A Mashup-Based Framework for Business Process Compliance Checking

Business process compliance ensures that the business processes of an organisation are designed and executed according to the rules that enforce the compliance controls that govern the company. We faced the challenge of building a Business Process Compliance Management System (BPCMS) for a process-aware organisation that had to provide support for several needs that, despite having been identified in the literature, were only partially satisfied by existing approaches. The variability in the types of rules and their interpretation generally restricts the existing support for compliance checking to specific types of rules (e.g., rules affecting the control flow of the process), a specific phase of the business process management (BPM) lifecycle (e.g., design time or run time), or certain information systems (ISs) for data retrieval (e.g., process event logs). Motivated by this, we designed a conceptual framework for design-time and run-time compliance checking that relies on the use of mashups for rule specification and checking. It presents the following advantages: (i) an open-ended set of types rules can be specified by designing and connecting mashup components; (ii) (parts of) the definitions of the rules can be reused as needed; and (iii) the mashup-based compliance checking (MCC) system can be integrated with ISs of the organisation, enabling the verification of actual facts on actions performed during the execution of a process (e.g., the existence of a specific document in a concrete location). Design-time and run-time implementations of the framework were conducted and tested in a real setting.

Automated summary

Business process compliance is essential for ensuring that an organization's processes are designed and executed according to rules. Existing approaches for compliance checking are often limited to specific types of rules, phases of the BPM lifecycle, or information systems. This research introduces a conceptual framework that uses mashups for rule specification and checking, offering advantages like open-ended rule types design and integration with organizational information systems.