Compliance by Design for Artifact-Centric Business Processes
•
0 likes•601 views
This document discusses an approach called "compliance by design" for ensuring that artifact-centric business processes are compliant with regulations. It involves: 1) Specifying a business process model, artifacts, agents, locations and goals 2) Translating legal texts into compliance rules 3) Modeling the compliance rules and integrating them with the business process model 4) Using tools to generate a compliant business process model that satisfies both behavioral and compliance requirements. This approach aims to avoid subsequent proofs of compliance by building compliance into the design from the start. It also allows flexibility to change compliance rules without needing to regenerate the entire process model.
Recommended
More Related Content
More from Universität Rostock
More from Universität Rostock (20)
Recently uploaded
Recently uploaded (20)
Compliance by Design for Artifact-Centric Business Processes
- 1. COMPLIANCE BY DESIGN FOR ARTIFACT-CENTRIC BUSINESS PROCESSES Niels Lohmann
- 2. DISLIKED THINGS 1 “ Disliked things must not be forbidden: they have to be impossible! ”
- 3. DISLIKED THINGS 1 “ Disliked things must not be forbidden: they have to be impossible! ” CARL ADAM PETRI
- 4. DISLIKED THINGS 1 Unsound or noncompliant behaviors “ Disliked things must not be forbidden: they have to be impossible! ” CARL ADAM PETRI
- 5. CORRECTNESS BY VERIFICATION 2 SPECIFICATION
- 6. CORRECTNESS BY VERIFICATION 2 CHECK SPECIFICATION
- 7. CORRECTNESS BY VERIFICATION 2 CHECK REPAIR SPECIFICATION
- 8. CORRECTNESS BY VERIFICATION 2 CHECK REPAIR SPECIFICATION
- 9. CORRECTNESS BY VERIFICATION 2 CORRECT MODEL CHECK REPAIR SPECIFICATION
- 10. CORRECTNESS BY DESIGN 3 SPECIFICATION CORRECT MODEL
- 11. CORRECTNESS BY DESIGN 3 SPECIFICATION CORRECT MODEL BEHAVIOR SOUNDNESS DESCRIPTION
- 12. CORRECTNESS BY DESIGN 3 SPECIFICATION CORRECT MODEL BEHAVIOR SOUNDNESS DESCRIPTION COMPLIANCE RULES COMPLIANCE
- 13. CORRECTNESS BY DESIGN 3 3 SPECIFICATION CORRECT MODEL BEHAVIOR DESCRIPTION 2 SOUNDNESS COMPLIANCE RULES 1 COMPLIANCE
- 14. COMPLIANCE RULES 4 LEGAL TEXTS + REGULATIONS OFTEN PROCESS-INDEPENDENT TRANSLATED INTO RULES BY DOMAIN EXPERTS ASSUMPTION: RULES AFFECT MODEL’S BEHAVIOR
- 15. COMPLIANCE RULES 4 LEGAL TEXTS + REGULATIONS OFTEN PROCESS-INDEPENDENT TRANSLATED INTO RULES BY DOMAIN EXPERTS ASSUMPTION: RULES AFFECT MODEL’S BEHAVIOR “The action ‘create settlement’ must be executed a"er ‘submit claim’, but before ‘archive claim’.”
- 16. COMPLIANCE RULES 4 LEGAL TEXTS + REGULATIONS OFTEN PROCESS-INDEPENDENT TRANSLATED INTO RULES BY DOMAIN EXPERTS ASSUMPTION: RULES AFFECT MODEL’S BEHAVIOR “The action ‘create settlement’ must be executed a"er ‘submit claim’, but before ‘archive claim’.”
- 17. COMPLIANCE RULES 4 LEGAL TEXTS + REGULATIONS OFTEN PROCESS-INDEPENDENT TRANSLATED INTO RULES BY DOMAIN EXPERTS ASSUMPTION: RULES AFFECT MODEL’S BEHAVIOR “The action ‘create settlement’ must be executed a"er ‘submit claim’, but before ‘archive claim’.”
- 18. COMPLIANCE RULES 4 LEGAL TEXTS + REGULATIONS OFTEN PROCESS-INDEPENDENT TRANSLATED INTO RULES BY DOMAIN EXPERTS ASSUMPTION: RULES AFFECT MODEL’S BEHAVIOR “The action ‘create settlement’ must be executed a"er ‘submit claim’, but before ‘archive claim’.”
- 19. MODELING COMPLIANCE RULES 5 SUBMIT CREATE ARCHIVE CLAIM SETTLEMENT CLAIM “The action ‘create settlement’ must be executed a"er ‘submit claim’, but before ‘archive claim’.”
- 20. MODELING COMPLIANCE RULES 5 SUBMIT CREATE ARCHIVE CLAIM SETTLEMENT CLAIM “The action ‘create settlement’ must be executed a"er ‘submit claim’, but before ‘archive claim’.”
- 21. MODELING COMPLIANCE RULES 5 SUBMIT CREATE ARCHIVE CLAIM SETTLEMENT CLAIM CREATE SETTLEMENT “The action ‘create settlement’ must be executed a"er ‘submit claim’, but before ‘archive claim’.”
- 22. MODELING COMPLIANCE RULES 5 ARCHIVE CLAIM SUBMIT CREATE ARCHIVE CLAIM SETTLEMENT CLAIM CREATE SETTLEMENT “The action ‘create settlement’ must be executed a"er ‘submit claim’, but before ‘archive claim’.”
- 23. EXPRESSIVENESS 6 ✔ ENFORCEMENT/EXCLUSION OF ACTIONS AND DATA STATES ✔ ORDERING AND NUMBERING CONSTRAINTS ✔ DATA AND CONTROL FLOW CONCURRENCE ✔ FINITE LTL-X
- 24. ARTIFACT-CENTRIC BUSINESS PROCESS 7 QUOTE ORDER INVOICE CARGO [LOHMANN AND WOLF, ICSOC 2010]
- 25. ARTIFACT-CENTRIC BUSINESS PROCESS 7 QUOTE ORDER “NOUN-CENTRIC” INVOICE CARGO [LOHMANN AND WOLF, ICSOC 2010]
- 26. ARTIFACT-CENTRIC BUSINESS PROCESS 7 QUOTE ORDER “NOUN-CENTRIC” DECLARATIVE INVOICE CARGO [LOHMANN AND WOLF, ICSOC 2010]
- 27. ARTIFACT-CENTRIC BUSINESS PROCESS 7 CREATED ACCEPTED RECEIVED REJECTED CONFIRMED QUOTE ORDER FILED “NOUN-CENTRIC” DECLARATIVE SENT PAID ASSEMBLED INVOICE PACKAGED CARGO SHIPPED [LOHMANN AND WOLF, ICSOC 2010]
- 28. ARTIFACT-CENTRIC BUSINESS PROCESS 7 CREATED ACCEPTED RECEIVED REJECTED CONFIRMED QUOTE ORDER FILED “NOUN-CENTRIC” DECLARATIVE SENT PAID ASSEMBLED INVOICE PACKAGED CARGO SHIPPED [LOHMANN AND WOLF, ICSOC 2010]
- 29. ARTIFACTS 8 OBJECT LIFE CYCLE EMPTY MODELS ARTIFACT’S EVOLUTION CREATED ACCEPTED REJECTED QUOTE [LOHMANN AND WOLF, ICSOC 2010]
- 30. ARTIFACTS 8 OBJECT LIFE CYCLE EMPTY MODELS ARTIFACT’S EVOLUTION SELLER CREATED AGENTS MAY EXECUTE ARTIFACT’S TASKS CUSTOMER CUSTOMER ACCEPTED REJECTED QUOTE [LOHMANN AND WOLF, ICSOC 2010]
- 31. ARTIFACTS 8 OBJECT LIFE CYCLE EMPTY MODELS ARTIFACT’S EVOLUTION SELLER @ SELLER CREATED AGENTS MAY EXECUTE ARTIFACT’S TASKS CUSTOMER CUSTOMER LOCATIONS ACCEPTED REJECTED INFLUENCE QUOTE EXECUTABILITY @ SELLER [LOHMANN AND WOLF, ICSOC 2010]
- 32. ARTIFACT-CENTRIC BUSINESS PROCESS 9 9 ARTIFACTS + AGENTS > > > + LOCATIONS > > > = receive order create quote send quote quote rejected ! POLICIES > > quote accepted + confirm order send invoice payment received + > > assemble ship > cargo cargo > ; SOUND ✔ GOAL STATES BUSINESS PROCESS [LOHMANN AND WOLF, ICSOC 2010]
- 33. ARTIFACT-CENTRIC BUSINESS PROCESS 9 9 ARTIFACTS > + AGENTS > > + LOCATIONS > > > = ! receive create send quote order quote quote rejected POLICIES confirm order > > quote accepted + send invoice payment received + ✔ > GOAL STATES > assemble cargo ship cargo > > SOUND AND COMPLIANCE ; COMPLIANT RULES BUSINESS PROCESS
- 34. ARTIFACT-CENTRIC BUSINESS PROCESS 9 9 ARTIFACTS > TOOL + AGENTS > > SUPPORT + LOCATIONS > > > = POLICIES > > > GOAL STATES > > > SOUND AND COMPLIANCE ; COMPLIANT RULES BUSINESS PROCESS
- 35. POLICIES VS. COMPLIANCE RULES 10 POLICIES ! CONSTRAIN ARTIFACT BEHAVIOR MAY DISABLE ARBITRARY ACTIONS COMPLIANCE RULES MONITOR ARTIFACT BEHAVIOR MUST NOT DISABLE ACTIONS NONCOMPLIANCE IS REFLECTED BY NONFINAL STATES
- 36. DIAGNOSIS INFORMATION 11 COMPLIANCE BY DETECTION CORRECT MODEL REPAIR CHECK COUNTEREXAMPLE MEANS: CURRENT MODEL IS SPECIFICATION NONCOMPLIANT (YET..?) COMPLIANCE BY CONSTRUCTION COUNTEREXAMPLE MEANS: PROCESS SPECIFICATION CANNOT BE MADE SPECIFICATION CORRECT MODEL COMPLIANT
- 37. TAKE-HOME POINTS 12 COMPLIANCE BY DESIGN 1 AVOIDS SUBSEQUENT PROOFS EXPRESSIVENESS 2 A LOT OF RULES CAN BE EXPRESSED FLEXIBILITY 3 CHANGED RULES = REPEAT GENERATION COMPLETENESS 4 GENERATE MAXIMAL COMPLIANT MODEL
- 38. COMPLIANCE BY DESIGN FOR ARTIFACT-CENTRIC BUSINESS PROCESSES niels.lohmann@uni-rostock.de http://about.me/nlohmann Niels Lohmann