=Paper=
{{Paper
|id=Vol-1701/paper13
|storemode=property
|title=A Visual Language for Modeling Multiple Perspectives of Business Process Compliance Rules (Extended Abstract)
|pdfUrl=https://ceur-ws.org/Vol-1701/paper13.pdf
|volume=Vol-1701
|authors=David Knuplesch,Manfred Reichert
|dblpUrl=https://dblp.org/rec/conf/emisa/KnupleschR16
}}
==A Visual Language for Modeling Multiple Perspectives of Business Process Compliance Rules (Extended Abstract)==
https://ceur-ws.org/Vol-1701/paper13.pdf
Jan Mendling and Stefanie Rinderle-Ma, eds.: Proceedings of EMISA 2016,
Gesellschaft für Informatik, Bonn 2016
A Visual Language for Modeling Multiple Perspectives of
Business Process Compliance Rules (Extended Abstract)
David Knuplesch1 und Manfred Reichert1
Abstract: A fundamental challenge for enterprises is to ensure compliance of their business proces-
ses with imposed compliance rules stemming from various sources, e.g., corporate guidelines, best
practices, standards, and laws. In general, a compliance rule may refer to multiple process perspec-
tives including control flow, time, data, resources, and interactions with business partners. On one
hand, compliance rules should be comprehensible for domain experts who must define, verify and
apply them. On the other, these rules should have a precise semantics to avoid ambiguities and enable
their automated processing. Providing a visual language is advantageous in this context as it allows
hiding formal details and offering an intuitive way of modeling the compliance rules. However, exis-
ting visual languages for compliance rule modeling have focused on the control flow perspective so
far, but lack proper support for the other process perspectives. To remedy this drawback, we introdu-
ce the extended Compliance Rule Graph language, which enables the visual modeling of compliance
rules with the support of multiple perspectives. Overall, this language will foster the modeling and
verification of compliance rules in practice.
The work summarized in this extended abstract has been published in [KR16]
Keywords:business process compliance, extended compliance rule graphs, business process mode-
ling, smart processes
1 Motivation
During the last decades a variety of techniques for verifying the correctness of business
process models were proposed. While early approaches focused on issues related to struc-
tural and behavioral model correctness (e.g., absence of deadlocks and livelocks) [vdA97],
the semantic correctness of process models with respect to imposed compliance rules
(i.e., business process compliance) has been subject to recent works [GMS06, LRD08,
AWW09, Kn10]. Compliance rules constrain the execution order (i.e. control flow) of
tasks and may originate, for example, from security constraints, domain-specific guideli-
nes, corporate standards, and legal regulations. Besides the control flow perspective, other
fundamental perspectives relevant in the context of business process compliance refer to
time, data, and resources as well as the interactions a business process has with partner
processes [CRRC10, Ra12, Kn13a].
1 Ulm University, Institute of Database and Information Systems,
James-Franck-Ring, 89081 Ulm, Germany,
{david.knuplesch,manfred.reichert}@uni-ulm.de
�2 Problem Statement and Contribution
In practice, compliance rules are represented in a rather verbose and ambiguous way. To
enable the computer-based verification of business process compliance, i.e., to verify that
a particular business process meets imposed compliance rules, subject matter experts and
business analysts should provide unambiguous descriptions of compliance rules, which
then can be translated into a machine-readable representation by IT experts. For the latter
purpose, several approaches for the formal specification of compliance rules exist, e.g. ap-
plying linear temporal logics (LTL) [GK07] or using the formal contract language (FCL)
[GS09]. As formal rule languages would be too intricate for subject matter experts and
business analysts, rule patterns hiding formal details and providing informal explanations
were suggested [DAC98, Tu12, Ra13]. Although few approaches exist that not only con-
sider the control flow perspective, but also the data, time and resource perspectives, these
approaches only support a pre-specified set of rule patterns.
Empirical studies show that business process modeling as well as compliance rule descrip-
tion languages, which both employ visual notations, offer advantages compared to purely
text-based specifications [Ot12, HZ14]. Examples of visual notations for compliance rules
include Compliance Rule Graphs [LRMD10], BPMN-Q [ADW08], and BPSL [LMX07].
Like visual process modeling languages, theses approaches combine an intuitive notati-
on with the advantages of a formal language. Existing visual compliance rule languages,
however, lack a comprehensive support of the time, data, resource, and interaction per-
spectives of a business processes, which hinders their use in more sophisticated scenarios.
To remedy this drawback, we provide an approach for the visual modeling of compliance
rules in [KR16] referring to these perspectives as well as to the interactions a business pro-
cess may have with partner processes. In particular, we show how the various perspectives
can be visually represented with the extended Compliance Rule Graph (eCRG) language.
For this purpose, [KR16] introduces all elements of the eCRG language step-by-step and
along various examples. We evaluate the expressiveness of the eCRG language based on
well-known patterns and its application to a real-world healthcare scenario. Furthermore,
understandability issues are considered in an empirical study that confirms that Manage-
ment Scientists are able to understand eCRGs and that their eCRG understanding can reach
a level not largely differing from the one of Computer Scientists. Finally, [KR16] presents
two proof-of-concept prototypes, which support the modeling of eCRGs as well as their
verification against process logs.
Altogether, the eCRG language allows domain experts to capture compliance requirements
at both an abstract and a visual level, while enabling the specification of verifiable com-
pliance rules that consider the various perspectives.
Note that [KR16] significantly extends previous work, which introduced fundamentals
of the eCRG language [Kn13b, SKR14]. In addition to these preliminary works, [KR16]
provides the first detailed presentation of the eCRG elements and an empirical study on
the understandability of the eCRG language. Furthermore, [KR16] introduces a proof-of-
concept prototype, which comprises a modeling environment, as well as an eCRG com-
� Jan Mendling and Stefanie Rinderle-Ma, eds.: Proceedings of EMISA 2016,
Gesellschaft für Informatik, Bonn 2016
pliance checker verifying the compliance of given process execution logs with a set of
eCRGs, and provides a more profound discussion of related work.
3 Outlook
Our overall aim is to ensure multi-perspective compliance for all phases of the process
life cycle. Hence, there is ongoing work applying the extended Compliance Rule Graph
(eCRG) language for runtime compliance monitoring [KRK15] as well as for compliance
checking in the context of process changes [Kn15]. Furthermore, we plan to compare the
eCRG language with pattern- and logic-based approaches in another empirical study.
Literatur
[ADW08] Awad, Ahmed; Decker, Gero; Weske, Mathias: Efficient Compliance Checking Using
BPMN-Q and Temporal Logic. In: BPM’08. Jgg. 5240 in LNCS. Springer, S. 326–341,
2008.
[AWW09] Awad, Ahmed; Weidlich, Matthias; Weske, Mathias: Specification, Verification and Ex-
planation of Violation for Data Aware Compliance Rules. In: ICSOC’09. Jgg. 5900 in
LNCS. Springer, S. 500–515, 2009.
[CRRC10] Cabanillas, Cristina; Resinas, Manuel; Ruiz-Cortés, Antonio: Hints on how to face busi-
ness process compliance. In: JISBD’10. S. 26–32, 2010.
[DAC98] Dwyer, Matthew B.; Avrunin, George S.; Corbett, James C.: Property Specification
Patterns for Finite-state Verification. In: FMSP’98. ACM, S. 7–15, 1998.
[GK07] Ghose, A. K; Koliadis, G.: Auditing Business Process Compliance. In: ICSOC’07. Jgg.
4749 in LNCS. Springer, S. 169–180, 2007.
[GMS06] Governatori, G.; Milosevic, Z.; Sadiq, S.: Compliance checking between business pro-
cesses and business contracts. In: EDOC’06. IEEE, S. 221–232, 2006.
[GS09] Governatori, Guido; Sadiq, Shazia: The Journey to Business Process Compliance. In:
Handbook of Research on BPM, S. 426–454. IGI Global, 2009.
[HZ14] Haisjackl, Cornelia; Zugal, Stefan: Investigating Differences between Graphical and
Textual Declarative Process Models. In: CAiSE’14 Workshops, Jgg. 178 in LNBIP, S.
194–206. Springer, 2014.
[Kn10] Knuplesch, D.; Ly, Lin T.; Rinderle-Ma, S.; Pfeifer, H.; Dadam, P.: On Enabling data-
aware Compliance Checking of Business Process Models. In: ER’2010. Jgg. 6412 in
LNCS. Springer, S. 332–346, 2010.
[Kn13a] Knuplesch, D.; Reichert, M.; Mangler, J.; Rinderle-Ma, S.; Fdhila, W.: Towards Com-
pliance of Cross-Organizational Processes and their Changes. In: BPM’12 Workshops.
Jgg. 132 in LNBIP. Springer, S. 649–661, 2013.
[Kn13b] Knuplesch, David; Reichert, Manfred; Ly, Linh Thao; Kumar, Akhil; Rinderle-Ma, Ste-
fanie: Visual modeling of business process compliance rules with the support of multi-
ple perspectives. In: ER’2013. Jgg. 8217 in LNCS. Springer, S. 106–120, 2013.
�[Kn15] Knuplesch, David; Fdhila, Walid; Reichert, Manfred; Rinderle-Ma, Stefanie: Detecting
the Effects of Changes on the Compliance of Cross-organizational Business Processes.
In: ER’15. Jgg. 9381 in LNCS. Springer, S. 94–107, 2015.
[KR16] Knuplesch, David; Reichert, Manfred: A visual language for modeling multiple per-
spectives of business process compliance rules. Software & Systems Modeling, S.
(Online), 2016.
[KRK15] Knuplesch, David; Reichert, Manfred; Kumar, Akhil: Visually Monitoring Multiple
Perspectives of Business Process Compliance. In: BPM’15. Jgg. 9253 in LNCS. Sprin-
ger, S. 263–279, 2015.
[LMX07] Liu, Y.; Müller, S.; Xu, K.: A static compliance-checking framework for business pro-
cess models. IBM Systems Journal, 46(2):335–261, 2007.
[LRD08] Ly, Linh Thao; Rinderle, Stefanie; Dadam, Peter: Integration and verification of seman-
tic constraints in adaptive process management systems. Data & Knowledge Enginee-
ring, 64(1):3–23, 2008.
[LRMD10] Ly, Linh Thao; Rinderle-Ma, Stefanie; Dadam, Peter: Design and Verification of Instan-
tiable Compliance Rule Graphs in process-aware Information Systems. In: CAiSE’10.
Jgg. 6051 in LNCS. Springer, S. 9–23, 2010.
[Ot12] Ottensooser, Avner; Fekete, Alan; Reijers, Hajo A.; Mendling, Jan; Menictas, Con: Ma-
king sense of business process descriptions: An experimental comparison of graphical
and textual notations. Journal of Systems and Software, 85(3):596–606, 2012.
[Ra12] Ramezani, Elham; Fahland, Dirk; van der Werf, Jan Martijn; Mattheis, Peter: Separating
compliance management and business process management. In: BPM’11 Workshops.
Jgg. 100 in LNBIP. Springer, S. 459–464, 2012.
[Ra13] Ramezani Taghiabadi, Elham; Fahland, Dirk; van Dongen, Boudewijn F.; van der Aalst,
Wil M. P.: Diagnostic Information for Compliance Checking of Temporal Compliance
Requirements. In: CAiSE’13. Jgg. 7908 in LNCS. Springer, S. 304–320, 2013.
[SKR14] Semmelrodt, Franziska; Knuplesch, David; Reichert, Manfred: Modeling the Resource
Perspective of Business Process Compliance Rules with the Extended Compliance Rule
Graph. In: BPMDS’14. Jgg. 175 in LNBIP. Springer, S. 48–63, 2014.
[Tu12] Turetken, Oktay; Elgammal, Amal; van den Heuvel, Willem-Jan; Papazoglou, Mike:
Capturing Compliance Requirements: A Pattern-Based Approach. IEEE Software, S.
29–36, 2012.
[vdA97] van der Aalst, Wil M. P.: Verification of Workflow Nets. In: ICATPN’97. Jgg. 1248 in
LNCS. Springer, S. 407–426, 1997.
�