Process compliance refers to the alignment between business processes and regulatory requirements. Compliance is difficult because it needs to be able to express the intent and the possible interpretations of laws into formal models, align models with traces in a process, and inspect whether these traces are generating violations. This paper focuses on a largely unexplored area within BPM: the compliance of high-level and non-functional requirements. While compliance checking has been studied through conformance checking techniques, most regulatory requirements are defined in subjective and high-level terms, limiting the application of rule-checking and alignments to specific cases. In contrast, we propose the application of requirement engineering methods for business process compliance. In particular, we raise the level of abstraction from the compliance of specific patterns to the satisfaction of high-level goals and subjective qualities. We propose a framework that connects process models with goal models, rendering explicit alternatives for the satisfaction of vague goals and subjective qualities. Compliance checking is reduced to a reachability of a state where subjective qualities are satisfied. This approach is exhibited in a data protection scenario, and we provide a prototypical implementation of the compliance checking tool.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

High-Level Requirements-Driven Business Process Compliance

  • Juanita Caballero-Villalobos,
  • Andrea Burattin,
  • Hugo A. López

摘要

Process compliance refers to the alignment between business processes and regulatory requirements. Compliance is difficult because it needs to be able to express the intent and the possible interpretations of laws into formal models, align models with traces in a process, and inspect whether these traces are generating violations. This paper focuses on a largely unexplored area within BPM: the compliance of high-level and non-functional requirements. While compliance checking has been studied through conformance checking techniques, most regulatory requirements are defined in subjective and high-level terms, limiting the application of rule-checking and alignments to specific cases. In contrast, we propose the application of requirement engineering methods for business process compliance. In particular, we raise the level of abstraction from the compliance of specific patterns to the satisfaction of high-level goals and subjective qualities. We propose a framework that connects process models with goal models, rendering explicit alternatives for the satisfaction of vague goals and subjective qualities. Compliance checking is reduced to a reachability of a state where subjective qualities are satisfied. This approach is exhibited in a data protection scenario, and we provide a prototypical implementation of the compliance checking tool.