Business processes nowadays are subject to a multitude of compliance regulatories. For today's organizations, the striving for business process compliance has become a major issue. Clearly, legal requirements are a major driver of compliance efforts taken by organizations. However, compliance efforts may also be internally motivated. For example, organizations may install guidelines as a means of quality assurance for their processes
As process management systems (PRMSs) integrate both the process flow perspective as well as process data, PRMSs constitute a suitable environment to hook and integrate compliance controls and measures. Considering the implementation of business processes within PRMSs, regulatories impose constraints on the process space. Conceivably, hard-coded solutions to the enforcement of such compliance constraints lack sustainability. A more generic solution without the necessity of hard-coded implementations is therefore desirable.
Our objective in the SeaFlows project is to devise a general framework for supporting business process compliance along the complete process lifecycle. The SeaFlows framework incorporates:
- A powerful yet simple graphical modeling language to capture process-related compliance rules
- Execution mechanisms for checking process models and running process instances against the modeled rule graphs
- Compliance notions to assess and aggregate the results
- A general trace model as formal foundation for the formal and operational semantics of the rule graphs to enable broad application
The SeaFlows graphical compliance rule modeling language provides primitives using which complex compliance rules can be captured. In analogy to business process modeling, compliance rules are modeled as directed graphs.
Mechanisms to operationalize modeled compliance rule graphs enable the verification of process models and running process instances against imposed rules. SeaFlows is able to identify all process cases, in which a compliance rule becomes activated and to verify and monitor these cases individually. Thus, fine-grained compliance reports can be provided to the users.
Based on the state markings of compliance rule graphs, meaningful information on the reached compliance state can be derived (e.g., root cause analysis).
Based on these fundamental concepts, the SeaFlows framework is able to provide compliance support along the process lifecycle. At process design and process runtime, compliance checks provide reports at a detailed granularity level enabling process designers and process supervisors to pinpoint and treat violations. SeaFlows is also applicable in scenarios where no explicit process model can be provided and compliance must be monitored during process execution.
SeaFlows not only addresses the detection of non-compliance, but can also provide support to facilitate compliance. In particular, SeaFlows can provide process supervisors with information on requisite and prohibited actions imposed by active compliance rules. Thus, a process supervisor may enforce compliance by for example scheduling outstanding actions.
Detected violations can be handled in a flexible manner. User authorization provided, violated compliance rules can be overridden without bypassing the system. Thus, meaningful process log data enriched with compliance violations and compensation activities can be provided as input to process analysis and evaluation.
The relevance of the work done in SeaFlows is emphasized by numerous journal, conference, and workshop publications. A SeaFlows journal paper is among the list of the most cited articles of the Data & Knowledge Engineering journal of the recent years.
The concepts of SeaFlows are implemented in a tool package, the SeaFlows Toolset. The ability of the framework to integrate with existing tools is shown through the integration of SeaFlows with AristaFlow BPM Suite.