Skip to main content
SpringerLink
Log in

CRL and the Design-Time Compliance Management Framework

  • Chapter
  • First Online:
Process Querying Methods

  • 630 Accesses

Abstract

Following the crisis in 2008, the financial industry has faced growing numbers of laws and regulations globally. The number and complexity of these regulations are creating significant issues for governance, risk, and compliance management in almost all industrial sectors. This emergent business need calls for a structured and formal framework for managing business process compliance, which is sustainable throughout the complete business process lifecycle. A preventive focus is essential such that compliance is considered from the early stages of business process design, thus enforcing compliance by design. This chapter introduces the Compliance Request Language (CRL), which is at the heart of a formal design-time compliance verification, analysis, and management framework and addresses the “Check Compliance” use case. Following a model-driven engineering approach, CRL is a graphical domain-specific language that is formally grounded and enables the abstract pattern-based specification of compliance requirements to alleviate the complexities of formal/mathematical languages. An integrated tool-suite has been developed as an instantiation artifact, and the various validation activities have been conducted to ensure the validity, efficacy, and applicability of the proposed language and framework.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 129.00
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Compas project, deliverable 2.1, state-of-the-art in the field of compliance languages (2008)

    Google Scholar 

  2. Alur, R., Henzinger, T.A.: Real-time logics: complexity and expressiveness. Inf. Comput. 104(1), 35–77 (1993). https://doi.org/10.1006/inco.1993.1025

    Article  Google Scholar 

  3. Armoni, R., Fix, L., Flaisher, A., Gerth, R., Ginsburg, B., Kanza, T., Landver, A., Mador-Haim, S., Singerman, E., Tiemeyer, A., Vardi, M.Y., Zbar, Y.: The forspec temporal logic: a new temporal property-specification language. In: Katoen, J., Stevens, P. (eds.) Tools and Algorithms for the Construction and Analysis of Systems, 8th International Conference, TACAS 2002, Held as Part of the Joint European Conference on Theory and Practice of Software, ETAPS 2002, Grenoble, April 8–12, 2002, Proceedings. Lecture Notes in Computer Science, vol. 2280, pp. 296–211. Springer, New York (2002). https://doi.org/10.1007/3-540-46002-0_21

  4. COSO: Internal control – integrated framework. the committee of sponsoring organizations of the treadway commission (1994)

    Google Scholar 

  5. Dettmer, H.: Goldratt’s theory of constraints: A systems approach to continuous improvement (1997)

    Google Scholar 

  6. Dwyer, M.B., Avrunin, G.S., Corbett, J.C.: Property specification patterns for finite-state verification. In: Ardis, M.A., Atlee, J.M. (eds.) Proceedings of the Second Workshop on Formal Methods in Software Practice, March 4–5, 1998, Clearwater Beach, FL, pp. 7–15. ACM, New York (1998). https://doi.org/10.1145/298595.298598

    Google Scholar 

  7. Dwyer, M.B., Avrunin, G.S., Corbett, J.C.: Patterns in property specifications for finite-state verification. In: Boehm, B.W. , Garlan, D., Kramer, J. (eds.) Proceedings of the 1999 International Conference on Software Engineering, ICSE’ 99, Los Angeles, CA, May 16–22, 1999, pp. 411–420. ACM Press, New York (1999). https://doi.org/10.1145/302405.302672

    Google Scholar 

  8. Elgammal, A.: Towards a comprehensive framework for business process compliance. Ph.D. thesis, Information Management Department, Tilburg University (2012)

    Google Scholar 

  9. Elgammal, A., Butler, T.: Towards a framework for semantically-enabled compliance management in financial services. In: Toumani, F., Pernici, B., Grigori, D., Benslimane, D., Mendling, J., Hadj-Alouane, N.B., Blake, M.B., Perrin, O., Saleh, I., Bhiri, S. (eds.) Service-Oriented Computing - ICSOC 2014 Workshops - WESOA; SeMaPS, RMSOC, KASA, ISC, FOR-MOVES, CCSA and Satellite Events, Paris, France, November 3–6, 2014, Revised Selected Papers. Lecture Notes in Computer Science, vol. 8954, pp. 171–184. Springer, New York (2014). https://doi.org/10.1007/978-3-319-22885-3_15

  10. Elgammal, A., Sebahi, S., Turetken, O., Hacid, M.S., Papazoglou, M., van den Heuvel, W.: Business process compliance management : an integrated proactive approach (2014)

    Google Scholar 

  11. Elgammal, A., Turetken, O.: Lifecycle business process compliance management: a semantically-enabled framework. In: 2015 International Conference on Cloud Computing (ICCC). IEEE, New York (2015). https://doi.org/10.1109/cloudcomp.2015.7149646

  12. Elgammal, A., Türetken, O., van den Heuvel, W.: Using patterns for the analysis and resolution of compliance violations. Int. J. Cooperative Inf. Syst. 21(1), 31–54 (2012). https://doi.org/10.1142/S0218843012400023

    Article  Google Scholar 

  13. Elgammal, A., Turetken, O., Heuvel, W., Papazoglou, M.: On the formal specification of business contracts and regulatory compliance. In: BMC Health Services Research (2010)

    Google Scholar 

  14. Elgammal, A., Türetken, O., van den Heuvel, W., Papazoglou, M.P.: On the formal specification of regulatory compliance: A comparative analysis. In: Maximilien, E.M., Rossi, G., Yuan, S., Ludwig, H., Fantinato, M. (eds.) Service-Oriented Computing - ICSOC 2010 International Workshops, PAASC, WESOA, SEE, and SOC-LOG, San Francisco, CA, December 7–10, 2010, Revised Selected Papers. Lecture Notes in Computer Science, vol. 6568, pp. 27–38 (2010). https://doi.org/10.1007/978-3-642-19394-1_4

    Google Scholar 

  15. Elgammal, A., Türetken, O., van den Heuvel, W., Papazoglou, M.P.: Root-cause analysis of design-time compliance violations on the basis of property patterns. In: Maglio, P.P., Weske, M., Yang, J., Fantinato, M. (eds.) Service-Oriented Computing - 8th International Conference, ICSOC 2010, San Francisco, CA, December 7–10, 2010. Proceedings. Lecture Notes in Computer Science, vol. 6470, pp. 17–31 (2010). https://doi.org/10.1007/978-3-642-17358-5_2

    Article  Google Scholar 

  16. Elgammal, A., Türetken, O., van den Heuvel, W., Papazoglou, M.P.: Formalizing and appling compliance patterns for business process compliance. Software Syst. Model. 15(1), 119–146 (2016). https://doi.org/10.1007/s10270-014-0395-3

    Article  Google Scholar 

  17. Francescomarino, C.D., Ghidini, C., Rospocher, M., Serafini, L., Tonella, P.: Reasoning on semantically annotated processes. In: Bouguettaya, A., Krüger, I., Margaria, T. (eds.) Service-Oriented Computing - ICSOC 2008, 6th International Conference, Sydney, December 1–5, 2008. Proceedings. Lecture Notes in Computer Science, vol. 5364, pp. 132–146 (2008). https://doi.org/10.1007/978-3-540-89652-4_13

    Article  Google Scholar 

  18. Fu, X., Bultan, T., Su, J.: Analysis of interacting BPEL Web services. In: Feldman, S.I., Uretsky, M., Najork, M., Wills, C.E. (eds.) Proceedings of the 13th International Conference on World Wide Web, WWW 2004, New York, NY, May 17–20, 2004, pp. 621–630. ACM, New York (2004). https://doi.org/10.1145/988672.988756

    Google Scholar 

  19. Fu, X., Bultan, T., Su, J.: WSAT: A tool for formal analysis of Web services. In: Alur, R., Peled, D.A. (eds.) Computer Aided Verification, 16th International Conference, CAV 2004, Boston, MA, July 13–17, 2004, Proceedings. Lecture Notes in Computer Science, vol. 3114, pp. 510–514. Springer, New York (2004). https://doi.org/10.1007/978-3-540-27813-9_48

    Google Scholar 

  20. Garshol, L.M.: BNF and EBNF: What are they and how do they work? (2008). http://www.garshol.priv.no/download/text/bnf.html. Accessed on 8 Nov 2020

  21. Gaševic, D., Djuric, D., Devedžic, V.: Model driven engineering. In: Model Driven Engineering and Ontology Development, pp. 125–155. Springer, Berlin, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00282-3_4

  22. Goedertier, S., Vanthienen, J.: Designing compliant business processes with obligations and permissions. In: Eder, J., Dustdar, S. (eds.) Business Process Management Workshops, BPM 2006 International Workshops, BPD, BPI, ENEI, GPWW, DPM, semantics4ws, Vienna, September 4–7, 2006, Proceedings. Lecture Notes in Computer Science, vol. 4103, pp. 5–14. Springer, New York (2006). https://doi.org/10.1007/11837862_2

    Chapter  Google Scholar 

  23. Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Quart. 28(1), 75–105 (2004). http://misq.org/design-science-in-information-systems-research.html

    Article  Google Scholar 

  24. Holzmann, G.J.: The model checker SPIN. IEEE Trans. Software Eng. 23(5), 279–295 (1997). https://doi.org/10.1109/32.588521

    Article  Google Scholar 

  25. Karsai, G., Krahn, H., Pinkernell, C., Rumpe, B., Schindler, M., Völkel, S.: Design guidelines for domain specific languages. CoRR abs/1409.2378 (2014). http://arxiv.org/abs/1409.2378

  26. Krötzsch, M., Simancik, F., Horrocks, I.: A description logic primer. CoRR abs/1201.4089 (2012). http://arxiv.org/abs/1201.4089

  27. Ly, L.T., Rinderle-Ma, S., Göser, K., Dadam, P.: On enabling integrated process compliance with semantic constraints in process management systems - requirements, challenges, solutions. Inf. Syst. Front. 14(2), 195–219 (2012). https://doi.org/10.1007/s10796-009-9185-9

    Article  Google Scholar 

  28. Nitzsche, J., Wutke, D., van Lessen, T.: An ontology for executable business processes. In: Hepp, M., Hinkelmann, K., Karagiannis, D., Klein, R., Stojanovic, N. (eds.) Proceedings of the Workshop on Semantic Business Process and Product Lifecycle Management SBPM 2007, held in conjunction with the 3rd European Semantic Web Conference (ESWC 2007), Innsbruck, June 7, 2007, CEUR Workshop Proceedings, vol. 251. CEUR-WS.org (2007). http://ceur-ws.org/Vol-251/paper8.pdf

  29. OASIS: Business process execution language (bpel) (2007)

    Google Scholar 

  30. OMG: Business Process Model and Notation (BPMN), Version 2.0 (2011)

    Google Scholar 

  31. Papazoglou, M.P., van den Heuvel, W.: Business process development life cycle methodology. Commun. ACM 50(10), 79–85 (2007). https://doi.org/10.1145/1290958.1290966

    Article  Google Scholar 

  32. Pnueli, A.: The temporal logic of programs. In: 18th Annual Symposium on Foundations of Computer Science, Providence, Rhode Island, 31 October–1 November 1977, pp. 46–57. IEEE Computer Society (1977). https://doi.org/10.1109/SFCS.1977.32

  33. Polyvyanyy, A., Ouyang, C., Barros, A., van der Aalst, W.M.P.: Process querying: enabling business intelligence through query-based process analytics. Dec. Support Syst. 100, 41–56 (2017). https://doi.org/10.1016/j.dss.2017.04.011

    Article  Google Scholar 

  34. Reuter, P.: Chasing Dirty Money: The Fight Against Money Laundering. Recording for the Blind & Dyslexic (2005)

    Google Scholar 

  35. Sadiq, S.W., Governatori, G., Namiri, K.: Modeling control objectives for business process compliance. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) Business Process Management, 5th International Conference, BPM 2007, Brisbane, September 24–28, 2007, Proceedings. Lecture Notes in Computer Science, vol. 4714, pp. 149–164. Springer, New York (2007). https://doi.org/10.1007/978-3-540-75183-0_12

    Google Scholar 

  36. Sebahi, S., Hacid, M.: Business process monitoring with BPath. In: Meersman, R., Dillon, T.S., Herrero, P. (eds.) On the Move to Meaningful Internet Systems: OTM 2010 - Confederated International Conferences: CoopIS, IS, DOA and ODBASE, Hersonissos, Crete, Greece, October 25–29, 2010, Proceedings, Part I. Lecture Notes in Computer Science, vol. 6426, pp. 446–453. Springer, New York (2010). https://doi.org/10.1007/978-3-642-16934-2_33

    Google Scholar 

  37. Türetken, O., Elgammal, A., van den Heuvel, W., Papazoglou, M.P.: Enforcing compliance on business processes through the use of patterns. In: Tuunainen, V.K., Rossi, M., Nandhakumar, J. (eds.) 19th European Conference on Information Systems, ECIS 2011, Helsinki, June 9–11, 2011, p. 5 (2011). http://aisel.aisnet.org/ecis2011/5

  38. Türetken, O., Elgammal, A., van den Heuvel, W., Papazoglou, M.P.: Capturing compliance requirements: A pattern-based approach. IEEE Software 29(3), 28–36 (2012). https://doi.org/10.1109/MS.2012.45

    Article  Google Scholar 

  39. W. W. W. C. (W3C): OWL Web ontology language overview (2011)

    Google Scholar 

  40. Yu, J., Manh, T.P., Han, J., Jin, Y., Han, Y., Wang, J.: Pattern based property specification and verification for service composition. In: Aberer, K., Peng, Z., Rundensteiner, E.A., Zhang, Y., Li, X. (eds.) Web Information Systems - WISE 2006, 7th International Conference on Web Information Systems Engineering, Wuhan, October 23–26, 2006, Proceedings. Lecture Notes in Computer Science, vol. 4255, pp. 156–168. Springer, New York (2006). https://doi.org/10.1007/11912873_18

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Computers and Information, Cairo University, Giza, Egypt

    Amal Elgammal

  2. School of Industrial Engineering, Eindhoven University of Technology, Eindhoven, The Netherlands

    Oktay Turetken

Authors
  1. Amal Elgammal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Oktay Turetken
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Amal Elgammal .

Editor information

Editors and Affiliations

  1. School of Computing and Information Systems, The University of Melbourne, Melbourne, VIC, Australia

    Artem Polyvyanyy

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Elgammal, A., Turetken, O. (2022). CRL and the Design-Time Compliance Management Framework. In: Polyvyanyy, A. (eds) Process Querying Methods. Springer, Cham. https://doi.org/10.1007/978-3-030-92875-9_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-92875-9_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-92874-2

  • Online ISBN: 978-3-030-92875-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation