The Journey to Business Process Compliance

Governatori, Guido; Sadiq, Shazia

doi:10.4018/9781605662886.ch020

Cited by 35 publications

(66 citation statements)

References 11 publications

(11 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…10 Regorous is an implementation of the compliance checking methodology proposed by Sadiq et al (2007): Governatori and Sadiq 2009 where the normative provisions relevant to a process are encoded in PCL Governatori and Rotolo (2010a, b) and the tasks of a process are annotated with sets of literals taken from the language used to model the norms. The Regorous module to check compliance generates the traces of the given process and cumulates the annotations attached to the tasks using an update semantics to determine the state corresponding to a task in a trace (i.e., in case a literal from the then current task is the complementary of from a previous task, we remove the old literal and we insert the new one).…”

Section: Discussionmentioning

confidence: 99%

“…A violation does not always imply the consequent termination of or impossibility to continue a business process. Certain violations can be compensated for, and processes with compensated violations are still compliant Governatori and Sadiq (2009). For example, contracts typically contain compensatory clauses specifying penalties and other sanctions triggered by breaches of contract clauses (Governatori 2005).…”

Section: Normative Requirementsmentioning

confidence: 99%

“…Definition 20 can be used at design time in what is called compliance-by-design proposed by Sadiq et al (2007); Governatori and Sadiq (2009), i.e., verifying before deploying a process that the process complies with given regulations. Clearly, the definition is not suitable for checking compliance at run-time (also called conformance) or auditing (log analysis), since it is possible that some of the possible visible traces are never executed (run-time) or were not executed (auditing).…”

Section: N Is Fully Compliant If and Only If Every Tracementioning

confidence: 99%

“…Hence, a process reflecting the behaviour of a web service can be used to verify the effectiveness of the regulations and policy controls. Governatori and Sadiq (2009) define business process compliance as the relationships between the formal specifications of a business process and the formal specifications of a set of normative constraints, where a process is compliant if the specifications of the processes do not violated the constraints formalising the norms. Accordingly, we have to provide (1) a formal model for the representation of business processes, (2) a formal model for the representation of the norms and, eventually (3) a bridging mechanism between the two representations (if they are expressed in two different formalisms).…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Normative requirements for regulatory compliance: An abstract formal framework

2015

Self Cite

View full text Add to dashboard Cite

By definition, regulatory rules (in legal context called norms) intend to achieve specific behaviour from business processes, and might be relevant to the whole or part of a business process. They can impose conditions on different aspects of process models, e.g., control-flow, data and resources etc. Based on the rules sets, norms can be classified into various classes and sub-classes according to their effects. This paper presents an abstract framework consisting of a list of norms and a generic compliance checking approach on the idea of (possible) execution of processes. The proposed framework is independent of any existing formalism, and provides a conceptually rich and exhaustive ontology and semantics of norms needed for business process compliance checking. Apart from the other uses, the proposed framework can be used to compare different compliance management frameworks (CMFs).

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Normative Requirementsmentioning

confidence: 99%

Section: N Is Fully Compliant If and Only If Every Tracementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Normative requirements for regulatory compliance: An abstract formal framework

2015

Self Cite

View full text Add to dashboard Cite

show abstract

“…This second view agrees with the one of Cannon and Byers [7], who state that "Compliance is simply about ensuring that business processes are executed as expected." According to Governatori and Sadiq [14][33], the term compliance "is often used to denote and demonstrate adherence of one set of rules … against another set of rules". The authors continue to say that, "ensuring compliance of business processes with a normative document means ensuring consistency of norms stated in normative documents and rules covering the execution of business processes".…”

Section: Compliance and Consistency Checkingmentioning

confidence: 99%

Towards a process for legally compliant software

Hassan

Logrippo

2013

2013 6th International Workshop on Requirements Engineering and Law (RELAW)

View full text Add to dashboard Cite

We propose a method and a process for legal software requirements extraction and compliance checking. We describe a requirements extraction model, a set of rules for specifying the format of the extracted information, a set of UML-based principles for translating the extracted information into a language based on predicate logic, and finally, a tool that analyzes the resulting logic model and displays the results of the analysis. The translation principles are based on a Governance Analysis Model (GAM) which is described in UML; the language is our Governance Analysis Language (GAL) and the tool is our Governance Analysis Tool (GAT). MIT's logic analyzer Alloy is the engine on which GAT runs. GAL is translated into assertions in Alloy's language and the Alloy tool can find counterexamples indicating situations of non-compliance.

show abstract

Legal Knowledge and Agility in Public Administration

Boer

Engers

2013

Intell. Sys. Acc. Fin. Mgmt.

View full text Add to dashboard Cite

SUMMARYTo address agility in public administration, we have developed a knowledge acquisition infrastructure for legal knowledge, based on an implementation-oriented conceptualization of the legal system. Our objective is to reframe legal knowledge as a knowledge source in a design-oriented task ontology, building on insights from the CommonKADS methodology for intelligent system design. The main result is to make case law and legal expert knowledge of critical incidents in organizations, two diagnostic knowledge sources underutilized in modern management and engineering, more accessible as a resource for design of agile organizational structures and intelligent systems.

show abstract

The Journey to Business Process Compliance

Cited by 35 publications

References 11 publications

Normative requirements for regulatory compliance: An abstract formal framework

Normative requirements for regulatory compliance: An abstract formal framework

Towards a process for legally compliant software

Legal Knowledge and Agility in Public Administration

Contact Info

Product

Resources

About