SOA-enabled compliance management

Instrumenting, assessing, and analyzing service-based business processes

Carlos Rodríguez, Daniel Schleicher, Florian Daniel, Fabio Casati, Frank Leymann, Sebastian Wagner

Research output: Contribution to journalArticle

6 Citations (Scopus)

Abstract

Facilitating compliance management, that is, assisting a company's management in conforming to laws, regulations, standards, contracts, and policies, is a hot but non-trivial task. The service-oriented architecture (SOA) has evolved traditional, manual business practices into modern, service-based IT practices that ease part of the problem: the systematic definition and execution of business processes. This, in turn, facilitates the online monitoring of system behaviors and the enforcement of allowed behaviors-all ingredients that can be used to assist compliance management on the fly during process execution. In this paper, instead of focusing on monitoring and runtime enforcement of rules or constraints, we strive for an alternative approach to compliance management in SOAs that aims at assessing and improving compliance. We propose two ingredients: (i) a model and tool to design compliant service-based processes and to instrument them in order to generate evidence of how they are executed and (ii) a reporting and analysis suite to create awareness of a company's compliance state and to enable understanding why and where compliance violations have occurred. Together, these ingredients result in an approach that is close to how the real stakeholders-compliance experts and auditors-actually assess the state of compliance in practice and that is less intrusive than enforcing compliance.

Original languageEnglish
Pages (from-to)275-292
Number of pages18
JournalService Oriented Computing and Applications
Volume7
Issue number4
DOIs
Publication statusPublished - Dec 2013
Externally publishedYes

Fingerprint

Service oriented architecture (SOA)
Industry
Compliance
Business process
Service-oriented architecture
Monitoring

Keywords

  • Compliance assessment
  • Key indicators
  • Reporting dashboard
  • Root cause analysis
  • Service-based compliance governance
  • Signaling instrumentation

ASJC Scopus subject areas

  • Management Information Systems
  • Software
  • Information Systems
  • Hardware and Architecture

Cite this

SOA-enabled compliance management : Instrumenting, assessing, and analyzing service-based business processes. / Rodríguez, Carlos; Schleicher, Daniel; Daniel, Florian; Casati, Fabio; Leymann, Frank; Wagner, Sebastian.

In: Service Oriented Computing and Applications, Vol. 7, No. 4, 12.2013, p. 275-292.

Research output: Contribution to journalArticle

Rodríguez, Carlos ; Schleicher, Daniel ; Daniel, Florian ; Casati, Fabio ; Leymann, Frank ; Wagner, Sebastian. / SOA-enabled compliance management : Instrumenting, assessing, and analyzing service-based business processes. In: Service Oriented Computing and Applications. 2013 ; Vol. 7, No. 4. pp. 275-292.
@article{9eddcba6c9014b02a281cf7bbe5f6141,
title = "SOA-enabled compliance management: Instrumenting, assessing, and analyzing service-based business processes",
abstract = "Facilitating compliance management, that is, assisting a company's management in conforming to laws, regulations, standards, contracts, and policies, is a hot but non-trivial task. The service-oriented architecture (SOA) has evolved traditional, manual business practices into modern, service-based IT practices that ease part of the problem: the systematic definition and execution of business processes. This, in turn, facilitates the online monitoring of system behaviors and the enforcement of allowed behaviors-all ingredients that can be used to assist compliance management on the fly during process execution. In this paper, instead of focusing on monitoring and runtime enforcement of rules or constraints, we strive for an alternative approach to compliance management in SOAs that aims at assessing and improving compliance. We propose two ingredients: (i) a model and tool to design compliant service-based processes and to instrument them in order to generate evidence of how they are executed and (ii) a reporting and analysis suite to create awareness of a company's compliance state and to enable understanding why and where compliance violations have occurred. Together, these ingredients result in an approach that is close to how the real stakeholders-compliance experts and auditors-actually assess the state of compliance in practice and that is less intrusive than enforcing compliance.",
keywords = "Compliance assessment, Key indicators, Reporting dashboard, Root cause analysis, Service-based compliance governance, Signaling instrumentation",
author = "Carlos Rodr{\'i}guez and Daniel Schleicher and Florian Daniel and Fabio Casati and Frank Leymann and Sebastian Wagner",
year = "2013",
month = "12",
doi = "10.1007/s11761-013-0129-3",
language = "English",
volume = "7",
pages = "275--292",
journal = "Service Oriented Computing and Applications",
issn = "1863-2386",
publisher = "Springer London",
number = "4",

}

TY - JOUR

T1 - SOA-enabled compliance management

T2 - Instrumenting, assessing, and analyzing service-based business processes

AU - Rodríguez, Carlos

AU - Schleicher, Daniel

AU - Daniel, Florian

AU - Casati, Fabio

AU - Leymann, Frank

AU - Wagner, Sebastian

PY - 2013/12

Y1 - 2013/12

N2 - Facilitating compliance management, that is, assisting a company's management in conforming to laws, regulations, standards, contracts, and policies, is a hot but non-trivial task. The service-oriented architecture (SOA) has evolved traditional, manual business practices into modern, service-based IT practices that ease part of the problem: the systematic definition and execution of business processes. This, in turn, facilitates the online monitoring of system behaviors and the enforcement of allowed behaviors-all ingredients that can be used to assist compliance management on the fly during process execution. In this paper, instead of focusing on monitoring and runtime enforcement of rules or constraints, we strive for an alternative approach to compliance management in SOAs that aims at assessing and improving compliance. We propose two ingredients: (i) a model and tool to design compliant service-based processes and to instrument them in order to generate evidence of how they are executed and (ii) a reporting and analysis suite to create awareness of a company's compliance state and to enable understanding why and where compliance violations have occurred. Together, these ingredients result in an approach that is close to how the real stakeholders-compliance experts and auditors-actually assess the state of compliance in practice and that is less intrusive than enforcing compliance.

AB - Facilitating compliance management, that is, assisting a company's management in conforming to laws, regulations, standards, contracts, and policies, is a hot but non-trivial task. The service-oriented architecture (SOA) has evolved traditional, manual business practices into modern, service-based IT practices that ease part of the problem: the systematic definition and execution of business processes. This, in turn, facilitates the online monitoring of system behaviors and the enforcement of allowed behaviors-all ingredients that can be used to assist compliance management on the fly during process execution. In this paper, instead of focusing on monitoring and runtime enforcement of rules or constraints, we strive for an alternative approach to compliance management in SOAs that aims at assessing and improving compliance. We propose two ingredients: (i) a model and tool to design compliant service-based processes and to instrument them in order to generate evidence of how they are executed and (ii) a reporting and analysis suite to create awareness of a company's compliance state and to enable understanding why and where compliance violations have occurred. Together, these ingredients result in an approach that is close to how the real stakeholders-compliance experts and auditors-actually assess the state of compliance in practice and that is less intrusive than enforcing compliance.

KW - Compliance assessment

KW - Key indicators

KW - Reporting dashboard

KW - Root cause analysis

KW - Service-based compliance governance

KW - Signaling instrumentation

UR - http://www.scopus.com/inward/record.url?scp=84888049037&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84888049037&partnerID=8YFLogxK

U2 - 10.1007/s11761-013-0129-3

DO - 10.1007/s11761-013-0129-3

M3 - Article

VL - 7

SP - 275

EP - 292

JO - Service Oriented Computing and Applications

JF - Service Oriented Computing and Applications

SN - 1863-2386

IS - 4

ER -