Documente Academic
Documente Profesional
Documente Cultură
1. Motivation
4. Runtime Compliance
© S. Rinderle-Ma, 2019
1 Motivation
© S. Rinderle-Ma, 2019
1 Motivation
Guidelines Trust
Policies Quality
Contracts Legality
Constraints Reputation
© S. Rinderle-Ma, 2019
1 Motivation
Guideline
Compliance
Business Process
Compliance Prozess11
Prozess Process quality
Prozess111
Prozess
Process
Business Contracts
Process Engine
Certification
…
Process-aware information system
© S. Rinderle-Ma, 2019
1 Motivation
Between a feature freeze and the
After a biopsy, there must be a next release, each change has to
time interval of at least 7 days be approved.
before Barium-KE is performed.
Guideline
After an invasive
surgery, the Compliance
After developing a
aftercare should be prototype, a test drive and
Business Process
performed within 24
Compliance Prozess11
Prozess Process quality technical
a subsequent
hours
Prozess111
Prozess
Process
approval has to be
performed. In between the
prototype must not be
changed.
Business
Before Contracts
an invasive
surgery the patient Certification
After developing a
has to be informed Process Engine
component, it has to be
about the risks
… tested with respect to the
defined maturity level
Process-aware information system
before the release.
© S. Rinderle-Ma, 2019
Agenda
1. Motivation
4. Runtime Compliance
© S. Rinderle-Ma, 2019
Process model taken from: Linh Thao Ly, Stefanie Rinderle-Ma, Peter Dadam: Design and Verification of
Instantiable Compliance Rule Graphs in Process-Aware Information Systems. CAiSE 2010: 9-23
C2:
Tests have to be
documented
C3:
No development
shall take place
after feature freeze
Does the process comply with
the imposed constraints? C4:
The testing has to be followed by
an approval and the integration.
Additionally, no changes shall
take place between the approval
© S. Rinderle-Ma, 2019
and the integration
2 Compliance Life Cycle and Tasks
Modeling
C1:
Vor Beginn der Entwicklung
C2: Ziele definiert werden
müssen
compliance rules
Test-Aktivitäten müssen
dokumentiert werden
C2:
Test-Aktivitäten müssen
dokumentiert werden
C2:
Test-Aktivitäten müssen
dokumentiert werden
Compliance
checking
Process
modeling
Process-aware
information system
© S. Rinderle-Ma, 2019
2 Compliance Life Cycle and Tasks
Modeling How to enable modeling of
C1:
Vor Beginn der Entwicklung
C2: Ziele definiert werden
müssen
compliance rules intelligible and formal rules?
Test-Aktivitäten müssen
dokumentiert werden
C2:
Test-Aktivitäten müssen
dokumentiert werden
C2:
Test-Aktivitäten müssen
dokumentiert werden
How to facilitate
maintenance and evolution
How to extract compliance of compliance rules?
requirements from
regulatory documents
Compliance
checking
Process
modeling
Process-aware
© S. Rinderle-Ma, 2019
information system
2 Overview on Compliance Tasks
S. Rinderle-Ma: Process Compliance. Taylor & Francis (2017)
1. Motivation
4. Runtime Compliance
© S. Rinderle-Ma, 2019
3 Design Time Compliance
Compliance Constraints
• Before an invasive surgery the patient has to be informed about the risks
• After an invasive surgery the aftercare must take place within 24 hours.
• Between a feature freeze and the next release each change has to be
approved.
© S. Rinderle-Ma, 2019
3 Design Time Compliance
Compliance Constraints
• Before an invasive surgery the patient has to be informed about the risks
• After an invasive surgery the aftercare must take place within 24 hours.
• Between a feature freeze and the next release each change has to be
approved.
© S. Rinderle-Ma, 2019
3 Design Time Compliance
Compliance Constraints
• Before an invasive surgery the patient has to be informed about the risks
• After an invasive surgery the aftercare must take place within 24 hours.
• Between a feature freeze and the next release each change has to be
approved.
© S. Rinderle-Ma, 2019
3 Design Time Compliance
SeaFlows-Approach
Directly modeling activity patterns by predicate logic (PL1)
∀a1 ∃ a2
(Is(a1, Invasive surgery)
Is(a2, aftercare) AND
patient(a1) = patient(a2) AND
Pred(a1, a2) AND
MaxDistEndStart(a1, a2, 24h))
• Linh Thao Ly, Stefanie Rinderle-Ma, Peter Dadam: Design and Verification of Instantiable Compliance Rule Graphs in Process-
Aware Information Systems. CAiSE 2010: 9-23
• Linh Thao Ly, Stefanie Rinderle, Peter Dadam: Integration and verification of semantic constraints in adaptive process
management systems. Data Knowl. Eng. 64(1): 3-23 (2008)
© S. Rinderle-Ma, 2019
3 Design Time Compliance
Activity nets
∀a1(
Is(a1, Invasive surgery) BPEL Workflow Nets
∃ a2
ADEPT BPMN
Is(a2, aftercare)
AND patient(a1) = patient(a2)
AND Pred(a1, a2) )
© S. Rinderle-Ma, 2019
3 Design Time Compliance
Trace build up interpretation for rule Describes a set of possible execution traces
Approach
© S. Rinderle-Ma, 2019
3 Design Time Compliance
Formal semantics
Compliance rule graph
Processes
© S. Rinderle-Ma, 2019
23
Agenda
1. Motivation
4. Runtime Compliance
© S. Rinderle-Ma, 2019
4 Runtime Compliance
Design Time
Compliance
Post-Mortem
Compliance
Compliance
Monitoring
Analysis
© S. Rinderle-Ma, 2019
4 Runtime Compliance
Objective 1:
Identify (potential) compliance violations Managers Process supervisors Process users
Implementation
and modeling Compliance monitoring engine
FOL
Compliance rule language
CRG EC
FSA
Event format
Linh Thao Ly, Fabrizio Maria Maggi, Marco Montali, Stefanie Rinderle-Ma, Wil M. P. van der Aalst: Compliance monitoring in
business processes: Functionalities, application, and tool-support. Inf. Syst. 54: 209-234 (2015))
© S. Rinderle-Ma, 2019
4 CMF Framework
time
CMF 1 – 3: context
data
resources
atomic/non-atomic activities
CMF 4 – 6: scope
multiple instances
Reactive: detection&management
CMF 7 – 10: violations
Pro-active: detection&management
© S. Rinderle-Ma, 2019
Agenda
1. Motivation
4. Runtime Compliance
© S. Rinderle-Ma, 2019
Data Streams
5 Compliance 4.0
<event>
<string key="concept:name" value="reinitiate
request"/>
<string key="org:resource" value="Sara"/>
<date key="time:timestamp" value="2011-01-
06T12:18:00.000+01:00"/>
<string key="Activity" value="reinitiate request"/>
<string key="Resource" value="Sara"/> Sensor Data
<string key="Costs" value="200"/>
</event>
<event> event:
trace:id: '375'
<string key="concept:name" value="examine
concept:name:
thoroughly"/> external
id:id: external
<string key="org:resource" value="Sean"/>
cpee:uuid: 3a17d071-b756-4ad4-adca-e3e0e2f685ad
<date key="time:timestamp" value="2011-01-
lifecycle:transition: unknown
06T13:06:00.000+01:00"/>
cpee:lifecycle:transition:
<string key="Activity"endpoints/change
value="examine
AnaCredit list:
thoroughly"/>
data_changer:
<string key="Resource" value="Sean"/>
- timeout
<string key="Costs" value="400"/>
ELGA Machine Data
</event> - start_instance
- start_url
- queue
- queue_stat
data_values:
DSGVO timeout:
http://gruppe.wst.univie.ac.at/~mangler/services/timeout.php
start_instance: https://centurio.work/flow/start/instance/
start_url: https://centurio.work/flow/start/url/
queue: https://centurio.work/data/mm500/queue/
Regulatory Documents queue_stat: https://centurio.work/data/mm500/queue/
time:timestamp: '2018-06-12T13:29:20+02:00'
33
© S. Rinderle-Ma, Uni Wien (2019)
5 Constraint Extraction
© K. Winter
• Karolin Winter, Stefanie Rinderle-Ma: Deriving and Combining Mixed Graphs from Regulatory Documents Based on
Constraint Relations. CAiSE 2019: 430-445
• Karolin Winter, Stefanie Rinderle-Ma: Detecting Constraints and Their Relations from Regulatory Documents Using NLP
Techniques. OTM Conferences (1) 2018: 261-278
© S. Rinderle-Ma, 2019
5 Constraint Extraction Constraint Network Map
© S. Rinderle-Ma, 2019
Agenda
1. Motivation
4. Runtime Compliance
© S. Rinderle-Ma, 2019
6 Summary & Outlook
© S. Rinderle-Ma, 2019
References
Karolin Winter, Stefanie Rinderle-Ma: Deriving and Combining Mixed Graphs from
Regulatory Documents Based on Constraint Relations. CAiSE 2019: 430-445
Karolin Winter, Stefanie Rinderle-Ma: Detecting Constraints and Their Relations from
Regulatory Documents Using NLP Techniques. OTM Conferences (1) 2018: 261-278
Karolin Winter, Stefanie Rinderle-Ma: Untangling the GDPR Using ConRelMiner. CoRR
abs/1811.03399 (2018)
Linh Thao Ly, Fabrizio Maria Maggi, Marco Montali, Stefanie Rinderle-Ma, Wil M. P. van der
Aalst: Compliance monitoring in business processes: Functionalities, application, and tool-
support. Inf. Syst. 54: 209-234 (2015)
David Knuplesch, Manfred Reichert, Linh Thao Ly, Akhil Kumar, Stefanie Rinderle-Ma:
Visual Modeling of Business Process Compliance Rules with the Support of Multiple
Perspectives. ER 2013: 106-120
Linh Thao Ly, Stefanie Rinderle-Ma, David Knuplesch, Peter Dadam: Monitoring Business
Process Compliance Using Compliance Rule Graphs. OTM Conferences (1) 2011: 82-99
Linh Thao Ly, Stefanie Rinderle-Ma, Peter Dadam: Design and Verification of Instantiable
Compliance Rule Graphs in Process-Aware Information Systems. CAiSE 2010: 9-23
David Knuplesch, Linh Thao Ly, Stefanie Rinderle-Ma, Holger Pfeifer, Peter Dadam: On
Enabling Data-Aware Compliance Checking of Business Process Models. ER 2010: 332-346
Linh Thao Ly, Stefanie Rinderle, Peter Dadam: Integration and verification of semantic
constraints in adaptive process management systems. Data Knowl. Eng. 64(1): 3-23 (2008)
© S. Rinderle-Ma, 2019
Twitter:
@SRinderleMa
@wstcsunivie
Contact:
Univ.-Prof. Dr. Stefanie Rinderle-Ma
stefanie.rinderle-ma@univie.ac.at