Semantic Compliance Management in Business Process Management

Processes count to the most important assets of companies. Ensuring the compliance of processes to legal regulations, governance guidelines, and strategic business requirements is indispensable to controlling business behavior. Implementing business process compliance requires means for modeling and enforcing compliance measures. In this work, we motivate the need for automation in compliance management and introduce the role of policies. We propose a policy-based framework for business process compliance management and detail its architecture as part of the SUPER research project on semantic business process management. 1 Problem Definition & Research Motivation Business Process Management (BPM) is the discipline of capturing, modeling, implementing, and controlling all activities taking place in an environment defining the enterprise, and this, in an integrated manner. Several languages, frameworks, and tools that support one or many of the listed aspects are available. Organizations do not only own business processes, they are also subject to regulations. Not being compliant to regulations diminishes the added-value that business processes represent for a given organization, e.g. through non-optimal alignment with, among other aspects, (i) quality standards, (ii) business partner service agreements or (iii) non-identified security flaws. Non-compliance to regulations can also be the cause of judiciary pursuits as many financial scandals in recent years have shown. Consequently, non-compliance has both short-term (e.g. cost savings, reduced governance effort) and long-term (e.g. judiciary pursuits, market confidence) consequences. Compliance management is the term referring to the definition of means to avoid such harming outcomes by controlling an enterprise’s activities. By extension, compliance management also refers to standards, frameworks, and software used to ensure a company’s observance of legal texts and behavior according to pre-defined business requirements. In the context of BPM, compliance management applies on business processes and all related resources like data, people and systems. 1 Non-identified security leaks can drop the overall quality of the business processes by making them vulnerable to malicious attacks.