A Static Compliance Checking Framework for Business Process Models

Regulatory compliance of business operations is a critical problem for enterprises. As enterprises increasingly use business process management systems to automate their business processes, technologies to automatically check compliance of process models against compliance rules are becoming important. In this paper, we present a method for improving the reliability and minimizing the risk of failure of business process management systems from a compliance perspective. The proposed method allows for the separate modeling of both process models and compliance concerns. Business process models expressed in the Business Process Execution Language are transformed into Pi calculus and then into Finite State Machines. Compliance rules captured in the graphical Business Property Specification Language are translated into Linear Temporal Logic. Thus, process models can be verified against these compliance rules by means of model checking technology. The benefit of our method is threefold: Through the automated verification of a large set of business process models, our approach increases deployment efficiency and lowers the risk of installing non-compliant processes. Furthermore, it reduces the cost associated with inspecting business process models for compliance. Finally, compliance checking may guarantee compliance of new process models before their execution and thereby increases the reliability of business operations in general.