Unified Compliance Modeling and Management using Compliance Descriptors

Falko Koetter, Maximilien Kintz, Monika Kochanowski, Christoph Fehling, Philipp Gildein, Frank Leymann, Anette Weisbecker


Due to innovations in the field of cloud computing business processes become distributed, encompassing a combination of services spanning multiple IT systems. Due to a growing number of regulations, managing business process compliance in this cloud environment is a necessary task for companies, leading to a growth in compliance management and compliance checking approaches. Compliance stems from laws and is implemented in all parts of enterprise IT. Thus, both a connection between business and IT as well as a broad coverage of compliance scenarios is necessary. To solve both challenges, we use an integrating compliance descriptor for conceptual compliance modeling. This descriptor is used to configure a compliance management architecture, integrating different types of compliance checking. For creating compliance descriptors, it proved necessary to introduce a formalism and a graphical notation, which is introduced and evaluated in a prototype and expert interviews.


  1. Awad, A., Decker, G., and Weske, M. (2008). Efficient compliance checking using bpmn-q and temporal logic. In BPM 7808, pages 326-341. Springer.
  2. Awad, A. and Weske, M. (2010). Visualization of compliance violation in business process models. In Business process management workshops, pages 182-193. Springer.
  3. Bobrik, R., Reichert, M., and Bauer, T. (2007). View-based process visualization. In Business Process Management, pages 88-95. Springer.
  4. Bundesdatenschutzgesetz (BDSG) (1990). Gesetze im Internet - Bundesdatenschutzgesetz (BDSG). http:// www.gesetze-im-internet.de/bundesrecht/bdsg 1990/ gesamt.pdf last accessed 19.01.2016.
  5. Comuzzi, M. (2014). Aligning monitoring and compliance requirements in evolving business networks. In On the Move to Meaningful Internet Systems: OTM 2014 Conferences, pages 166-183. Springer.
  6. El Kharbili, M., Stein, S., Markovic, I., and Pulvermüller, E. (2008a). Towards a framework for semantic business process compliance management. In Processings of the 1st GRCIS, pages 1-15.
  7. El Kharbili, M., Stein, S., and Pulvermüller, E. (2008b). Policy-based semantic compliance checking for business process management. In MobIS Workshops, volume 420, pages 178-192. Citeseer.
  8. Fehling, C., Koetter, F., and Leymann, F. (2014). Compliance Modeling - Formal Descriptors and Tools.
  9. German Insurance Association (GDV) (2012). Verhaltensregeln fuer den Umgang mit personenbezogenen Daten durch die deutsche Versicherungswirtschaft. http://www.gdv.de/wp-content/uploads/2013/ 03/GDV Code-of-Conduct Datenschutz 2012.pdf last accessed 19.01.2016.
  10. Karagiannis, D., Moser, C., and Mostashari, A. (2012). Compliance evaluation featuring heat maps (ce-hm): A meta-modeling-based approach. In Ralyt, J., Franch, X., Brinkkemper, S., and Wrycza, S., editors, Advanced Information Systems Engineering, volume 7328 of Lecture Notes in Computer Science, pages 414-428. Springer Berlin Heidelberg.
  11. Kharbili, M. E., de Medeiros, A. K. A., Stein, S., and van der Aalst, W. M. P. (2008). Business process compliance checking: Current state and future challenges. In MobIS, volume 141 of LNI, pages 107-113. GI.
  12. Kintz, M. (2012). A semantic dashboard description language for a process-oriented dashboard design methodology. In Proceedings of 2nd MODIQUITOUS 2012, Copenhagen, Denmark.
  13. Kleene, S. C. (1952). Introduction to metamathematics.
  14. Knuplesch, D., Reichert, M., Pryss, R., Fdhila, W., and Rinderle-Ma, S. (2013). Ensuring compliance of distributed and collaborative workflows. In 9th Collaboratecom, pages 133-142. IEEE.
  15. Kochanowski, M., Fehling, C., Koetter, F., Leymann, F., and Weisbecker, A. (2014). Compliance in bpm today - an insight into experts' views and industry challenges. In Proceedings of INFORMATIK 2014. GI.
  16. Koetter, F. and Kochanowski, M. (2013). A model-driven approach for event-based business process monitoring. In Business Process Management Workshops SE - 41, volume 132, pages 378-389. Springer Berlin Heidelberg.
  17. Koetter, F., Kochanowski, M., Renner, T., Fehling, C., and Leymann, F. (2013). Unifying compliance management in adaptive environments through variability descriptors (short paper). In IEEE SOCA 2013, pages 214-219. IEEE.
  18. Koetter, F., Kochanowski, M., Weisbecker, A., Fehling, C., and Leymann, F. (2014). Integrating compliance requirements across business and it. In 18th EDOC, pages 218-225. IEEE.
  19. Ly, L. T., Knuplesch, D., Rinderle-Ma, S., Göser, K., Pfeifer, H., Reichert, M., and Dadam, P. (2011). Seaflows toolset-compliance verification made easy for process-aware information systems. In Information Systems Evolution, pages 76-91. Springer.
  20. Mietzner, R., Metzger, A., Leymann, F., and Pohl, K. (2009). Variability modeling to support customization and deployment of multi-tenant-aware software as a service applications. In Proceedings of PESOS 7809, pages 18-25, Washington, DC, USA. IEEE Computer Society.
  21. Papazoglou, M. (2011). Making business processes compliant to standards and regulations. In Enterprise Distributed Object Computing Conference (EDOC), 2011 15th IEEE International, pages 3-13.
  22. Patig, S., Casanova-Brito, V., and Vögeli, B. (2010). IT Requirements of Business Process Management in Practice - An Empirical Study. In Proceedings of the 8th BPM, pages 13-28, Heidelberg. Springer.
  23. Ramezani, E., Fahland, D., and van der Aalst, W. M. (2014). Supporting domain experts to select and configure precise compliance rules. In Business Process Management Workshops, pages 498-512. Springer.
  24. Ramezani, E., Fahland, D., van der Werf, J. M., and Mattheis, P. (2012). Separating compliance management and business process management. In Business Process Management Workshops, pages 459- 464. Springer.
  25. Reichert, M. and Weber, B. (2012). Enabling flexibility in process-aware information systems: challenges, methods, technologies. Springer Science & Business Media.
  26. Sadiq, S., Governatori, G., and Namiri, K. (2007). Modeling control objectives for business process compliance. In Business process management, pages 149- 164. Springer.
  27. Schleicher, D., Fehling, C., Grohe, S., Leymann, F., Nowak, A., Schneider, P., and Schumm, D. (2011). Compliance domains: A means to model data-restrictions in cloud environments. In 15th EDOC, pages 257-266. IEEE.
  28. Semmelrodt, F., Knuplesch, D., and Reichert, M. (2014). Modeling the resource perspective of business process compliance rules with the extended compliance rule graph. In Proceedings of the 15th BPMDS, pages 48- 63. Springer.
  29. Takabi, H., Joshi, J. B., and Ahn, G.-J. (2010). Security and privacy challenges in cloud computing environments. IEEE Security and Privacy, 8(6):24-31.
  30. Waizenegger, T., Wieland, M., Binz, T., Breitenb ücher, U., Haupt, F., Kopp, O., Leymann, F., Mitschang, B., Nowak, A., and Wagner, S. (2013). Policy4tosca: A policy-aware cloud service provisioning approach to enable secure cloud computing. In OTM 2013, pages 360-376. Springer.
  31. Wei, Y. and Blake, M. B. (2010). Service-oriented computing and cloud computing: Challenges and opportunities. IEEE Internet Computing, 14(6):72-75.
  32. Weigand, H. and Elsas, P. (2012). Model-based auditing using {REA}. International Journal of Accounting Information Systems, 13(3):287 - 310. 2011 Research Symposium on Information Integrity & Information Systems Assurance.

Paper Citation

in Harvard Style

Koetter F., Kintz M., Kochanowski M., Fehling C., Gildein P., Leymann F. and Weisbecker A. (2016). Unified Compliance Modeling and Management using Compliance Descriptors . In Proceedings of the 6th International Conference on Cloud Computing and Services Science - Volume 2: CLOSER, ISBN 978-989-758-182-3, pages 159-170. DOI: 10.5220/0005754501590170

in Bibtex Style

author={Falko Koetter and Maximilien Kintz and Monika Kochanowski and Christoph Fehling and Philipp Gildein and Frank Leymann and Anette Weisbecker},
title={Unified Compliance Modeling and Management using Compliance Descriptors},
booktitle={Proceedings of the 6th International Conference on Cloud Computing and Services Science - Volume 2: CLOSER,},

in EndNote Style

JO - Proceedings of the 6th International Conference on Cloud Computing and Services Science - Volume 2: CLOSER,
TI - Unified Compliance Modeling and Management using Compliance Descriptors
SN - 978-989-758-182-3
AU - Koetter F.
AU - Kintz M.
AU - Kochanowski M.
AU - Fehling C.
AU - Gildein P.
AU - Leymann F.
AU - Weisbecker A.
PY - 2016
SP - 159
EP - 170
DO - 10.5220/0005754501590170