A static compliance-checking framework for business process models

Abstract

Regulatory compliance of business operations is a critical problem for enterprises. As enterprises increasingly use business process management systems to automate their business processes, technologies to automatically check the compliance of process models against compliance rules are becoming important. In this paper, we present a method to improve the reliability and minimize the risk of failure of business process management systems from a compliance perspective. The proposed method allows separate modeling of both process models and compliance concerns. Business process models expressed in the Business Process Execution Language are transformed into pi-calculus and then into finite state machines. Compliance rules captured in the graphical Business Property Specification Language are translated into linear temporal logic. Thus, process models can be verified against these compliance rules by means of model-checking technology. The benefit of our method is threefold: Through the automated verification of a large set of business process models, our approach increases deployment efficiency and lowers the risk of installing noncompliant processes; it reduces the cost associated with inspecting business process models for compliance; and compliance checking may ensure compliance of new process models before their execution and thereby increase the reliability of business operations in general. © 2007 IBM.