SeaFlows - Supporting Business Process Compliance Along the Process Lifecycle
Business processes nowadays are subject to a multitude of compliance regulatories. For today's organizations, the striving for business process compliance has become a major issue. Clearly, legal requirements are a major driver of compliance efforts taken by organizations. However, compliance efforts may also be internally motivated. For example, organizations may install guidelines as a means of quality assurance for their processes
As process management systems (PRMSs) integrate both the process flow perspective as well as process data, PRMSs constitute a suitable environment to hook and integrate compliance controls and measures. Considering the implementation of business processes within PRMSs, regulatories impose constraints on the process space. Conceivably, hard-coded solutions to the enforcement of such compliance constraints lack sustainability. A more generic solution without the necessity of hard-coded implementations is therefore desirable.
Our objective in the SeaFlows project is to devise a general framework for supporting business process compliance along the complete process lifecycle. The SeaFlows framework incorporates:
- A powerful yet simple graphical modeling language to capture process-related compliance rules
- Execution mechanisms for checking process models and running process instances against the modeled rule graphs
- Compliance notions to assess and aggregate the results
- A general trace model as formal foundation for the formal and operational semantics of the rule graphs to enable broad application
The SeaFlows graphical compliance rule modeling language provides primitives using which complex compliance rules can be captured. In analogy to business process modeling, compliance rules are modeled as directed graphs.
Mechanisms to operationalize modeled compliance rule graphs enable the verification of process models and running process instances against imposed rules. SeaFlows is able to identify all process cases, in which a compliance rule becomes activated and to verify and monitor these cases individually. Thus, fine-grained compliance reports can be provided to the users.
Based on the state markings of compliance rule graphs, meaningful information on the reached compliance state can be derived (e.g., root cause analysis).
Based on these fundamental concepts, the SeaFlows framework is able to provide compliance support along the process lifecycle. At process design and process runtime, compliance checks provide reports at a detailed granularity level enabling process designers and process supervisors to pinpoint and treat violations. SeaFlows is also applicable in scenarios where no explicit process model can be provided and compliance must be monitored during process execution.
SeaFlows not only addresses the detection of non-compliance, but can also provide support to facilitate compliance. In particular, SeaFlows can provide process supervisors with information on requisite and prohibited actions imposed by active compliance rules. Thus, a process supervisor may enforce compliance by for example scheduling outstanding actions.
Detected violations can be handled in a flexible manner. User authorization provided, violated compliance rules can be overridden without bypassing the system. Thus, meaningful process log data enriched with compliance violations and compensation activities can be provided as input to process analysis and evaluation.
The relevance of the work done in SeaFlows is emphasized by numerous journal, conference, and workshop publications. A SeaFlows journal paper is among the list of the most cited articles of the Data & Knowledge Engineering journal of the recent years.
The concepts of SeaFlows are implemented in a tool package, the SeaFlows Toolset. The ability of the framework to integrate with existing tools is shown through the integration of SeaFlows with AristaFlow BPM Suite.
- Ulm University, Institute of Databases and Information Systems
- University of Vienna, Research Group Workflow Systems and Technology
- Partially funded by the German Research Foundation (DFG)
2005 - 2011
Linh Thao Ly
Prof. Dr. Peter Dadam
|Ly, Linh Thao (2013) SeaFlows A Compliance Checking Framework for Supporting the Process Lifecycle. Phd thesis, University of Ulm.|
|Ly, Linh Thao and Indiono, Conrad and Mangler, Jürgen and Rinderle-Ma, Stefanie (2012) Data Transformation and Semantic Log Purging for Process Mining. In: 24th International Conference on Advanced Information Systems Engineering (CAiSE'12), Gdansk, Poland, 25-29 June 2012, LNCS 7328, Springer, pp. 238-253.|
|Kabicher, Sonja and Rinderle-Ma, Stefanie and Ly, Linh Thao (2011) Activity-Oriented Clustering Techniques in Large Process and Compliance Rule Repositories. In: Proc. BPM'11 Workshops, 1st Int. Workshop on Process Model Collections (PMC 2011), Clermont-Ferrand, France, August 2011, LNBIP, Springer.|
|Ly, Linh Thao and Rinderle-Ma, Stefanie and Knuplesch, David and Dadam, Peter (2011) Monitoring Business Process Compliance Using Compliance Rule Graphs. In: 19th International Conference on Cooperative Information Systems (CoopIS 2011) , Crete, Greece, Oct 19 - 21, 2011, LNCS 7044, Springer, pp. 82-99.|
|Knuplesch, David and Ly, Linh Thao and Rinderle-Ma, Stefanie and Pfeifer, Holger and Dadam, Peter (2010) On Enabling Data-Aware Compliance Checking of Business Process Models. In: 29th International Conference on Conceptual Modeling, Vancouver, BC, Canada, November 2010, LNCS 6412, Springer, pp. 332-346.|
|Ly, Linh Thao and Knuplesch, David and Rinderle-Ma, Stefanie and Goeser, Kevin and Pfeifer, Holger and Reichert, Manfred and Dadam, Peter (2010) SeaFlows Toolset - Compliance Verification Made Easy for Process-aware Information Systems. In: Proc. CAiSE'10 Forum - Information Systems Evolution, Hammamet, Tunisia, June 2010, LNBIP 72, Springer, pp. 76-91.|
|Ly, Linh Thao and Rinderle-Ma, Stefanie and Dadam, Peter (2010) Design and Verification of Instantiable Compliance Rule Graphs in Process-Aware Information Systems. In: The 22nd International Conference on Advanced Information Systems Engineering (CAiSE'10), Hammamet, Tunisia, 09-11 June 2010, LNCS 6051, Springer, pp. 9-23.|
|Ly, Linh Thao and Knuplesch, David and Rinderle-Ma, Stefanie and Goeser, Kevin and Reichert, Manfred and Dadam, Peter (2010) SeaFlows Toolset - Compliance Verification Made Easy. In: CAiSE'10 Demos, Hammamet, Tunisia, June 2010.|
|Ly, Linh Thao and Rinderle-Ma, Stefanie and Göser, Kevin and Dadam, Peter (2009) On Enabling Integrated Process Compliance with Semantic Constraints in Process Management Systems. Information Systems Frontiers, Springer, pp. 1-25.|
|Ly, Linh Thao and Rinderle, Stefanie and Dadam, Peter (2008) Integration and verification of semantic constraints in adaptive process management systems. Data & Knowledge Engineering, 64(1): 3-23, Elsevier.|
|Ly, Linh Thao and Göser, Kevin and Rinderle-Ma, Stefanie and Dadam, Peter (2008) Compliance of Semantic Constraints - A Requirements Analysis for Process Management Systems. In: Proc. 1st Int'l Workshop on Governance, Risk and Compliance - Applications in Information Systems (GRCIS'08), Montpellier, France.|
|Rinderle-Ma, Stefanie and Ly, Linh Thao and Dadam, Peter (2008) Business Process Compliance (Aktuelles Schlagwort). EMISA Forum, pp. 24-29.|
|Ly, Linh Thao and Rinderle, Stefanie and Dadam, Peter (2006) Semantic Correctness in Adaptive Process Management Systems. In: Proc. 4th Int'l conf. on Business Process Management (BPM'06), Vienna, Austria, LNCS 4102, Springer, pp. 193-208.|
Master & Bachelor Theses
|Merkel, Philipp (2010) Anwender- und aufgabenzentrierte Auswertung der Erfüllung semantischer Constraints in Prozess-Management-Systemen. Diploma thesis, University of Ulm.|