Business Process Compliance

Business Process Compliance

Public sector ICT systems that deliver services to citizens are expensive to develop due to the extensive legislative and regulatory framework within which they must operate. Such requirements are subject to frequent change, leading to repeated effort in keeping ICT systems current and certified; these efforts are greatly complicated by the scale of the systems to be certified. The Australian Federal Government alone spends around $6 billion on ICT per year. Total public sector ICT spending (local, state and federal) in 2007–08 was $18.45 billion.

These issues are not confined to the public sector: ICT systems are now essential to control, administer and enact all core business activities, and business processes are increasingly constrained by regulation.  Process compliance is now a major concern for all public and private sector businesses. Failure to comply is no longer an option

compliancespace

The Data61 Approach

Compliance is the set of activities, procedures, processes in a business to ensure that the core activities of a business are aligned with relevant laws, regulations and guidelines. The   Data61’s Business Process Compliance research develops a framework to capture the normative requirements, and combine and compare them with the specifications of the business processes. The approach combines aspects from different disciplines. The key aspects for a compliance-by-design methodology we envisage include:
  • Formal models of normative reasoning (including modelling deontic concepts, e.g., obligations, permissions, prohibitions, violations);
  • Extensions of business process models and languages with semantic annotations;
  • Efficient compliance checking algorithms.

The Features

  • Natural rule-based representation of normative requirements
  • Integration and alignment of business processes with relevant regulatory framework
  • Ability to interface with different business process and workflow languages and systems
  • Efficient algorithms for checking compliance in all life-cycle phases of business processes (design-time, run-time, auditing)

The Benefits

  • Better understanding of regulatory requirements for business processes
  • Ability to design and maintain compliant-by-design business processes
  • Reduced maintenance cost of business process on face of changes in the regulatory requirements.
  • Increased capability of auditing business processes. Processes run by process aware information systems can be audited and screened automatically.

The Tools

  • SPINdle: A flexible open source Defeasible Logic Engine. SPINdle is used to carry out the normative reasoning to determine what obligations (or other normative effects) are in force, and for what tasks, in a business process.
  • Regorous Editor: A web based rule set editor for drafting regulations and their formalisation in PCL (Process Compliance Logic).
  • Regorous Process Designer and Compliance Checker. The Process Designer and Compliance Checker allow users to model business processes in standard BPMN notation, annotate them, and check their compliance against rule sets created with the Regorous Editor. The Process Designer and Compliance Checker are available, upon registration from the Regorous Web Site under an evaluation license.

Contact Details

Guido Governatori guido.governatori(at)data61.csiro.au