Business process compliance has developed as of one of the key concerns for process-oriented applications nowadays through many application domains such as finance, security and privacy, health care, service flows, and internal controls. The general question of business process compliance is to check and ensure that business processes and workflows obey to the relevant constraints, rules, guidelines, and controls imposed on the business processes. For simplicity reasons, we will refer to constraints in the following.
Compliance Along the Process Life Cycle
Business compliance constitutes a challenge throughout the entire business process life cycle ranging from compliant-by-design business processes and design time compliance checks to runtime monitoring approaches. At design time, different business process analysis questions arise. One question is whether relevant constraints are entirely considered within the process model or whether there is a co-existence between process models and constraints.
In the first case, one can distinguish between imperative and declarative process models. For imperative process models, constraints can be either directly captured within the model design or specified by annotations. Considering constraints within the models is particularly supported by declarative process modeling notations. Compared to the imperative notion, declarative process models consist of constraints which express themselves what can be done and what cannot be done instead of imposing a strict process execution. If process models are specified in a declarative manner, compliance constraints can be added. Then compliance checking means to identify consistency between the constraints.
At process execution time, it often becomes necessary to monitor the adherence of running processes with imposed compliance constraints due to two aspects: (a) certain aspects of constraints that cannot be checked during design time,e.g., data or time, and (b)sometimes process models are not available. Process execution information might be available as events associated with process activity executions and stemming from different underlying information systems. In this case, compliance constraints have to be verified on the fly. For an overview and comparison of existing approaches for compliance monitoring.
Special challenges arise not only in verifying compliance constraints but also in reporting back on violations. In particular, a true/false answer might not be sufficient in all cases, but reasons for compliance violations or even feedback for healing violations are required.
A diagnosis can also comprise compliance-related analysis. In the security domain, for example, so-called a posteriori analysis techniques can be applied to detect security violations during process executions. One set of techniques can be applied at a posteriori time are process mining approaches such as process discovery, process conformance, or LTL checking.
Also, check this out here useful information
Business Process Analysis and Techniques For Business Intelligence