From Regulatory Policies to Event Monitoring Rules: Towards Model-Driven Compliance Automation
نویسندگان
چکیده
The complexity and costs of conforming to regulatory objectives in large enterprises has drastically heightened the need for consistent and automated approaches to managing compliance. To uniformly describe and manage compliance policies in distributed and heterogeneous IT environments, we have proposed a compliance metamodel for formally capturing regulatory requirements and managing them in a systematic lifecycle. A key aspect in automating compliance involves the monitoring of application events to determine whether business processes and applications operate within the parameters set forth in formal compliance policies. We show how subsets of the regulations, industry guidances or best practices that are expressed in terms of the metamodel can be (semi-)automatically transformed into event monitoring rules with the help of temporal rule patterns. Using examples of regulatory requirements, we demonstrate their formalization in compliance policies and their automated transformation into event correlation rules.
منابع مشابه
Model-aware Monitoring of SOAs for Compliance
Business processes today are supported by process-driven service oriented architectures. Due to the increasing importance of compliance of an organization with regulatory requirements and internal policies, there is a need for appropriate techniques to monitor organizational information systems as they execute business processes. Event-based monitoring of processes is one of the ways to provide...
متن کاملPolicy-based Data Integration for e-Health Monitoring Processes in a B2B Environment: Experiences from Canada
eHealth processes are data-focused, event-driven, and dynamic. They are systematically monitored for compliance with legislation, organizational guidelines and quality of care protocols. Community care, especially at home care, frequently requires the cooperation and integration of care processes across several providers and organizations. Service Oriented Architecture (SOA) through Web service...
متن کاملShareholder Wealth Effects of MANAGEMENT Regulatory COMPLIANCE
Purpose: This paper addresses whether and how the Sarbanes-Oxley Act of 2002(SOX) affects shareholder wealth (firm value) by focusing on the trade-off between improved corporate governance leading to a lower cost of capital and increased managerial compliance costs of regulations. Design/Methodology: We use an analytical model of solving the management utility maximization function and the cha...
متن کاملMonitoring and Updating Regulations and Policies for Government Services
One of the challenges citizens and businesses face in interacting with governments for entitled services or compliance services is to find the right set of regulations and rules that are applicable for them. Very often the regulations and policies that determine the applicability of specific services are implemented and provided by separate government agencies, thus scattered in different Web s...
متن کاملA New Approach to Behavior Analysis of Parallel Programs Based on Monitoring
Collecting traces with event-driven monitoring is an established and well-suited method for analyzing the dynamic behavior of parallel and distributed programs. Since these programs tend to have a very complex structure the selection of relevant events is diicult. By integrating functional modeling and event-driven monitoring, event selection is carried out in a systematic way by modeling the p...
متن کامل