High-Level Requirements-Driven Business Process Compliance
摘要
Process compliance refers to the alignment between business processes and regulatory requirements. Compliance is difficult because it needs to be able to express the intent and the possible interpretations of laws into formal models, align models with traces in a process, and inspect whether these traces are generating violations. This paper focuses on a largely unexplored area within BPM: the compliance of high-level and non-functional requirements. While compliance checking has been studied through conformance checking techniques, most regulatory requirements are defined in subjective and high-level terms, limiting the application of rule-checking and alignments to specific cases. In contrast, we propose the application of requirement engineering methods for business process compliance. In particular, we raise the level of abstraction from the compliance of specific patterns to the satisfaction of high-level goals and subjective qualities. We propose a framework that connects process models with goal models, rendering explicit alternatives for the satisfaction of vague goals and subjective qualities. Compliance checking is reduced to a reachability of a state where subjective qualities are satisfied. This approach is exhibited in a data protection scenario, and we provide a prototypical implementation of the compliance checking tool.