make property investment successfulShri Kunj Bihari
 
150918 From coal mines to Collins St AFR
150918 From coal mines to Collins St AFR150918 From coal mines to Collins St AFR
150918 From coal mines to Collins St AFRPhilip Edmands
 
Drug(s) of choice in atrial fibrillation.
Drug(s) of choice in atrial fibrillation.Drug(s) of choice in atrial fibrillation.
Drug(s) of choice in atrial fibrillation.drucsamal
 
Brightstar2014mobiletrendsreport 140109094537-phpapp01
Brightstar2014mobiletrendsreport 140109094537-phpapp01Brightstar2014mobiletrendsreport 140109094537-phpapp01
Brightstar2014mobiletrendsreport 140109094537-phpapp01Payment Systems Corp.
 

Recommended

Orientation integrative ecosocial design
Orientation integrative ecosocial designOrientation integrative ecosocial design
Orientation integrative ecosocial designSimha Bode
 
Het leven waard om geleefd te worden zeker met zijn tweeën
Het leven waard om geleefd te worden zeker met zijn tweeën Het leven waard om geleefd te worden zeker met zijn tweeën
Het leven waard om geleefd te worden zeker met zijn tweeën Harrie Duijzend
 
Understanding the census
Understanding the censusUnderstanding the census
Understanding the censusPayment Systems Corp.
 
Binary options reviews
Binary options reviewsBinary options reviews
Binary options reviewsDanielsJames98
 
Tips to make property investment successful
Tips to make property investment successfulTips to make property investment successful
Tips to make property investment successfulShri Kunj Bihari
 
150918 From coal mines to Collins St AFR
150918 From coal mines to Collins St AFR150918 From coal mines to Collins St AFR
150918 From coal mines to Collins St AFRPhilip Edmands
 
Drug(s) of choice in atrial fibrillation.
Drug(s) of choice in atrial fibrillation.Drug(s) of choice in atrial fibrillation.
Drug(s) of choice in atrial fibrillation.drucsamal
 
Brightstar2014mobiletrendsreport 140109094537-phpapp01
Brightstar2014mobiletrendsreport 140109094537-phpapp01Brightstar2014mobiletrendsreport 140109094537-phpapp01
Brightstar2014mobiletrendsreport 140109094537-phpapp01Payment Systems Corp.
 
Accounting for Liabilities- complete.pdf
Accounting for Liabilities- complete.pdfAccounting for Liabilities- complete.pdf
Accounting for Liabilities- complete.pdfManushikaJayathilake
 
ICT Support for Business Process Compliance
ICT Support for Business Process ComplianceICT Support for Business Process Compliance
ICT Support for Business Process ComplianceGuido Governatori
 
COVID-19 (Coronavirus): Your Business Questions Answered
COVID-19 (Coronavirus): Your Business Questions AnsweredCOVID-19 (Coronavirus): Your Business Questions Answered
COVID-19 (Coronavirus): Your Business Questions AnsweredTom Willis
 
Environmental Law for Business: Consultant Liability
Environmental Law for Business: Consultant LiabilityEnvironmental Law for Business: Consultant Liability
Environmental Law for Business: Consultant LiabilityThis account is closed
 
RWY CIPAA 2012 - Scope and Applicability
RWY CIPAA 2012 - Scope and ApplicabilityRWY CIPAA 2012 - Scope and Applicability
RWY CIPAA 2012 - Scope and Applicabilityjyhling
 
Data61's Regulation as a Platform (RaaP)
Data61's Regulation as a Platform (RaaP)Data61's Regulation as a Platform (RaaP)
Data61's Regulation as a Platform (RaaP)Guido Governatori
 
Systech insights edition-Mark Woodward Smith
Systech insights edition-Mark Woodward Smith Systech insights edition-Mark Woodward Smith
Systech insights edition-Mark Woodward Smith mark woodward-smith
 
Computational Law at Data61
Computational Law at Data61Computational Law at Data61
Computational Law at Data61Guido Governatori
 
Group 1 presentation[1]
Group 1 presentation[1]Group 1 presentation[1]
Group 1 presentation[1]hadali4
 
7.ias 37 provision
7.ias 37 provision7.ias 37 provision
7.ias 37 provisionTenkir Seifu
 
The Regorous Approach to Business Process Compliance
The Regorous Approach to Business Process ComplianceThe Regorous Approach to Business Process Compliance
The Regorous Approach to Business Process ComplianceGuido Governatori
 
A. Girardi, M. Ventura, M. Boschi - Partial Credit Guarantees and SMEs Finan...
A. Girardi, M. Ventura, M. Boschi - Partial Credit Guarantees and SMEs Finan...A. Girardi, M. Ventura, M. Boschi - Partial Credit Guarantees and SMEs Finan...
A. Girardi, M. Ventura, M. Boschi - Partial Credit Guarantees and SMEs Finan...Istituto nazionale di statistica
 
Back to the Future (Lubrizol): An Overview of IP &amp; Bankruptcy Issues, Cha...
Back to the Future (Lubrizol): An Overview of IP &amp; Bankruptcy Issues, Cha...Back to the Future (Lubrizol): An Overview of IP &amp; Bankruptcy Issues, Cha...
Back to the Future (Lubrizol): An Overview of IP &amp; Bankruptcy Issues, Cha...blakereese
 
Webinar on Insolvency & Bankruptcy Code,2016
Webinar on Insolvency & Bankruptcy Code,2016Webinar on Insolvency & Bankruptcy Code,2016
Webinar on Insolvency & Bankruptcy Code,2016Indranil Choudhury
 
Construction claims management + project documentation seminar
Construction claims management + project documentation seminarConstruction claims management + project documentation seminar
Construction claims management + project documentation seminarKegler Brown Hill + Ritter
 
THE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a Lift Stay Motion
THE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a Lift Stay MotionTHE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a Lift Stay Motion
THE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a Lift Stay MotionFinancial Poise
 
Insurance Detals
Insurance DetalsInsurance Detals
Insurance DetalsJonathan Richardson
 
Astorian covid impact report
Astorian covid impact reportAstorian covid impact report
Astorian covid impact reportCostin Cozianu
 
2020 Property Manager Impact Report by Astorian
2020 Property Manager Impact Report by Astorian2020 Property Manager Impact Report by Astorian
2020 Property Manager Impact Report by AstorianVictor Hunt
 
2016 may cover
2016 may cover2016 may cover
2016 may coverAnimesh Kumar
 
Australia's RegTech Opportunities (in a digital-first world)
Australia's RegTech Opportunities (in a digital-first world)Australia's RegTech Opportunities (in a digital-first world)
Australia's RegTech Opportunities (in a digital-first world)Guido Governatori
 
Sequence Semantics for Norms and Obligations
Sequence Semantics for Norms and ObligationsSequence Semantics for Norms and Obligations
Sequence Semantics for Norms and ObligationsGuido Governatori
 

More Related Content

Similar to Business Process Compliance Modelling

Accounting for Liabilities- complete.pdf
Accounting for Liabilities- complete.pdfAccounting for Liabilities- complete.pdf
Accounting for Liabilities- complete.pdfManushikaJayathilake
 
ICT Support for Business Process Compliance
ICT Support for Business Process ComplianceICT Support for Business Process Compliance
ICT Support for Business Process ComplianceGuido Governatori
 
COVID-19 (Coronavirus): Your Business Questions Answered
COVID-19 (Coronavirus): Your Business Questions AnsweredCOVID-19 (Coronavirus): Your Business Questions Answered
COVID-19 (Coronavirus): Your Business Questions AnsweredTom Willis
 
Environmental Law for Business: Consultant Liability
Environmental Law for Business: Consultant LiabilityEnvironmental Law for Business: Consultant Liability
Environmental Law for Business: Consultant LiabilityThis account is closed
 
RWY CIPAA 2012 - Scope and Applicability
RWY CIPAA 2012 - Scope and ApplicabilityRWY CIPAA 2012 - Scope and Applicability
RWY CIPAA 2012 - Scope and Applicabilityjyhling
 
Data61's Regulation as a Platform (RaaP)
Data61's Regulation as a Platform (RaaP)Data61's Regulation as a Platform (RaaP)
Data61's Regulation as a Platform (RaaP)Guido Governatori
 
Systech insights edition-Mark Woodward Smith
Systech insights edition-Mark Woodward Smith Systech insights edition-Mark Woodward Smith
Systech insights edition-Mark Woodward Smith mark woodward-smith
 
Group 1 presentation[1]
Group 1 presentation[1]Group 1 presentation[1]
Group 1 presentation[1]hadali4
 
7.ias 37 provision
7.ias 37 provision7.ias 37 provision
7.ias 37 provisionTenkir Seifu
 
The Regorous Approach to Business Process Compliance
The Regorous Approach to Business Process ComplianceThe Regorous Approach to Business Process Compliance
The Regorous Approach to Business Process ComplianceGuido Governatori
 
A. Girardi, M. Ventura, M. Boschi - Partial Credit Guarantees and SMEs Finan...
A. Girardi, M. Ventura, M. Boschi - Partial Credit Guarantees and SMEs Finan...A. Girardi, M. Ventura, M. Boschi - Partial Credit Guarantees and SMEs Finan...
A. Girardi, M. Ventura, M. Boschi - Partial Credit Guarantees and SMEs Finan...Istituto nazionale di statistica
 
Back to the Future (Lubrizol): An Overview of IP &amp; Bankruptcy Issues, Cha...
Back to the Future (Lubrizol): An Overview of IP &amp; Bankruptcy Issues, Cha...Back to the Future (Lubrizol): An Overview of IP &amp; Bankruptcy Issues, Cha...
Back to the Future (Lubrizol): An Overview of IP &amp; Bankruptcy Issues, Cha...blakereese
 
Webinar on Insolvency & Bankruptcy Code,2016
Webinar on Insolvency & Bankruptcy Code,2016Webinar on Insolvency & Bankruptcy Code,2016
Webinar on Insolvency & Bankruptcy Code,2016Indranil Choudhury
 
Construction claims management + project documentation seminar
Construction claims management + project documentation seminarConstruction claims management + project documentation seminar
Construction claims management + project documentation seminarKegler Brown Hill + Ritter
 
THE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a Lift Stay Motion
THE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a Lift Stay MotionTHE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a Lift Stay Motion
THE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a Lift Stay MotionFinancial Poise
 
Astorian covid impact report
Astorian covid impact reportAstorian covid impact report
Astorian covid impact reportCostin Cozianu
 
2020 Property Manager Impact Report by Astorian
2020 Property Manager Impact Report by Astorian2020 Property Manager Impact Report by Astorian
2020 Property Manager Impact Report by AstorianVictor Hunt
 

Similar to Business Process Compliance Modelling (20)

Accounting for Liabilities- complete.pdf
Accounting for Liabilities- complete.pdfAccounting for Liabilities- complete.pdf
Accounting for Liabilities- complete.pdf
 
ICT Support for Business Process Compliance
ICT Support for Business Process ComplianceICT Support for Business Process Compliance
ICT Support for Business Process Compliance
 
COVID-19 (Coronavirus): Your Business Questions Answered
COVID-19 (Coronavirus): Your Business Questions AnsweredCOVID-19 (Coronavirus): Your Business Questions Answered
COVID-19 (Coronavirus): Your Business Questions Answered
 
Environmental Law for Business: Consultant Liability
Environmental Law for Business: Consultant LiabilityEnvironmental Law for Business: Consultant Liability
Environmental Law for Business: Consultant Liability
 
RWY CIPAA 2012 - Scope and Applicability
RWY CIPAA 2012 - Scope and ApplicabilityRWY CIPAA 2012 - Scope and Applicability
RWY CIPAA 2012 - Scope and Applicability
 
Data61's Regulation as a Platform (RaaP)
Data61's Regulation as a Platform (RaaP)Data61's Regulation as a Platform (RaaP)
Data61's Regulation as a Platform (RaaP)
 
Systech insights edition-Mark Woodward Smith
Systech insights edition-Mark Woodward Smith Systech insights edition-Mark Woodward Smith
Systech insights edition-Mark Woodward Smith
 
Computational Law at Data61
Computational Law at Data61Computational Law at Data61
Computational Law at Data61
 
Group 1 presentation[1]
Group 1 presentation[1]Group 1 presentation[1]
Group 1 presentation[1]
 
7.ias 37 provision
7.ias 37 provision7.ias 37 provision
7.ias 37 provision
 
The Regorous Approach to Business Process Compliance
The Regorous Approach to Business Process ComplianceThe Regorous Approach to Business Process Compliance
The Regorous Approach to Business Process Compliance
 
A. Girardi, M. Ventura, M. Boschi - Partial Credit Guarantees and SMEs Finan...
A. Girardi, M. Ventura, M. Boschi - Partial Credit Guarantees and SMEs Finan...A. Girardi, M. Ventura, M. Boschi - Partial Credit Guarantees and SMEs Finan...
A. Girardi, M. Ventura, M. Boschi - Partial Credit Guarantees and SMEs Finan...
 
Back to the Future (Lubrizol): An Overview of IP &amp; Bankruptcy Issues, Cha...
Back to the Future (Lubrizol): An Overview of IP &amp; Bankruptcy Issues, Cha...Back to the Future (Lubrizol): An Overview of IP &amp; Bankruptcy Issues, Cha...
Back to the Future (Lubrizol): An Overview of IP &amp; Bankruptcy Issues, Cha...
 
Webinar on Insolvency & Bankruptcy Code,2016
Webinar on Insolvency & Bankruptcy Code,2016Webinar on Insolvency & Bankruptcy Code,2016
Webinar on Insolvency & Bankruptcy Code,2016
 
Construction claims management + project documentation seminar
Construction claims management + project documentation seminarConstruction claims management + project documentation seminar
Construction claims management + project documentation seminar
 
THE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a Lift Stay Motion
THE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a Lift Stay MotionTHE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a Lift Stay Motion
THE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a Lift Stay Motion
 
Insurance Detals
Insurance DetalsInsurance Detals
Insurance Detals
 
Astorian covid impact report
Astorian covid impact reportAstorian covid impact report
Astorian covid impact report
 
2020 Property Manager Impact Report by Astorian
2020 Property Manager Impact Report by Astorian2020 Property Manager Impact Report by Astorian
2020 Property Manager Impact Report by Astorian
 
2016 may cover
2016 may cover2016 may cover
2016 may cover
 

More from Guido Governatori

Australia's RegTech Opportunities (in a digital-first world)
Australia's RegTech Opportunities (in a digital-first world)Australia's RegTech Opportunities (in a digital-first world)
Australia's RegTech Opportunities (in a digital-first world)Guido Governatori
 
Sequence Semantics for Norms and Obligations
Sequence Semantics for Norms and ObligationsSequence Semantics for Norms and Obligations
Sequence Semantics for Norms and ObligationsGuido Governatori
 
The Journey to Business Process Compliance. Are We There Yet?
The Journey to Business Process Compliance. Are We There Yet?The Journey to Business Process Compliance. Are We There Yet?
The Journey to Business Process Compliance. Are We There Yet?Guido Governatori
 
Practical Non-Monotonic Reasoning
Practical Non-Monotonic ReasoningPractical Non-Monotonic Reasoning
Practical Non-Monotonic ReasoningGuido Governatori
 
Strategic Argumentation is NP-complete
Strategic Argumentation is NP-completeStrategic Argumentation is NP-complete
Strategic Argumentation is NP-completeGuido Governatori
 
Modelling and Reasoning Languages for Social Networks Policies
Modelling and Reasoning Languages for Social Networks PoliciesModelling and Reasoning Languages for Social Networks Policies
Modelling and Reasoning Languages for Social Networks PoliciesGuido Governatori
 

More from Guido Governatori (8)

Australia's RegTech Opportunities (in a digital-first world)
Australia's RegTech Opportunities (in a digital-first world)Australia's RegTech Opportunities (in a digital-first world)
Australia's RegTech Opportunities (in a digital-first world)
 
Sequence Semantics for Norms and Obligations
Sequence Semantics for Norms and ObligationsSequence Semantics for Norms and Obligations
Sequence Semantics for Norms and Obligations
 
The Journey to Business Process Compliance. Are We There Yet?
The Journey to Business Process Compliance. Are We There Yet?The Journey to Business Process Compliance. Are We There Yet?
The Journey to Business Process Compliance. Are We There Yet?
 
No Time for Compliance
No Time for ComplianceNo Time for Compliance
No Time for Compliance
 
Thou Shalt is not You Will
Thou Shalt is not You WillThou Shalt is not You Will
Thou Shalt is not You Will
 
Practical Non-Monotonic Reasoning
Practical Non-Monotonic ReasoningPractical Non-Monotonic Reasoning
Practical Non-Monotonic Reasoning
 
Strategic Argumentation is NP-complete
Strategic Argumentation is NP-completeStrategic Argumentation is NP-complete
Strategic Argumentation is NP-complete
 
Modelling and Reasoning Languages for Social Networks Policies
Modelling and Reasoning Languages for Social Networks PoliciesModelling and Reasoning Languages for Social Networks Policies
Modelling and Reasoning Languages for Social Networks Policies
 

Recently uploaded

Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxsocialsciencegdgrohi
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxJiesonDelaCerna
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...jaredbarbolino94
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 

Recently uploaded (20)

Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptx
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 

Business Process Compliance Modelling

  • 1. Thou Shalt is not You Will Guido Governatori Bologna, 8 January 2012 NICTA Funding and Supporting Members and Partners Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 1/46
  • 2. Outline • Definition of (business process) compliance • Process specifications • Normative requirements • Modelling Norms in (Linear) Temporal Logic Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 2/46
  • 3. What is Compliance? Ensuring that business operations, processes, and practices are in accordance with a given prescriptive (often legal) document Regulatory • Basel II • Sarbanes-Oxley • OFAC (USA Patriot Act) Standards • Best practice models • SAP solution maps • ISO 9000 • Medical guidelines Contracts • Service Agreement • Customer Contract • Warranty • Insurance Policy • Business Partnership Copyright NICTA 2014 Guido Governatori • OSFI “blocked entity” lists • HIPAA • Graham-Leach-Bliley Thou Shalt is not You Will 3/46
  • 4. How to ensure compliance? Compliance is a relationship between two sets of specifications Alignment of formal specifications for business processes and formal specifications for prescriptive (legal) documents. • Conceptually sound representation of processes • Conceptually sound representation of and reasoning with norms Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 4/46
  • 5. Part I Business Process Models Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 5/46
  • 6. Business Process Model Self-contained, temporal and logical order in which a set of activities are executed to achieve a business goal. It describes: • What needs be done and when (control flows) • What we need to work on (data) • Who is doing the work (human and system resources) Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 6/46
  • 7. Execution Traces B C A D F H E G t1 : A, B, C, D, E, F , H t2 : A, D, B, C, E, G, H t3 : A, D, B, C, E, F , H ... Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 7/46
  • 8. Trace: From sequence of tasks to sequence of states Let Lit be a set of literals, T be the set of traces of a process and N be the set of natural numbers State : T × N → 2Lit The function State returns the set of literals describing “what’s going on in a trace t after the execution of the n-th task in the process”. Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 8/46
  • 9. Example C A B Tasks • A: “turn the light on” D Trace 1: A, B, D Trace 2: A, B, C, D • B: “check if glass is empty” • State(i, 1) = { p }, i ∈ { 1, 2 } • C: “fill glass with water” • State(1, 2) = { p, q } • D: “turn glass upside-down” • State(2, 2) = { p, ¬q } • State(2, 3) = { p, q } Propositions • p: “the light is on” • State(1, 3) = { p, ¬q } • q: “the glass is full” • State(2, 4) = { p, ¬q } Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 9/46
  • 10. Part II Modelling Norms Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 10/46
  • 11. Normative Reasoning 101 Norms are modelled as if . . . then rules A1 , . . . , An ⇒ C • norms are defeasible (handling exceptions) • two types of norms • constitutive rules: defining terms used in a legal context • prescriptive rules: defining “normative effects” (i.e., obligations, permissions, prohibitions . . . ) Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 11/46
  • 12. Defeasibility: Reasonable results with minimum effort Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 12/46
  • 13. Defeasiblity: Example 1 TELECOMMUNICATIONS CONSUMER PROTECTIONS CODE (C628:2012) Section 2.1. Definitions Complaint means an expression of dissatisfaction made to a Supplier in relation to its Telecommunications Products or the complaints handling process itself, where a response or Resolution is explicitly or implicitly expected by the Consumer. An initial call to a provider to request a service or information or to request support is not necessarily a Complaint. An initial call to report a fault or service difficulty is not a Complaint. However, if a Customer advises that they want this initial call treated as a Complaint, the Supplier will also treat this initial call as a Complaint. If a Supplier is uncertain, a Supplier must ask a Customer if they wish to make a Complaint and must rely on the Customer’s response. Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 13/46
  • 14. Defeasiblity: Example 2 NATIONAL CONSUMER CREDIT PROTECTION ACT 2009 (Act No. 134 of 2009) Section 29 (1) A person must not engage in a credit activity if the person does not hold a licence authorising the person to engage in the credit activity. (3) For the purposes of subsections (1) and (2), it is a defence if: (a) the person engages in the credit activity on behalf of another person (the principal); and (b) the person is: (i) an employee or director of the principal or of a related body corporate of the principal; or (ii) a credit representative of the principal; and . . . Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 14/46
  • 15. Normative Effects Obligation A situation, an act, or a course of action to which a bearer is legally bound, and if it is not achieved or performed results in a violation. Prohibition A situation, an act, or a course of action which a bearer should avoid, and if it is achieved results in a violation. Permission Something is permitted if the obligation or the prohibition to the contrary does not hold. Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 15/46
  • 16. A Legal Zoo Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 16/46
  • 17. Modelling Obligations Let Lit be a set of literals, T be the set of traces of a process and N be the set of natural numbers Force : T × N → 2Lit The function Force returns the set of literals describing what is obligatory for a particular task. Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 17/46
  • 18. Persistent vs immediate obligations • An immediate (or punctual or non-persistent) obligation must be satisfied in the task where it occurs. ‘complaints in person or by phone must be acknowledged immediately’ • A persistent obligation is activated and it remain in force in the future after it has been activated. ‘A service provider must not disclose personal information without the written consent of the customer’ Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 18/46
  • 19. Modelling Punctual obligation Definition (Punctual Obligation) An obligation o is a punctual obligation in t if and only if ∃n ∈ N : o ∈ Force(t, n – 1), o ∈ Force(t, n + 1), o ∈ Force(t, n). / / A punctual obligation o is violated in t if and only if o ∈ State(t, n). / Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 19/46
  • 20. Graphical Illustration of a Punctual Obligation t 1 n–1 o ∈ Force(t, n) n n+1 z o ∈ State(t, n) / violation of o Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 20/46
  • 21. Persistent Obligations: Achievement vs Maintenance • For an achievement obligation, a certain condition must occur at least once before the deadline ‘Customers must pay before the delivery of the good, after receiving the invoice’ • For maintenance obligations, a certain condition must obtain during all instants before the deadline: ‘After opening a bank account, customers must keep a positive balance until bank charges are taken out’ Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 21/46
  • 22. Modelling Maintenance Obligation Definition (Maintenance Obligation) An obligation o is a maintenance obligation in t if and only if ∃n, m ∈ N : n < m, o ∈ Force(t, n – 1), / o ∈ Force(t, m + 1), / ∀k : n ≤ k ≤ m, o ∈ Force(t, k ) A maintenance obligation o is violated in t if and only if ∃k : n ≤ k ≤ m, o ∈ State(t, k ). / It is possible to relax/strengthen the condition by dropping the conditions on m. Maintenance obligations can be used to model prohibitions. Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 22/46
  • 23. Graphical Illustration of a Maintenance Obligation o ∈ Force o ∈ Force / t Thou Shalt is not You Will 1 n–1 n o ∈ Force / k m m+1 o ∈ State(t, k ) / violation of o Copyright NICTA 2014 z Guido Governatori 23/46
  • 24. Achievement Obligations: Preemptive vs Non-preemptive • preemptive obligations: the fulfillment of an obligation can happen before the obligation has been triggered. (1) A report under section 53 must be given: (a) if the movement of the physical currency is to be effected by a person bringing the physical currency into Australia with the person—at the time worked out under subsection (2); or [. . .] (d) in any other case—at any time before the movement of the physical currency takes place.’ • non preemptive obligations: the fulfillment of an obligation can happen only after the obligation has been triggered. ‘Executors and administrators of a decedent’s estate will be required to give notice to each beneficiary named in the Will within 60 days after the date when an order admitting a will to probate has been signed.’ Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 24/46
  • 25. Modelling Achievement Obligations Definition (Achievement Obligation) An obligation o is an achievement obligation in t if and only if ∃n, m ∈ N : n < m, o ∈ Force(t, n – 1), / o ∈ Force(t, m + 1), / ∀k : n ≤ k ≤ m, o ∈ Force(t, k ) An achievement obligation o is violated in t if and only if • o is preemptive and ∀k : k ≤ m, o ∈ State(t, k ); / • o is non-preemptive and ∀k : n ≤ k ≤ m, o ∈ State(t, k ). / Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 25/46
  • 26. Graphical Illustration of Achievement Obligations Achievement preemptive o ∈ Force o ∈ Force / t 1 n–1 n o ∈ Force / m o ∈ State / z m+1 violation of o Achievement non-preemptive o ∈ Force o ∈ Force / t 1 n–1 n m o ∈ State / Thou Shalt is not You Will o ∈ Force / Copyright NICTA 2014 z m+1 violation of o Guido Governatori 26/46
  • 27. Perdurant vs Non-Perdurant • perdurant obligation: the violation of the obligation does not extinguish the obligation itself. ‘A billing error must be fixed in the next billing cycle’ • non-perdurant obligation: the violation of the obligation terminates the obligation. ‘The assignment must be submitted by the due date’ Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 27/46
  • 28. Modelling Perdurant Obligations Definition (Perdurant Obligation) An obligation o is a perdurant obligation in t if and only if ∃n, m ∈ N : n < m, o ∈ Force(t, n – 1), / o ∈ Force(t, m + 1), / ∀k : n ≤ k ≤ m, o ∈ Force(t, k ) A perdurant obligation o is violated in t if and only if ∃k : n < k < m, ∀j, j ≤ k , o ∈ State(t, j) / Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 28/46
  • 29. Graphical Illustration of Perdurant Obligations o ∈ Force o ∈ Force / t 1 n–1 n o ∈ State(t, k ) / Thou Shalt is not You Will Copyright NICTA 2014 d o ∈ Force / m m+1 violation of o z Guido Governatori 29/46
  • 30. Compensable vs Non-compensable • compensable obligations: fulfilling the penalty related to the violation of the obligation makes the process compliant. ‘Each complaint must be either resolved or escalated and reported to the Telecommunication Ombudsmen’ • non-compensable obligations: violating the obligation makes the process non-compliant. ‘To pass the course a student has to pass the final exam’ Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 30/46
  • 31. Compensations or Acceptable Alternatives? TCPC 2012, Section 8.1.1 . . . implement, operate and comply with a Complaint handling process that: (vii) requires all Complaints to be: A. Resolved in an objective, efficient and fair manner; and B. escalated and managed under the Supplier’s internal escalation process if requested by the Consumer or a former Customer. YAWL Deed of Assignment, Clause 5.2. Each Contributor indemnifies and will defend the Foundation against any claim, liability, loss, damages, cost and expenses suffered or incurred by the Foundation as a result of any breach of the warranties given by the Contributor under clause 5.1. Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 31/46
  • 32. Modelling Compensations Definition (Compensation) A compensation is a function Comp : Lit → 2Lit . Definition (Compensable Obligation) An obligation o is compensable in t if and only if Comp(o) = ∅ and ∀o ∈ Comp(o), ∃n ∈ N : o ∈ Force(t, n). Definition (Compensated Obligation) An obligation o is compensated in t if and only if it is violated and for every o ∈ Comp(o) either: 1 o is not violated in t, or 2 o is compensated in t. Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 32/46
  • 33. Is the Proposed Compliance Semantics Appropriate? • Mathematically the proposed classification is complete (exhaustive) • It is supported by current legal theory • Evaluated empirically with real life (industry scale) case study • formalised Chapter 8 (Complaints) of TCPC 2012 • Modelled the compliant handling/management processes of an Australian telco Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 33/46
  • 34. Evaluation (1) Managing Complaints Process 41 tasks, 12 decision points (xor), 2 loops shortest trace: 6 traces longest trace (loop): 33 tasks longest trace (no loop): 22 tasks over 1000 traces, over 25000 states Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 34/46
  • 35. Evaluation (2) TCPC 2012 Chapter 8. Contains over 100 commas, plus 120 terms (in Terms and Definition Section). Required 223 propositions, 176 rules. Punctual Obligation 5 (5) 90 (110) 41 49 5 (46) (64) (7) 11 (13) 7 1 (9) (4) Permission 9 (16) Compensation 2 (2) Achievement Obligation Preemptive Non preemptive Non perdurant Maintenance Obligation Prohibition Non perdurant Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 35/46
  • 36. Part III Modelling Compliance Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 36/46
  • 37. Formalising Compliance Given a business process and a regulation: • How do we populate the State, Force and Comp functions. Can we model the normative statements in (Linear) Temporal Logic Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 37/46
  • 38. Linear Temporal Logic 101 (Syntax) • Xφ: at the next time φ holds; • Fφ: eventually φ holds (sometimes in the future φ); and • Gφ: globally φ holds (always in the future φ). In addition we have three binary operators: • φ U ψ (until): φ holds until ψ holds; • φ W ψ (weak until): φ holds until ψ holds and ψ might not hold. Interdefinability • Fφ ≡ φ U , • Gφ ≡ ¬F¬φ, • φ W ψ ≡ (φ U ψ ) ∨ Gψ Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 38/46
  • 39. Linear Temporal Logic 102 (Semantics) Transition system TS = (S, R, v ) • S set of states • R ⊆ S × S such that ∀s ∈ S ∃t ∈ S : (s, t) ∈ R • v valuation function Fullpath (trace or run) s0 , s1 , s2 . . . such that (si , si+1 ) ∈ R σ = s0 , s1 , . . . , σi subsequence of σ starting from the i-the element, σ [i] i-th element of σ Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 39/46
  • 40. Linear Temporal Logic 103 (Semantics) • TS, σ |= p (p ∈ Prop) iff p ∈ v (σ [0]); • TS, σ |= ¬φ iff TS, σ |= φ; • TS, σ |= φ ∧ ψ iff TS, σ |= φ and TS, σ |= ψ ; • TS, σ |= Xφ iff TS, σ1 |= φ; • TS, σ |= φ U ψ iff ∃k : k ≥ 0, TS, σk |= ψ and ∀j : 0 ≤ j < k TS, σj |= φ; • TS, σ |= Gφ iff ∀k ≥ 0, TS, σk |= φ; • TS, σ |= Fφ iff ∃k ≥ 0, TS, σk |= φ; A formula φ is true in a fullpath σ iff it is true at the first element of the fullpath. A formula is true in a state S TS, s |= φ iff ∀σ : σ [0] = s, TS, σ |= φ. Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 40/46
  • 41. Temporal Logic and Compliance • Temporal logic and model checking have been used to verification of software and hardware systems • Mature technology • Structural Compliance • Does not distinguish normative positions • Standard Deontic Logic can be simulated in Temporal Logic • Permissions must always be instantiated Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 41/46
  • 42. Running out of time (1) How do we model obligations in LTL? • Achievement obligations: F (sometimes in the future) • Maintenance obligations: G (always in the future) Fp ≡ ¬G¬p In deontic logic the dual of obligation is permission. Pp ≡ ¬O¬p Obligation implies permission Op → Pp How do we model permission in LTL? Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 42/46
  • 43. Running out of time (2) • tautologies are not obligatory (i.e., ¬O ) • obligations, prohibitions and permissions cannot be obtained from a model, but are given by bodies with the power to issue them. In every factual model, in every path and every state in the path we have ‘if planet Earth exists the Sun rises in the East’. O(Earth → SunriseEast) Who do we sue if one morning the Sun does not rise in the East? • aggregation and distribution are problematic Oa p ∧ Oa q O(p ∧ q) Thou Shalt is not You Will Copyright NICTA 2014 Oa (p ∧ q) Op ∧ Oq Guido Governatori 43/46
  • 44. A Privacy Dilemma Section 1: (Prohibition to collect personal medical information) Offence: It is an offence to collect personal medical information. Defence: It is a defence to the prohibition of collecting personal medical information, if an entity immediately destroys the illegally collected personal medical information before making any use of the personal medical information Section 2: An entity is permitted to collect personal medical information if the entity acts under a Court Order authorising the collection of personal medical information. Section 3: (Prohibition to collect personal information) It is forbidden to collect personal information unless an entity is permitted to collect personal medical information. Offence: an entity collected personal information Defence: an entity being permitted to collect personal medical information. Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 44/46
  • 45. Definitely running out of time • ‘b’ is forbidden, its violation is compensated by ‘c’: O¬b ⊗ c • if ‘a’ is the case then ‘b’ is permitted: a → Pb • ‘d’ is forbidden: O¬d • if ‘b’ is permitted, so is ‘d’: Pb → Pd t0 ¬a t1 t3 ¬a, b ¬a, c, d the trace is (weakly) compliant in LTL, but the prohibition of ‘d’ is violated. Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 45/46
  • 46. We Are Here Now Questions? Thou Shalt is not You Will Copyright NICTA 2014 Guido Governatori 46/46