Evaluation of Compliance Requirements for collaborative business process with process mining and a model of generic compliance controls

Abstract

The daily operation of organizations leaves a trail of the execution of business processes (BPs) including activities, events and decisions taken by participants. %, as a basis for process improvement. Compliance requirements add specific control elements to process execution, e.g. domain and/or country regulations to be fulfilled, enforcing order of interaction messages or activities, or security checks on roles and permissions. As the amount of available data in organizations grows everyday, using execution data to detect compliance violations and its causes, can help organizations to take corrective actions for improving their processes and comply to applying rules. Compliance requirements violations can be detected at runtime to prevent further execution, or in a post mortem way using Process Mining to evaluate process execution data against the specified compliance requirements for the process. In this paper we present a BP compliance Requirements Model (BPCRM) defining generic compliance controls that can be used to specify specific compliance requirements over BPs, that are used as input to assess compliance violations with process mining. This model can be seen as a catalogue that includes a set of predefined compliance rules or patterns in one place, helping organizations to specify and evaluate the compliance of their processes.