Linh Thao Ly

Integration and verification of semantic constraints in adaptive process management systems

Adaptivity in process management systems is key to their successful applicability in practice. Approaches have been already developed to ensure system correctness after arbitrary process changes at the syntactical level (e.g., avoiding inconsistencies such as deadlocks or missing input parameters after a process change). However, errors may be still caused at the semantical level (e.g., violation of business rules). Therefore, the integration and verification of domain knowledge will flag a milestone in the development of adaptive process management technology. In this paper, we introduce a framework for defining semantic constraints over processes in such a way that they can express real-world domain knowledge on the one hand and are still manageable concerning the effort for maintenance and semantic process verification on the other hand. This can be used to detect semantic conflicts (e.g., drug incompatibilities) when modeling process templates, applying ad hoc changes at process instance level, and propagating process template modifications to already running process instances, even if they have been already individually modified themselves; i.e., we present techniques to ensure semantic correctness for single and concurrent changes which are, in addition, minimal regarding the set of semantic constraints to be checked. Together with further optimizations of the semantic checks based on certain process meta model properties this allows for efficiently verifying processes. Altogether, the framework presented in this paper provides the basis for process management systems which are adaptive and semantic-aware at the same time.

On enabling integrated process compliance with semantic constraints in process management systems

Key to broad use of process management systems (PrMS) in practice is their ability to foster and ease the implementation, execution, monitoring, and adaptation of business processes while still being able to ensure robust and error-free process enactment. To meet these demands a variety of mechanisms has been developed to prevent errors at the structural level (e.g., deadlocks). In many application domains, however, processes often have to comply with business level rules and policies (i.e., semantic constraints) as well. Hence, to ensure error-free executions at the semantic level, PrMS need certain control mechanisms for validating and ensuring the compliance with semantic constraints. In this paper, we discuss fundamental requirements for a comprehensive support of semantic constraints in PrMS. Moreover, we provide a survey on existing approaches and discuss to what extent they are able to meet the requirements and which challenges still have to be tackled. In order to tackle the particular challenge of providing integrated compliance support over the process lifecycle, we introduce the SeaFlows framework. The framework introduces a behavioural level view on processes which serves a conceptual process representation for constraint specification approaches. Further, it provides general compliance criteria for static compliance validation but also for dealing with process changes. Altogether, the SeaFlows framework can serve as formal basis for realizing integrated support of semantic constraints in PrMS.

On enabling data-aware compliance checking of business process models

In the light of an increasing demand on business process compliance, the verification of process models against compliance rules has become essential in enterprise computing. To be broadly applicable compliance checking has to support data-aware compliance rules as well as to consider data conditions within a process model. Independently of the actual technique applied to accomplish compliance checking, data-awareness means that in addition to the control flow dimension, the data dimension has to be explored during compliance checking. However, naive exploration of the data dimension can lead to state explosion. We address this issue by introducing an abstraction approach in this paper. We show how state explosion can be avoided by conducting compliance checking for an abstract process model and abstract compliance rules. Our abstraction approach can serve as preprocessing step to the actual compliance checking and provides the basis for more efficient application of existing compliance checking algorithms.

Monitoring business process compliance using compliance rule graphs

Driven by recent trends, effective compliance control has become a crucial success factor for companies nowadays. In this context, compliance monitoring is considered an important building block to support business process compliance. Key to the practical application of a monitoring framework will be its ability to reveal and pinpoint violations of imposed compliance rules that occur during process execution. In this context, we propose a compliance monitoring framework that tackles three major challenges. As a compliance rule can become activated multiple times within a process execution, monitoring only its overall enforcement can be insufficient to assess and deal with compliance violations. Therefore, our approach enables to monitor each activation of a compliance rule individually. In case of violations, we are able to derive the particular root cause, which is helpful to apply specific remedy strategies. Even if a rule activation is not yet violated, the framework can provide assistance in proactively enforcing compliance by deriving measures to render the rule activation satisfied.

Mining staff assignment rules from event-based data

Process mining offers methods and techniques for capturing process behaviour from log data of past process executions. Although many promising approaches on mining the control flow have been published, no attempt has been made to mine the staff assignment situation of business processes. In this paper, we introduce the problem of mining staff assignment rules using history data and organisational information (e.g., an organisational model) as input. We show that this task can be considered an inductive learning problem and adapt a decision tree learning approach to derive staff assignment rules. In contrast to rules acquired by traditional techniques (e.g., questionnaires) the thus derived rules are objective and show the staff assignment situation at hand. Therefore, they can help to better understand the process. Moreover, the rules can be used as input for further analysis, e.g., workload balance analysis or delta analysis. This paper presents the current state of our work and points out some challenges for future research.

Design and verification of instantiable compliance rule graphs in process-aware information systems

For enterprises it has become crucial to check compliance of their business processes with certain rules such as medical guidelines or financial regulations. When automating compliance checks on process models, existing approaches have mainly addressed process-specific compliance rules so far, i.e., rules that correspond to a particular process model. However, in practice, we will rather find process-independent compliance rules that are nevertheless to be checked over process models. Thus, in this paper, we present an approach that enables the instantiation and verification of process-independent compliance rules over process models using domain models. For this, we provide an intuitive visualization of compliance rules and compliance rule instances at user level and show how rules and instances can be formalized and verified at system level. The overall approach is validated by a pattern-based comparison to existing approaches and by means of a prototypical implementation.

SeaFlows Toolset – Compliance Verification Made Easy for Process-Aware Information Systems

In the light of an increasing demand on business process compliance, the verification of process models against compliance rules has become essential in enterprise computing. The SeaFlows Toolset featured in this paper extends process-aware information systems with compliance checking functionality. It provides a user-friendly environment for modeling compliance rules using a graph-based formalism and for enriching process models with these rules. To address a multitude of verification settings, we provide two complementary compliance checking approaches: The structural compliance checking approach derives structural criteria from compliance rules and applies them to detect incompliance. The data-aware behavioral compliance checking approach addresses the state explosion problem that can occur when the data dimension is explored during compliance checking. It performs context-sensitive automatic abstraction to derive an abstract process model which is more compact with regard to the data dimension enabling more efficient compliance checking. Altogether, SeaFlows Toolset constitutes a comprehensive and extensible framework for compliance checking of process models.

Compliance monitoring in business processes

In recent years, monitoring the compliance of business processes with relevant regulations, constraints, and rules during runtime has evolved as major concern in literature and practice. Monitoring not only refers to continuously observing possible compliance violations, but also includes the ability to provide fine-grained feedback and to predict possible compliance violations in the future. The body of literature on business process compliance is large and approaches specifically addressing process monitoring are hard to identify. Moreover, proper means for the systematic comparison of these approaches are missing. Hence, it is unclear which approaches are suitable for particular scenarios. The goal of this paper is to define a framework for Compliance Monitoring Functionalities (CMF) that enables the systematic comparison of existing and new approaches for monitoring compliance rules over business processes during runtime. To define the scope of the framework, at first, related areas are identified and discussed. The CMFs are harvested based on a systematic literature review and five selected case studies. The appropriateness of the selection of CMFs is demonstrated in two ways: (a) a systematic comparison with pattern-based compliance approaches and (b) a classification of existing compliance monitoring approaches using the CMFs. Moreover, the application of the CMFs is showcased using three existing tools that are applied to two realistic data sets. Overall, the CMF framework provides powerful means to position existing and future compliance monitoring approaches.

Semantic correctness in adaptive process management systems

Adaptivity in Process Management Systems (PMS) is key to their successful applicability in pratice. Approaches have already been developed to ensure the system correctness after arbitrary process changes at the syntactical level. However, still errors may be caused at the semantical level. Therefore, the integration of application knowledge will flag a milestone in the development of process management technology. In this paper, we introduce a framework for defining semantic constraints over processes in such a way that they can express real-world application knowledge. On the other hand, these constraints are still manageable concerning the effort for maintenance and semantic process verification. This can be used, for example, to detect semantic conflicts when applying process changes (e.g., drug incompatibilities). In order to enable the PMS to deal with such semantic conflicts we also introduce a notion of semantic correctness and discuss how to (efficiently) verify semantic correctness in the context of process changes.

A Framework for the Systematic Comparison and Evaluation of Compliance Monitoring Approaches

To support the whole business process compliance lifecycle, one also needs to monitor the actual processes and not just check their design. Recently, many approaches have been proposed that utilize a broad range of constraint languages and techniques to realize compliance monitoring solutions. Due to this diversity, the comparison of existing approaches is difficult and consequently hampers the evaluation of which approaches are suitable for which application scenarios. This paper provides a framework to compare and evaluate existing compliance monitoring approaches. The framework is based on ten typical Compliance Monitoring Functionalities (CMFs). These have been derived using a systematic literature review and five case studies from different domains. Existing approaches are evaluated based on the CMF framework, resulting in a list of open questions and a discussion of new challenges in this field.