Compliance management is essential for ensuring that organizational business processes and supporting information systems are in accordance with a set of prescribed requirements originating from laws, regulations, and various legislative or technical documents such as Sarbanes-Oxley Act or ISO 17799. As the violation of such requirements may lead to significant punishment for an organization, compliance management should be supported at the very early stages of business process development. In this paper, we present an integrated approach to compliance management that helps process designers to adhere to compliance requirements relevant for their processes. Firstly, we introduce a conceptual model for specifying compliance requirements originating from various compliance sources. Secondly, we propose a framework for augmenting business processes with reusable fragments to ensure process compliance to certain requirements by design. Furthermore, we discuss the formalization of compliance requirements using mathematical logics and integrate the framework for process reuse with automated software verification tools.
Requirements/Specifications (acm D.2.1), Elicitation methods (acm D.2.1.0)
Software (theme 1)
Lecture Notes in Computer Science
Compliance-driven Models, Languages and Architectures for Services
Workshop on Engineering SOA and the Web
Computer Security

Shumm, D, Turetken, O, Kokash, N, Elgammal, A, Leymann, F, & van den Heuvel, J. (2010). Business Process Compliance through Reusable Units of Compliant Processes. In Proceedings of Workshop on Engineering SOA and the Web 2010 (pp. 325–337). Springer. doi:10.1007/978-3-642-16985-4_29