Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The Journey to Business Process Compliance. Are We There Yet?

548 views

Published on

Slides of the keynote presentation at ICSOC 2015 Workshop.

The slides argues that a large amount of research in the area of business process compliance, in particular the approaches based on (linear) temporal logic, failed to produce results. In particular it argues that such approaches are not able to correctly determine whether a business process complies with some norms. It shows a simple example where such approaches produces incorrect outcomes. It also shows that Regorous, the compliance frameworks based on the compliance-by-design methodology proposed by Governatori and Sadiq is able to handle such cases, and it offers a practical solution to regulatory compliance of business process.

Published in: Technology
  • Have you ever used the help of ⇒ www.HelpWriting.net ⇐? They can help you with any type of writing - from personal statement to research paper. Due to this service you'll save your time and get an essay without plagiarism.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

The Journey to Business Process Compliance. Are We There Yet?

  1. 1. The Journey to Business Process Compliance. Are We There Yet? Guido Governatori 16 November 2015 www.data61.csiro.au
  2. 2. Outline • Motivation • Business Process Compliance • Modelling Business Processes • A Privacy Dilemma • No Time for Compliance • The Regorous Approach to Business Process Compliance 2 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  3. 3. Motivation 2000-2010 Big (financial) scandals lead to more strict regualtory frameworks with strong compliance components 2005- Regulatory compliance emerged as a multi-billion dollars market 2005-2006 IT frameworks to support regulatory compliance: • Governatori and Sadiq • Giblin, Liu et al. • Ghose and Koliades • Goedertier and Vanthienen 2015 10 years and 500 papers later 3 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  4. 4. Business Process Compliance
  5. 5. What is Compliance? Ensuring that business operations, processes, and practices are in accordance with a given prescriptive (often legal) document 5 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  6. 6. What is Compliance? Ensuring that business operations, processes, and practices are in accordance with a given prescriptive (often legal) document Regulatory • Basel II • Sarbanes-Oxley • OFAC (USA Patriot Act) • OSFI “blocked entity” lists • HIPAA • Graham-Leach-Bliley Standards • Best practice models • SAP solution maps • ISO 9000 • Medical guidelines Contracts • Service Agreement • Customer Contract • Warranty • Insurance Policy • Business Partnership 5 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  7. 7. Definition of Compliance 6 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  8. 8. Definition of Compliance Compliance is a relationship between two sets of specifications 6 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  9. 9. Definition of Compliance Compliance is a relationship between two sets of specifications Alignment of formal specifications for business processes and formal specifications for prescriptive (legal) documents. 6 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  10. 10. Definition of Compliance Compliance is a relationship between two sets of specifications Alignment of formal specifications for business processes and formal specifications for prescriptive (legal) documents. • Conceptually sound representation of business processes 6 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  11. 11. Definition of Compliance Compliance is a relationship between two sets of specifications Alignment of formal specifications for business processes and formal specifications for prescriptive (legal) documents. • Conceptually sound representation of business processes • Conceptually sound representation of and reasoning with norms 6 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  12. 12. Compliance Ecosystem Legal Space Process Space Compliance Space Process Data BP Execution Compliance Checking Regulatory Document (Formal) Specification <obligations>; <permissions>; <prohibitions; Analysis Translation Monitoring Violation Response Domain Experts Process Modellers BP Models Design TIme Run Time Process Role(s) New or Existing New or Existing New Existing Existing ExistingExisting Violation Detection 7 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  13. 13. Compliance Recipe 1. Formal Model of Business Processes 8 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  14. 14. Compliance Recipe 1. Formal Model of Business Processes 2. Formal Model of Relevant Norms/Normative Frameworks 8 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  15. 15. Compliance Recipe 1. Formal Model of Business Processes 2. Formal Model of Relevant Norms/Normative Frameworks 3. Combine, shake well and serve! 8 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  16. 16. Modelling Business Processes
  17. 17. Business Process Model Self-contained, temporal and logical order in which a set of activities are executed to achieve a business goal. It describes: • What needs be done and when (control flows) • What we need to work on (data) • Who is doing the work (human and system resources) 10 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  18. 18. Modelling Processes A B D C E F G H t1 : A, B, C, D, E, F, H t2 : A, B, D, C, E, F, H t3 : A, D, B, C, E, F, H t4 : A, B, C, D, E, G, H t5 : A, B, D, C, E, G, H t6 : A, D, B, C, E, G, H 11 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  19. 19. Annotated Traces Let Lit be a set of literals, T be the set of traces of a process and N be the set of natural numbers State : T × N → 2Lit The function State returns the set of literals describing “what’s going on in a trace t after the execution of the n-th task in the process”. 12 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  20. 20. Example A B C D Tasks • A: “turn the light on” • B: “check if glass is empty” • C: “fill glass with water” • D: “turn glass upside-down” Propositions • p: “the light is on” • q: “the glass is full” Trace 1: A, B, D Trace 2: A, B, C, D • State(i, 1) = { p }, i ∈ { 1, 2 } • State(1, 2) = { p, q } • State(2, 2) = { p, ¬q } • State(2, 3) = { p, q } • State(1, 3) = { p, ¬q } • State(2, 4) = { p, ¬q } 13 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  21. 21. A Privacy Dilemma
  22. 22. A Privacy Act Section 1: (Prohibition to collect personal medical information) Offence: It is an offence to collect personal medical information. Defence: It is a defence to the prohibition of collecting personal medical information, if an entity immediately destroys the illegally collected personal medical information before making any use of the personal medical information Section 2: An entity is permitted to collect personal medical information if the entity acts under a Court Order authorising the collection of personal medical information. Section 3: (Prohibition to collect personal information) It is forbidden to collect personal information unless an entity is permitted to collect personal medical information. Offence: an entity collected personal information Defence: an entity being permitted to collect personal medical information. 15 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  23. 23. A Business Process Collect Medical Information Collect Personal Information Destroy Medical Information T1 T2 T3 Start End 16 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  24. 24. A Business Process Collect Medical Information Collect Personal Information Destroy Medical Information T1 T2 T3 Start End Is the process compliant with the Privacy Act? 16 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  25. 25. Making Sense of the Act • Collection of medical information is forbidden. • Destruction of the illegally collected medical information excuses the illegal collection. • Collection of medical information is permitted if there is an authorising court order. • Collection of personal information is forbidden. • Collection of personal information is permitted if the collection of medical information is permitted 17 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  26. 26. Making Sense of the Act • Collection of medical information is forbidden. • Destruction of the illegally collected medical information excuses the illegal collection. • Collection of medical information is permitted if there is an authorising court order. • Collection of personal information is forbidden. • Collection of personal information is permitted if the collection of medical information is permitted Collect Medical Information Collect Personal Information Destroy Medical Information T1 T2 T3 Start End 17 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  27. 27. Making Sense of the Act • Collection of medical information is forbidden. • Destruction of the illegally collected medical information excuses the illegal collection. • Collection of medical information is permitted if there is an authorising court order. • Collection of personal information is forbidden. • Collection of personal information is permitted if the collection of medical information is permitted Collect Medical Information Collect Personal Information Destroy Medical Information T1 T2 T3 Start End The process is not compliant 17 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  28. 28. No Time for Compliance
  29. 29. Linear Temporal Logic for Compliance In the past 5-10 years many compliance frameworks based on (Linear) Temporal Logic have been proposed: • DECLARE, MoBuCom, DecSerFlow • COMPAS • BPMN-Q 19 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  30. 30. Motivation • Linear Temporal Logic (LTL): mature technology to verify systems • Similarity between conditions for obligations and temporal notions in LTL • many compliance frameworks proposed LTL to check compliance of business processes 20 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  31. 31. Motivation • Linear Temporal Logic (LTL): mature technology to verify systems • Similarity between conditions for obligations and temporal notions in LTL • many compliance frameworks proposed LTL to check compliance of business processes Can current compliance frameworks based on LTL be used to determine compliance of processes with norms? 20 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  32. 32. Linear Temporal Logic 101 (Syntax) • Xφ: at the next time φ holds; • Fφ: eventually φ holds (sometimes in the future φ); and • Gφ: globally φ holds (always in the future φ). In addition we have three binary operators: • φ U ψ (until): φ holds until ψ holds; • φ W ψ (weak until): φ holds until ψ holds and ψ might not hold. Interdefinability • Fφ ≡ U φ, • Gφ ≡ ¬F¬φ, • φ W ψ ≡ (φ U ψ) ∨ Gφ 21 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  33. 33. Linear Temporal Logic 102 (Semantics) TS, σ |= a s0 a s1 s2 s3 TS, σ |= Xa s0 s1 a s2 s3 TS, σ |= a U b s0 a ∧ ¬b s1 a ∧ ¬b s2 b s3 TS, σ |= Fa s0 ¬a s1 ¬a s2 a s3 TS, σ |= Ga s0 a s1 a s2 a s3 a 22 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  34. 34. Linear Temporal Logic 102 (Semantics) TS, σ |= a s0 a s1 s2 s3 TS, σ |= Xa s0 s1 a s2 s3 TS, σ |= a U b s0 a ∧ ¬b s1 a ∧ ¬b s2 b s3 TS, σ |= Fa s0 ¬a s1 ¬a s2 a s3 TS, σ |= Ga s0 a s1 a s2 a s3 a A formula φ is true in a fullpath σ iff it is true at the first element of the fullpath. 22 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  35. 35. Linear Temporal Logic 102 (Semantics) TS, σ |= a s0 a s1 s2 s3 TS, σ |= Xa s0 s1 a s2 s3 TS, σ |= a U b s0 a ∧ ¬b s1 a ∧ ¬b s2 b s3 TS, σ |= Fa s0 ¬a s1 ¬a s2 a s3 TS, σ |= Ga s0 a s1 a s2 a s3 a A formula φ is true in a fullpath σ iff it is true at the first element of the fullpath. A formula is true in a state S TS, s |= φ iff ∀σ: σ[0] = s, TS, σ |= φ. 22 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  36. 36. Obligation, Prohibition and Permission Obligation A situation, an act, or a course of action to which a bearer is legally bound, and if it is not achieved or performed results in a violation. Prohibition A situation, an act, or a course of action which a bearer should avoid, and if it is achieved results in a violation. Permission Something is permitted if the obligation or the prohibition to the contrary does not hold. 23 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  37. 37. Achievement vs Maintenance Obligations • For an achievement obligation, a certain condition must occur at least once before the deadline ‘Customers must pay before the delivery of the good, after receiving the invoice’ • For maintenance obligations, a certain condition must obtain during all instants before the deadline: ‘After opening a bank account, customers must keep a positive balance until bank charges are taken out’ 24 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  38. 38. Achievement and Maintenance Obligations in LTL Maintenance obligation Gφ G(τ → φ U δ) Achievement obligation Fφ G(τ → ¬(¬φ U δ)) 25 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  39. 39. Compliance in LTL To determine, given a model encoding a trace of a business process and a set of formulas encoding the relevant norms, whether the formulas are satisfiable by the model. 26 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  40. 40. LTL Compliance Frameworks • Several compliance frameworks based on LTL have been proposed (e.g., COMPAS, MoBuCOM, BPMN-Q, we focus on COMPAS Compliance Requirement Language CRL). • Propose templates/patterns to capture “compliance requirements” based on the “temporal order” of tasks or business process components. • Templates correspond to temporal logic formulas 27 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  41. 41. CRL Patterns • Absence: φ isAbsent, φ does not occur in the process G¬φ • Existence: φ Exists, φ occurs in the the process Fφ • Leads To: φ LeadsTo ψ, φ must always be followed by ψ G(φ → Fψ) 28 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  42. 42. CRL Contrary-to-duty Pattern Pattern to represent compensations to violations φ (LeadsTo|DirectlyFollowedBy) φ1 (Else|ElseNext) φ2 . . . (Else|ElseNext) φn translated to G(φ → F|X(φ1 ∧1≤i<n−1 (F|X(φi NotSucceed) ∧ (φi NotSucceed → F|Xφi+1)))) 29 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  43. 43. CRL Contrary-to-duty Pattern Pattern to represent compensations to violations φ (LeadsTo|DirectlyFollowedBy) φ1 (Else|ElseNext) φ2 . . . (Else|ElseNext) φn translated to G(φ → F|X(φ1 ∧1≤i<n−1 (F|X(φi NotSucceed) ∧ (φi NotSucceed → F|Xφi+1)))) but it does not work for maintenance obligations (prohibitions), Gφ ∧ ¬φ → ⊥. Gφ ∨ F(¬φ ∧ F|Xψ) 29 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  44. 44. CRL Exception Patterns Strong Exceptions: [[R]]Pattern φ → ψ Weak Exceptions: [R]Pattern φ ∨ ψ where: • φ is the LTL translation of R • ψ is the LTL translation of Pattern 30 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  45. 45. Privacy Act Logical Structure • A (“collection of medical information”) is forbidden B (“destruction of medical information”) compensates the illegal collection • A is permitted if C (“acting under a court order”) • D (“collection of personal information”) is forbidden • D is permitted if A is permitted 31 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  46. 46. Privacy Act in CRL and LTL CRL1 R1 : ([R2]A isAbsent) Else B, CRL2 R2 : C, CRL3 R3 : [R4]D isAbsent, CRL4 R4 : A isPermitted. 32 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  47. 47. Privacy Act in CRL and LTL CRL1 R1 : ([R2]A isAbsent) Else B, CRL2 R2 : C, CRL3 R3 : [R4]D isAbsent, CRL4 R4 : A isPermitted. LTL1 G(C ∨ (G¬A ∨ F(A ∧ FB))); LTL2 G(FA ∨ G¬D). 32 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  48. 48. CRL: Are We Compliant? Collect Medical Information Collect Personal Information Destroy Medical Information T1 T2 T3 Start End LTL1 G(C ∨ (G¬A ∨ F(A ∧ FB))); LTL2 G(FA ∨ G¬D). • v(start) = { ¬A, ¬B, ¬C, ¬D }; • v(T1) = { A, ¬B, ¬C, ¬D }; • v(T2) = { A, ¬B, ¬C, D }; • v(T3) = { A, B, ¬C, D }; • v(end) = { A, B, ¬C, D }. M |= LTL1 ∧ LTL2 33 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  49. 49. CRL: Are We Compliant? Collect Medical Information Collect Personal Information Destroy Medical Information T1 T2 T3 Start End LTL1 G(C ∨ (G¬A ∨ F(A ∧ FB))); LTL2 G(FA ∨ G¬D). • v(start) = { ¬A, ¬B, ¬C, ¬D }; • v(T1) = { A, ¬B, ¬C, ¬D }; • v(T2) = { A, ¬B, ¬C, D }; • v(T3) = { A, B, ¬C, D }; • v(end) = { A, B, ¬C, D }. M |= LTL1 ∧ LTL2 According to CRL/LTL the process is compliant 33 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  50. 50. The Regorous Approach to Business Process Compliance
  51. 51. The Regorous Approach Extension, refinement of the compliance-by-design methodology proposed by Governatori and Sadiq 2007. 1. Annotated business process models 2. Proper representation of norms based on PCL (Process Compliance Logic) 3. Simulate execution of traces and round trips to PCL reasoner 1. Determine what are the obligations in force for each state 2. Determine which obligations have been fulfilled, violated, or pending 3. Determine which violations have been compensated for http://www.regorous.com 35 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  52. 52. Modelling Norms Norms are modelled as if . . . then . . . rules • norms are defeasible (handling exceptions) • two types of norms constitutive rules: defining terms used in a legal context A1, . . . , An ⇒ C prescriptive rules: defining “normative effects” (i.e., obligations, permissions, prohibitions . . . ) A1, . . . , An ⇒ [O]C1 ⊗ [O]C2 ⊗ · · · ⊗ [O]Cm A1, . . . , An ⇒ [P]C 36 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  53. 53. Reasoning with Norms 1. A is a fact; or 2. there is an applicable rule for A, and either 1. all the rules for ¬A are discarded (i.e., not applicable) or 2. every applicable rule for ¬A is weaker than an applicable rule for A. 37 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  54. 54. The Regorous Architecture Compliance Checker Logical State Representation State(t,1) State(t,2) State(t,3) State(t,4) Rule1 Rule2 Rule3 Rule4 Rule5 Rule6 Rule7 Rule8 Rule9 ... Compliance Rule Base Obligations Input ... Annotated Business Process T2 T5 T3 T1 T4 T7 T6 Legalese Formalisation Recommendation Sub-system recommendations whatif analysis StatusReport 38 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  55. 55. Privacy Regorously • collection of medical information is forbidden c destruction of medical information compensates the illegal collection r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy • collection of medical information is permitted if acting under a court order r2 : courtOrder ⇒ [P]medicalInfo • collection of personal information is forbidden r3 : ⇒ [O]¬personalInfo • collection personal information is permitted if collection of medical information is permitted r4 : [P]medicalInfo ⇒ [P]personalInfo 39 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  56. 56. Are We Regorously Compliant? Collect Medical Information Collect Personal Information Destroy Medical Information T1 T2 T3 Start End r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy r2 : courtOrder ⇒ [P]medicalInfo r3 : ⇒ [O]¬personalInfo r4 : [P]medicalInfo ⇒ [P]personalInfo 40 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  57. 57. Are We Regorously Compliant? Collect Medical Information Collect Personal Information Destroy Medical Information T1 T2 T3 Start End r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy r2 : courtOrder ⇒ [P]medicalInfo r3 : ⇒ [O]¬personalInfo r4 : [P]medicalInfo ⇒ [P]personalInfo State(start) : ¬courtOrder 40 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  58. 58. Are We Regorously Compliant? Collect Medical Information Collect Personal Information Destroy Medical Information T1 T2 T3 Start End r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy r2 : courtOrder ⇒ [P]medicalInfo r3 : ⇒ [O]¬personalInfo r4 : [P]medicalInfo ⇒ [P]personalInfo State(start) : ¬courtOrder Force(T1) : [O]¬medicalInfo [O]¬personalInfo 40 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  59. 59. Are We Regorously Compliant? Collect Medical Information Collect Personal Information Destroy Medical Information T1 T2 T3 Start End r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy r2 : courtOrder ⇒ [P]medicalInfo r3 : ⇒ [O]¬personalInfo r4 : [P]medicalInfo ⇒ [P]personalInfo State(start) : ¬courtOrder Force(T1) : [O]¬medicalInfo [O]¬personalInfo State(T1) : medicalInfo 40 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  60. 60. Are We Regorously Compliant? Collect Medical Information Collect Personal Information Destroy Medical Information T1 T2 T3 Start End r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy r2 : courtOrder ⇒ [P]medicalInfo r3 : ⇒ [O]¬personalInfo r4 : [P]medicalInfo ⇒ [P]personalInfo State(start) : ¬courtOrder Force(T1) : [O]¬medicalInfo [O]¬personalInfo State(T1) : medicalInfo Violated(T1) : [O]¬medicalInfo 40 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  61. 61. Are We Regorously Compliant? Collect Medical Information Collect Personal Information Destroy Medical Information T1 T2 T3 Start End r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy r2 : courtOrder ⇒ [P]medicalInfo r3 : ⇒ [O]¬personalInfo r4 : [P]medicalInfo ⇒ [P]personalInfo State(start) : ¬courtOrder Force(T1) : [O]¬medicalInfo [O]¬personalInfo State(T1) : medicalInfo Violated(T1) : [O]¬medicalInfo Force(T2) : [O]destroy 40 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  62. 62. Are We Regorously Compliant? Collect Medical Information Collect Personal Information Destroy Medical Information T1 T2 T3 Start End r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy r2 : courtOrder ⇒ [P]medicalInfo r3 : ⇒ [O]¬personalInfo r4 : [P]medicalInfo ⇒ [P]personalInfo State(start) : ¬courtOrder Force(T1) : [O]¬medicalInfo [O]¬personalInfo State(T1) : medicalInfo Violated(T1) : [O]¬medicalInfo Force(T2) : [O]destroy State(T2) : personalInfo 40 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  63. 63. Are We Regorously Compliant? Collect Medical Information Collect Personal Information Destroy Medical Information T1 T2 T3 Start End r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy r2 : courtOrder ⇒ [P]medicalInfo r3 : ⇒ [O]¬personalInfo r4 : [P]medicalInfo ⇒ [P]personalInfo State(start) : ¬courtOrder Force(T1) : [O]¬medicalInfo [O]¬personalInfo State(T1) : medicalInfo Violated(T1) : [O]¬medicalInfo Force(T2) : [O]destroy State(T2) : personalInfo Violated(T2) : [O]¬persoanlInfo 40 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  64. 64. Are We Regorously Compliant? Collect Medical Information Collect Personal Information Destroy Medical Information T1 T2 T3 Start End r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy r2 : courtOrder ⇒ [P]medicalInfo r3 : ⇒ [O]¬personalInfo r4 : [P]medicalInfo ⇒ [P]personalInfo State(start) : ¬courtOrder Force(T1) : [O]¬medicalInfo [O]¬personalInfo State(T1) : medicalInfo Violated(T1) : [O]¬medicalInfo Force(T2) : [O]destroy State(T2) : personalInfo Violated(T2) : [O]¬persoanlInfo State(T3) : destroy 40 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  65. 65. Are We Regorously Compliant? Collect Medical Information Collect Personal Information Destroy Medical Information T1 T2 T3 Start End r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy r2 : courtOrder ⇒ [P]medicalInfo r3 : ⇒ [O]¬personalInfo r4 : [P]medicalInfo ⇒ [P]personalInfo State(start) : ¬courtOrder Force(T1) : [O]¬medicalInfo [O]¬personalInfo State(T1) : medicalInfo Violated(T1) : [O]¬medicalInfo Force(T2) : [O]destroy State(T2) : personalInfo Violated(T2) : [O]¬persoanlInfo State(T3) : destroy Compensated(T3) : [O]¬medicalInfo 40 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  66. 66. The Regorous Evaluation Formalised Chapter 8 (Complaints) of TCPC 2012. Modelled the compliant handling/management processes of an Australian telco. 41 tasks, 12 decision points (xor), 2 loops shortest trace: 6 traces longest trace (loop): 33 tasks longest trace (no loop): 22 tasks over 1000 traces, over 25000 states 41 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  67. 67. The Regorous Evaluation TCPC 2012 Chapter 8. Contains over 100 commas, plus 120 terms (in Terms and Definitions Section). Required 223 propositions, 176 rules. Punctual Obligation 5 (5) Achievement Obligation 90 (110) Preemptive 41 (46) Non preemptive 49 (64) Non perdurant 5 (7) Maintenance Obligation 11 (13) Prohibition 7 (9) Non perdurant 1 (4) Permission 9 (16) Compensation 2 (2) 42 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  68. 68. Conclusions • Many scholars jumped on the compliance bandwagon • Current Compliance Frameworks based on Temporal Logic are not able to model real life norms. • Result not restricted to Linear Temporal Logic, it extends to other temporal logics • Result is not an impossibility theorem. If one knows what are the compliant traces, one can build a set of temporal formulas corresponding to the compliant traces (but it means using an external oracle, so useless for compliance) • Result seems to affect Deontic logics based on possible world semantics. • PCL and Regorous are not affected by the problem, and offer a viable practical solution • 5/10 years of mostly wasted opportunities and research efforts 43 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
  69. 69. Questions? Guido Governatori guido.governatori@nicta.com.au 44 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori

×