Towards Outsource-ability Enabled BPMN
Mouna Rekik
, Khouloud Boukadi
and Hanene Ben-Abdallah
University of Sfax, Sfax, Tunisia
King Abdulaziz University, Jeddah, K.S.A.
Mir@cl Laboratory, Sfax, Tunisia
Business Process Outsourcing, Cloud Computing, BPMN Extension, Genetic Algorithm.
Business process outsourcing to the Cloud is increasingly being adopted as a strategy to save costs, improve
the business process performance, enhance the flexibility in responding to costumers’ needs, etc. However, the
adoption of an outsourcing strategy faces several challenges like the enterprise data security, vendor-lock-in
and labor union. Weighing the pros and cons of outsourcing one’s business process is an arduous task. This
paper provides for assistance means: it extends the BPMN language to explicitly support the specification of
outsourcing criteria, and it presents an automated approach to help decision makers identify those parts of
their business process that benefit most from outsourcing to the Cloud.
Face to the increasingly stringent business competi-
tion, small and medium size enterprises strive to ex-
cel in the marketplace by adopting different strategies
and solutions. Outsourcing their business processes
has been among the most widely adopted strategies
(Yang et al., 2007). Business Process Outsourcing
(BPO) is seen as a means to save costs, improve the
business process performance and make it more flex-
ible, etc. These advantages along with others explain
the exponentially growing number of manufacturers
which are outsourcing substantial parts of their sup-
ply chain processes to outside contractors(Adesta and
Agusman, 2004).
In the recent years, the Cloud became the most
chosen outsourcing environment. Indeed, according
to the National Institute of standards and technology
(NIST) (Mell and Grance, 2011)), Cloud computing
is a model for enabling convenient, on-demand net-
work access to a shared pool of configurable com-
puting resources that can be rapidly provisioned and
released with minimal management effort or service
provider interaction. It is a pay-as-you-go model pro-
viding customers with the possibility of using its var-
ious offerings and pay only for the used resources.
When thinking about the suitability of BPO, busi-
ness experts must address several issues to properly
choose those parts of the business process to out-
source. This explains the fact that enterprises deci-
sion makers spend almost 80% of their time to de-
cide about the suitability to outsource theur business
processes (Yang et al., 2007). Indeed, BPO affects
and depends on several aspects of an enterprise: so-
cial, economic, legal, and IT (information technol-
ogy) aspects. To make a judicious outsourcing deci-
sion, business experts must have a clear specification
of each of these aspects; we believe that such speci-
fication should be through a set of valued criteria in-
tegrated as much as possible with the business pro-
cess model. For example, it is easier to delimit the
social/economic/IT effects of an outsourcing decision
when the business expert has an explicit description
of the personnel in charge, costs and IT requirements
of each business activity. Currently available busi-
ness process modeling languages, and in particular
the standard BPMN ((OMG), 2011) ), do not provide
for most of these criteria; this is justified by the fact
that these languages’ primary concern is the business
modeling and not the outsourcing.
To overcome this expressive power shortage, this
paper proposes OutyBPMN, a lightweight BPMN ex-
tension for the specification of outsource-ability char-
acteristics of business processes. Because our re-
search work deals with the Cloud as an outsourcing
environment, OutyBPMN extends BPMN with out-
sourcing concepts pertinent to the Cloud, e.g., cost
as cloud may be a pertinent solution to save over-
head cost, security to prevent outsourcing sensitive
data, etc. In a second contribution, this paper presents
Rekik M., Boukadi K. and Ben-Abdallah H..
Towards Outsource-ability Enabled BPMN.
DOI: 10.5220/0005513500050014
In Proceedings of the 10th International Conference on Software Engineering and Applications (ICSOFT-EA-2015), pages 5-14
ISBN: 978-989-758-114-4
2015 SCITEPRESS (Science and Technology Publications, Lda.)
an automated approach that uses OutyBPMN to iden-
tify the business process parts that benefit most from
outsourcing to the Cloud. The identification is in
fact a multi-objective optimization problem that can
be resolved through evolutionary algorithms such as
genetic algorithms, neuroevolution, genetic program-
ming, etc (Deb and Kalyanmoy, 2001). The herein
presented approach applies the penalty based genetic
algorithm (Hu et al., 2005) to select the activities can-
didate to outsourcing according to the criteria speci-
fied in OutyBPMN. Initially randomly selected activ-
ities are generated as potential solutions. According
to their quality, only best ones are kept from gener-
ation to another allowing thus to keep solutions that
best meet specified criteria.
The remainder of this paper is structured as fol-
lows. Section 2 enumerates the criteria pertinent to
business process outsourcing to the Cloud. Section 3
presents how OutyBPMN extends BPMN to provide
for the explicit specification of these criteria. Section
4 presents the proposed solution design whose evalu-
ation is discussed in Section 5. Section 6 summarizes
the work status and highlights its extensions.
BPO is the process of delegating one or more ITinten-
sive business processes to third parties that may per-
form the business process more effectively and effi-
ciently. Deciding whether to outsource ones business
process is not a trivial task. To assist with the out-
sourcing decision making, (Yang et al., 2007) suppose
that a set of potential determinants have been gath-
ered from experts. Indeed, enterprises expect from the
outsourcing to save costs, focus on core competence
and gain flexibility in management. Other dimen-
sions may urge enterprises to outsource their business
processes such as speeding the time to market and
improving service quality (Li and Meissner, 2009).
Despite these advantages, some drawbacks may pre-
vent enterprises from outsourcing their business pro-
cesses. BPO inconveniences are related to security
issues, loss of management control, and vendor’s ser-
vice quality. In fact, cost saving is not always guar-
anteed owing to an inadequate business case or the
inability to predict all business requirements. More-
over, security concerns, loss of control and vendor
lock-in are among risks that may prohibit enterprises
from outsourcing their business processes. More de-
tailed risks are exposed in the research elaborated by
(Gewald and Rouse, 2012). A judicious outsourcing
decision needs to fix a set of criteria that can help de-
cision maker in weighing the pros and cons of each
outsourcing solution. In the next sections, we pro-
vide a detailed definition for the most important set of
criteria that are widely considered when outsourcing
business processes to the Cloud.
2.1 Cost Saving
Almost all researchers and practitioners, agree on the
fact that cost saving is the most determinant factor that
attracts enterprises to outsource their related business
processes. In their analysis of data collected from
trade reports, (Rouse and Corbitt, 2004) showed that
outsourcing may yield a cost saving of 20%. (Yang
et al., 2007) argue that outsourcing is guided essen-
tially by overhead costs; that is, parts of a business
process to be outsourced are selected by ascertaining
firstly how much money they may save. To calcu-
late the cost of a business process, one should have
a knowledge about expenditure of setting up, execut-
ing and monitoring each of its a tasks/activities. An
activity’s cost is calculated essentially by investigat-
ing on expenditure related to its enactment cost (EC)
and realization cost (RC). The former corresponds to
the cost necessary for achieving essential steps in the
business process management life-cycle starting from
its design to the monitoring of its behavior. The latter
corresponds however, to the data transfer rate, trans-
action, or pre-payment for a period of time (Saeedi
et al., 2010).
2.2 Focus on Core Competence
Focusing on core competencies means that enter-
prises are spending financial expenditure and business
efforts on activities expected to bring competitive ad-
vantage. As stated by Tom Peters, an expert in the out-
sourcing area, an enterprise should follow the rule of
”Do what you do best and outsource the rest” (Soiva,
2007). The activities which are typical for outsourc-
ing are those considered as noncore. More specifi-
cally, the less strategic the activity is, the more likely
it can be outsourced. In this sense, business activities
can be categorized into three types according to their
strategic importance, listed from most to least criti-
cal:Core competence, critical noncore and noncritical
noncore. Although the general attempts when out-
sourcing is to delegate noncore activities/processes to
external provider, some enterprises are trying to out-
source also some of their related core business pro-
cesses (Theo Lynn et al., 2014).
Figure 1: OutyBPMN metamodel: BPMN2.0 extensions with outsourcing concerns.
2.3 Security Concerns
When outsourcing its business processes, an enter-
prise should be aware about risks that may lead to
undesirable outcome. Security concerns are the most
prominent factor that may prohibit enterprises from
outsourcing to external provider (Yang et al., 2007).
This concern is due to the fact that service providers
have control over the outsourced activities includ-
ing those dealing with the confidential data of cos-
tumers. This risk increases when the service provider
lacks the means to encrypt data of outsourcing en-
terprises (Gewald and Rouse, 2012). Moreover, the
Internet-based connectivity between the outsourcing
enterprise and its service provider can present vulner-
abilities of unauthorized access to personal data, in-
trusion and hackers. To overcome this situation, an
outsourcing enterprise should think to keep confiden-
tial business data or activities dealing with high level
security data in premise. This way, it will be sure that
vital information and data are secured and protected
(Pathak and Joshi, 2009). It is worth noting that, in
spite of the existence of multitude solutions, security
issues still remain a serious problem when outsourc-
ing due to lack of trust in service providers.
2.4 Quality Improvement
Besides cost reduction, outsourcing relies on the hy-
pothesis that the service providers are capable of per-
forming the outsourced activities more efficiently and
effectively. The satisfaction of this hypothesis pre-
sumably leads to an increased customer satisfaction
(Gewald and Dibbern, 2009). Indeed, the majority
of outsourcing cases are elaborated after making sure
that the quality of the services provided by the ex-
ternal party is better compared to internal outcomes
(Yang et al., 2007). In addition, outsourcing enter-
prises may benefit from external expertise as the ser-
vice supplier may have skills, platforms specialists
and technical staff for enacting business processes;
the outsourcing enterprise is often unable to provide
such human resources.
Business processes are devoted to present the work-
flow of activities within enterprises. In a service ori-
ented architecture, the business process is considered
as a set of logically interrelated services. In this con-
text each service is supposed to perform an activity
(Saeedi et al., 2010). Modeling a business process
is considered as a means to improve the way of the
business process operation. In general, the promi-
nence of modeling processes is due to the possibil-
ity it offers for sharing knowledge between enter-
prise stakeholder which allows to work harmoniously
towards goals (Eriksson and Penker, 1998). Sev-
eral number of process modeling languages and no-
tations have been emerged in the aim to assist en-
terprises in the documentation and presentation of
their processes. However, BPMN (Business Pro-
cess Modeling Notation) ((OMG), 2011) is consid-
ered as the de facto standard (Rodr´ıguez et al., 2007)
approved by ISO/OSI (ISO 10303-203:1994, 1994).
BPMN is defined by OMG in order to make the un-
derstanding of business processes easier from busi-
ness analysts to technical developers. Its elements
can be classified into five categories: Data, Flow
Objects, Connection Objects, Swimlanes and Arti-
facts; we refer readers to ((OMG), 2011) for more
details. BPMN2.0 introduces an extensibility mech-
anism for extending standard BPMN elements with
additional attributes and elements to specify a spe-
cific need. The BPMN2.0 extension consists essen-
tially on four different elements which are: Exten-
sion, ExtensionDefinition, ExtensionAttributeDefini-
tion, and ExtensionAttributeValue. The Extension-
Definition class defines additional attributes, however
ExtensionAttributeDefinition presents the list of at-
tributes that can be attached to any BPMN element.
ExtensionAttributeValue contains attribute value. Fi-
nally the extension element imports the Extension-
Definition and its related attributes to a BPMN model
definition. Several works focus on the BPMN exten-
sion for different purposes. In fact, the extension al-
lows to give additional comprehension for business
process models. Moreover, adding new concepts to
business process modeling allows to switch the way to
use the BPMN from the contemplative manner to the
productive one by automating the analysis of the busi-
ness process or even its implementation (Bocciarelli
and D’Ambrogio, 2011). In this context, (Rodr´ıguez
et al., 2007) presents a new extension of BPMN to
incorporate security requirements to business process
diagrams. Additionally, the adding of the quality of
service into the business process modeling is con-
sidered in (Saeedi et al., 2010). Despite the multi-
tude researches dealing with business process exten-
sion, there is no work which deals with the extension
of BPMN for outsourcing concerns. In our elabo-
rated extension, we propose a generic concepts that
helps experts to decide the suitability of BPMN ele-
ments to be outsourced such as cost, business critical-
ity, security and specific concepts such as the location
side concept (in premise, in the cloud) and defaulting
service concept as we aim to enhance the web ser-
vice quality by enacting it in the Cloud environment.
This paper adopts BPMN2.0 to support the aforemen-
tioned outsourcing concerns. Figure 1 a) presents
the proposed class diagram corresponding to the meta
model used for illustrating the outsourcing concerns.
The outsourcing concerns class presents the Exten-
sionDefinition class containing extension attributes
classes which are: Cost, BusinessCriticality, Secu-
rityLevel and DefaultingService. These latter classes
present the ExtensionAttributeDefinitionillustrated in
details in figure 1 b). The extension proposed is in-
tended for adding new concepts to the activity ele-
ment as our aim is to identify then which activities are
the most suitable for outsourcing. The activity is the
generic term for work that enterprise performs. Table
1 presents the graphical representation of the exten-
sions over activity element and their corresponding
description. Only information about location side (in
premise/in cloud) are designed to be on the pool ele-
ment. In fact, we aim to group activities selected to
be outsourced into one BPMN element which is the
pool. The implementation of the proposal is done us-
ing Eclipse Modeler as a tool.
Our work aims to find a good solution correspond-
ing to the appropriate set of activities suitable for
outsourcing respecting the enterprise experts prefer-
ences. These latter are specified in OutyBPMN. Our
solution search adopts penalty based genetic algo-
rithm. In this section, we first present the problem
model. Secondly, we present our algorithm for the
identification of activities to be outsourced. A report
on the algorithm performance is presented in Section
4.1 Problem Formulation
The input to our search algorithm is an OutyBPMN
model identifying in particular, the following activi-
Expensive when executed in premise compared to
when executed in the cloud;
Handling and processing non sensitive data;
Presenting a defaulting behavior when executed
as a service within the enterprise.
To look for an optimal set of activities best out-
sourced, we will use the following problem formu-
1. A={ A
} is a set of activities com-
posing the business process.
2. The weights for outsourcing concerns, W
, W
and W
for Cost (C), Business Criticality (BC),
Table 1: Extensions graphics for BPMN elements.
Graphical extension Description
This icon means that experts should precise the business criticality,
namely the activity is core {high level of business criticality}, critical
noncore {medium level of business criticality} or noncritical noncore
{low level of business criticality}. To simplify for users, one can precise
the level of criticality by choosing one of proposed graphics presented
in the last row of this table.
IT and business experts should collaborate to identify whether the ac-
tivity handle confidential data or not. The security graphic is used when
experts observe that the activity proceed sensitive data .
In the context of this paper, IT experts should precise the cost of the
hardware supporting the activity. More specifically, experts should
be able to present in detail required expenditure of hardware mainte-
nance, monthly bills, and all corresponding costs for realizing an activ-
ity. These information will help next to compare between financial cost
of executing the activity in premise and in the cloud. Techniques used
for calculating two prices is out of this paper scope. However, based
on the difference between two prices, experts can categorize the cost of
doing the activity internal {high,medium,low}.
As previously said, among potential determinants urging enterprises
to outsource their business processes, is the need to improve service
quality. As we focus on business processes running within Small and
Medium Enterprises (SME) that lack sufficient IT expertise, cost and
required determinants for well realizing their business processes, we
decide to choose defaulting services most suitable for outsourcing. De-
faulting services are those have leading to the degradation of the busi-
ness process performance, more specifically, those preventing business
processes from attaining their goals. Discovering defaulting services
is done in our previous work. We use ”defaulting service” term and
”activities presenting a default behavior when executed as service” in-
terchangeably to refer the same thing.
Whenever the algorithm of selecting appropriate activities to be out-
sourced is done, experts should analyze results and precise on each ac-
tivity its location side {in premise, in the cloud}.
These graphics help experts to specify level of importance of the ex-
tended elements (business criticality, security, and cost). They refer
respectively to, high , medium and low level.
Defaulting Service (DS), and the number of activ-
ities composing the solution (L) respectively.
= 1 (1)
3. S={S
} is a set of security con-
straints imposed on data handled by correspond-
ing activities.
Our aim is to give a set A of activities that are most
suitable for outsourcing where A A. We should no-
tice all the process may merit to be outsourced which
make A’=P where P is the entire business process al-
though it is not a preferable case. A is selected ac-
cording to the fitness function (4).
We convert the optimization problem from a
multi-objective to single objective one by assigning
weights to each objective function composing the
function (2).
Max F’=
) +W
) +W
) +W
) =
) =
) =
) =
1+ (
) if 1 < N < N
1 (
) if N
< N < L(P)
is an activity that belongs to A’.
N is the number of activities composing the solu-
tion A.
N’ is the preferred length of the solution A’. This
metric is added to F
to prevent foster solutions
having greater number of activities. The value of
this metric is automatically calculated by count-
ing the number of activities having a defaulting
behavior when executed as services and not deal-
ing with sensitive data.
L(P) is the number of activities composing the
4.2 Implementation of Genetic
Algorithm to Select Suitable
Activities for Outsourcing
Genetic algorithms (GAs) (Gewald and Rouse, 2012)
are evolutionary algorithms. Their main idea is to
simulate the evolution of population composed of di-
versified individuals. These individuals are subject
to operations such as recombination and mutation al-
lowing thus, by selecting best individuals, to enhance
the population quality. Choosing to work with GA is
due to the fact that it allows to find solutions which
best meet different criteria. The genetic algorithm
presents solutions as individuals in a population that
varies each time its quality is enhanced. The individ-
uals composing a population vary when undergoing
a set of operations such as crossover and mutation.
Their quality is evaluated using a fitness function.
4.2.1 Individuals Encoding
To find out suitable solutions for the optimization
problem, appropriate encoding of individuals is nec-
essary. First of all, we should note that individuals
composing a population have variable lengths. Each
Figure 2: Individuals encoding.
gene, composing an individual, corresponds to an in-
teger referring an activity that belongs to the business
process. Figure 2 presents examples of individuals
4.2.2 Infeasible Solutions
In our research case, some solutions are infeasible as
they violate security constraint. An individual may be
composed of one or more activities handling sensitive
data, we consider each activity dealing with sensitive
data as a constraint violation.
4.2.3 Crossover and Mutation
We apply in our proposal the crossover and the mu-
tation operations. We adopt the classical one-point
crossover to generate each time two offsprings. Con-
cerning the mutation operator, we have use it in three
different ways:it can select randomly a position in the
individual and replace it by another activity, add an
activity, or delete existing one. An additional control
should be done in this level to prevent repeating the
same activity within an individual.
4.2.4 Fitness Function
An individual composed of activities requiring secur-
ing their data is considered as infeasible. To guaranty
that GA reaches an optimal or near-optimal solution,
these infeasible individuals should be kept as their
presence is essential in the building of solutions.
Thus, the idea is to give a penalty to fitness values
relative to infeasible solutions. This leads to lower
fitness values compared to those corresponding to
feasible solutions. Moreover, infeasible solutions
having more activities requiring security are more
harshly penalized. This process helps to reenforce the
presence of feasible solutions and the disappearance
of the infeasible ones from generation to another.
The equation (4) presents the definition of the fitness
Figure 3: The business process used for the evaluation of the proposed GA.
0,5+ 0,5 if v(X) = 0
0,5 (0,1 v(X)/v
) otherwise
F’ is the objective function presented in section 4,
v(X) presents the total number of activities compos-
ing an individual requiring security, and v
for the total number of activities requiring security
in the entire business process. The presented fitness
guaranties that infeasible solutions have always less
fitness values compared to feasible ones.
We applied the penalty based genetic algorithm using
Java as a development language. Simulations were
conducted on a laptop computer with 2.5 GHz Intel
Core i7 CPU and 4GB RAM.
The business process illustrated in figure 3
presents an example of a case study that we analyzed.
As shown, the business process is composed of
13 activities. The suitable activities appropriate for
outsourcing is unknown rendering the research space
huge despite that experts define the preferred number
of activities to be outsourced. Preferred number of ac-
tivities to be outsourced in this example is 4 (the num-
ber of activities presenting defaulting behavior when
executed as services and not requiring security con-
straints). As shown, three activities require high level
of security which are: 2, 4, and 7. Individuals encom-
passing one or more of these three activities are penal-
ized but they still present solutions of our problem.
The evaluation of our penalty based GA is twofold:
we evaluated firstly the performance of our genetic
algorithm and then we verified the pertinence of the
results. A comparison between our algorithm and a
greedy algorithm was also elaborated in terms of per-
formance and the pertinence of results.
5.1 Experiment A
Table 2 presents parameters values we used to exper-
iment our algorithm. We evaluate the validity of our
penalty based genetic algorithm by comparing its time
cost in different computing scale.
Figure 4: The execution time consumed when increasing
the number of constraints.
We begin by observing the execution time con-
sumed by our algorithm when increasing the number
of constraints. Figure 4 shows that the number of con-
straints influences the execution time of the algorithm
which can be explained by the additional number of
treatment to be done.
Figure 5: The execution time consumed when increasing
the number of activities.
The number of activities composing a business
process increases the time of execution as shown in
figure 5.
Table 2: Parameters used for our penalty based genetic al-
Parameters Description
Population size 50
Selection technique Tournament selection
Termination condition Number of genera-
Crossover probability 0.5
Mutation probability 0.015
We compared our genetic algorithm with another
optimization algorithm namely the greedy algorithm
(Kodaganallur and Sen, 2010). Greedy algorithms are
known by their ability to find quickly solutions. Gen-
erally, generated solutions are approximate, and opti-
mal ones are founded in few cases. The comparison
was done by testing the execution time of both algo-
rithms when applied to different number of business
processes. As shown in figure 6, the GA consumed a
bit more time to generate results compared to greedy
Figure 6: Comparison between the execution time con-
sumed corresponding to both algorithms.
5.2 Experiment B
To evaluate the pertinence of our algorithm, we inter-
viewed 5 business experts having knowledge on busi-
ness processes. We first asked experts to rank the out-
sourcing concerns according to their preferences, the
results of this interview are shown in table 3.
According to the experts preferences, we at-
tributes to the weights explained in section 4.1, the
following values: W1=0.4 for (BC), W2=0.25 for
(DS), W3=0.25 for (C) and W4=0.1 for (L).
The extended BPMN illustrated in figure 3 is pre-
sented to the same experts to depict, according to
them, the most appropriate activities to be outsourced.
Table 3: Ranks of outsourcing concerns according to ex-
Rank Outsourcing
% experts how se-
lect the correspond-
ing OC
1 BC 100%
2 DS & C 60%
3 L 100%
Among the thirteen activities, four experts chose the
activities 12 and 6 and one expert select in addition
to these activities, the activity 11. When we ap-
plied the GA, the individual having the best quality
according to its fitness is composed of two activi-
ties: {6,12} where fitness=0.8437. The greedy algo-
rithm generated an individualcomposed of 3 activities
{12,9,1}. Table 4 presents the precision and recall of
our penalty-based genetic algorithm and the same val-
ues corresponding to greedy algorithm.
Table 4: Evaluation of our GA.
of GA
recall of
of greedy
recall of
100% 66% 33% 33%
As shown in above table, the GA has a high value
of recall and precision which make it a relevant and
pertinent way to assist experts in the decision of busi-
ness process outsourcing. Moreover, despite that the
greedy algorithm take less time to generate results,
our GA generate better results if we refer to the com-
parison of the recall and precision of the two algo-
rithms. According to experiments, we can affirm that
the proposed genetic algorithm is a pertinent way to
decide about the business process activities to be out-
sourced. However, in term of performance and more
specifically the response time, the genetic algorithm
may not be the most suitable one.
In the context of our research, when applying the
GA on the business process, the BPMN should be re-
designed so that, activities selected to be outsourced
are putted within a pool element designed to be en-
tirely in the cloud as presented in figure 7.
This paper presents a method to assist experts in the
fastidious task of BPO to the cloud decision. The
method offers a modeling language, OutyBPMN, an
extension of the BPMN to take into consideration
the outsourcing criteria. In addition it uses a penalty
based genetic algorithm to identify most appropriate
Figure 7: BPMN with deployment location data.
activities of a business process to be outsourced. In
the herein presented work, activity appropriateness
is determined based on its business criticality, cost,
its quality when executed and constrained by secu-
rity level of handled data. Based on our preliminary
experimental results, the proposed penalty based ge-
netic algorithm generates satisfactory results. Indeed,
the evaluation of the method presents its accuracy
and the similarity with experts preferences. We are
elaborating a deployment model for the execution of
the business process when part of it is located in the
cloud. Moreover, we are working on defining a deci-
sion model to weight the importance of outsourcing
the selected pool against keeping it in premise. Ad-
ditional experimental evaluations are needed to adjust
the fitness function and its related parameters to thor-
oughly examine the performance of the proposed al-
Adesta, E. and Agusman, D. (2004). The evolution of
supply-chain management into extended enterprise.
In Engineering Management Conference, 2004. Pro-
ceedings. 2004 IEEE International, volume 3, pages
1298–1302 Vol.3.
Bocciarelli, P. and D’Ambrogio, A. (2011). A bpmn exten-
sion for modeling non functional properties of busi-
ness processes. In Proceedings of the 2011 Sympo-
sium on Theory of Modeling & Simulation: DEVS
Integrative M&S Symposium, TMS-DEVS ’11, pages
160–168, San Diego, CA, USA. Society for Computer
Simulation International.
Deb, K. and Kalyanmoy, D. (2001). Multi-Objective Opti-
mization Using Evolutionary Algorithms. John Wiley
& Sons, Inc., New York, NY, USA.
Eriksson, H.-E. and Penker, M. (1998). Business Modeling
With UML: Business Patterns at Work. John Wiley &
Sons, Inc., New York, NY, USA, 1st edition.
Gewald, H. and Dibbern, J. (2009). Risks and benefits of
business process outsourcing: A study of transaction
services in the german banking industry. Inf. Manage.,
Gewald, H. and Rouse, A. (2012). Comparing business pro-
cess and it outsourcing risks–an exploratory study in
germany and australasia. In System Science (HICSS),
2012 45th Hawaii International Conference on, pages
Hu, Y.-B., Wang, Y.-P., and Guo, F.-Y. (2005). A new
penalty based genetic algorithm for constrained opti-
mization problems. In Machine Learning and Cyber-
netics, 2005. Proceedings of 2005 International Con-
ference on, volume 5, pages 3025–3029 Vol. 5.
ISO 10303-203:1994 (1994). Information technology – ob-
ject management group business process model and
Kodaganallur, V. and Sen, A. (2010). Greedy by chance -
stochastic greedy algorithms. In Autonomic and Au-
tonomous Systems (ICAS), 2010 Sixth International
Conference on, pages 182–187.
Li, H. and Meissner, J. (2009). Improving quality in busi-
ness process outsourcing through technology. Work-
ing Papers MRG/0009, Department of Management
Science, Lancaster University.
Mell, P. M. and Grance, T. (2011). Sp 800-145. the nist defi-
nition of cloud computing. Technical report, Gaithers-
burg, MD, United States.
(OMG), O. M. G. (2011). Business process model and no-
tation (bpmn) version 2.0. Technical report.
Pathak, R. and Joshi, S. (2009). Secured communication for
business process outsourcing using optimized arith-
metic cryptography protocol based on virtual parties.
In Ranka, S., Aluru, S., Buyya, R., Chung, Y.-C., Dua,
S., Grama, A., Gupta, S. K. S., Kumar, R., and Phoha,
V. V., editors, IC3, volume 40 of Communications in
Computer and Information Science, pages 205–215.
Rodr´ıguez, A., Fern´andez-Medina, E., and Piattini, M.
(2007). A bpmn extension for the modeling of se-
curity requirements in business processes. IEICE -
Trans. Inf. Syst., E90-D(4):745–752.
Rouse, A. C. and Corbitt, B. J. (2004). It-supported business
process outsourcing (bpo): The good, the bad and the
ugly. In PACIS, page 126. AISeL.
Saeedi, K., Zhao, L., and Sampaio, P. (2010). Extending
bpmn for supporting customer-facing service quality
requirements. In Web Services (ICWS), 2010 IEEE
International Conference on, pages 616–623.
Soiva, J. (2007). business process outsourcing case
study:How to develp Deloitte S2Gs shared service ac-
tivities in the Bercelona costumer response centre.
PhD thesis, , Lahti university of applied sciences.
Theo Lynn, N. O. C., John Mooney, M. H., David Corco-
ran, G. H., Lisa Van Der Werff, J. P. M., and Healy, P.
(2014). Towards a Framework for Defining and Cate-
gorising Business Process-As-A-Service (BPaaS). In
21st International Product Development Management
Conference. Citations: Not Avail. ().
Yang, D.-H., Kim, S., Nam, C., and Min, J.-W. (2007).
Developing a decision model for business process
outsourcing. Computers and Operations Research,
34(12):3769 3778. Operations Research and Out-