NuSMV 2: An OpenSource Tool for Symbolic Model Checking
CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
A model for web services discovery with QoS
ACM SIGecom Exchanges
Software Factories: Assembling Applications with Patterns, Models, Frameworks, and Tools
Software Factories: Assembling Applications with Patterns, Models, Frameworks, and Tools
Translating business contract into compliant business processes
EDOC '06 Proceedings of the 10th IEEE International Enterprise Distributed Object Computing Conference
Compliance checking between business processes and business contracts
EDOC '06 Proceedings of the 10th IEEE International Enterprise Distributed Object Computing Conference
Model-Driven Software Development: Technology, Engineering, Management
Model-Driven Software Development: Technology, Engineering, Management
Domain-Specific Modeling
Conformance checking of processes based on monitoring real behavior
Information Systems
Integration and verification of semantic constraints in adaptive process management systems
Data & Knowledge Engineering
A static compliance-checking framework for business process models
IBM Systems Journal
Patterns for business object model integration in process-driven and service-oriented architectures
Proceedings of the 2006 conference on Pattern languages of programs
Auditing Business Process Compliance
ICSOC '07 Proceedings of the 5th international conference on Service-Oriented Computing
ICSR '08 Proceedings of the 10th international conference on Software Reuse: High Confidence Software Reuse in Large Systems
Modeling Human Aspects of Business Processes --- A View-Based, Model-Driven Approach
ECMDA-FA '08 Proceedings of the 4th European conference on Model Driven Architecture: Foundations and Applications
Efficient Compliance Checking Using BPMN-Q and Temporal Logic
BPM '08 Proceedings of the 6th International Conference on Business Process Management
Measurement of Compliance Distance in Business Processes
Information Systems Management
Model-Driven Integration and Management of Data Access Objects in Process-Driven SOAs
ServiceWave '08 Proceedings of the 1st European Conference on Towards a Service-Based Internet
A Classification Model for Automating Compliance
CECANDEEE '08 Proceedings of the 2008 10th IEEE Conference on E-Commerce Technology and the Fifth IEEE Conference on Enterprise Computing, E-Commerce and E-Services
Automating Privacy Compliance with ExPDT
CECANDEEE '08 Proceedings of the 2008 10th IEEE Conference on E-Commerce Technology and the Fifth IEEE Conference on Enterprise Computing, E-Commerce and E-Services
Regulations Expressed As Logical Models (REALM)
Proceedings of the 2005 conference on Legal Knowledge and Information Systems: JURIX 2005: The Eighteenth Annual Conference
Tailoring a model-driven Quality-of-Service DSL for various stakeholders
MISE '09 Proceedings of the 2009 ICSE Workshop on Modeling in Software Engineering
Pattern-based design and validation of business process compliance
OTM'07 Proceedings of the 2007 OTM Confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part I
Modeling control objectives for business process compliance
BPM'07 Proceedings of the 5th international conference on Business process management
Compliance aware business process design
BPM'07 Proceedings of the 2007 international conference on Business process management
Software and Systems Modeling (SoSyM)
An End-to-End Framework for Business Compliance in Process-Driven SOAs
SYNASC '10 Proceedings of the 2010 12th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing
Business policy compliance in service-oriented systems
Information Systems
Self-Supervising BPEL Processes
IEEE Transactions on Software Engineering
On the formal specification of regulatory compliance: a comparative analysis
ICSOC'10 Proceedings of the 2010 international conference on Service-oriented computing
Compliance Domains: A Means to Model Data-Restrictions in Cloud Environments
EDOC '11 Proceedings of the 2011 IEEE 15th International Enterprise Distributed Object Computing Conference
Process mining and verification of properties: an approach based on temporal logic
OTM'05 Proceedings of the 2005 Confederated international conference on On the Move to Meaningful Internet Systems - Volume >Part I
Proceedings of the 16th European Conference on Pattern Languages of Programs
Architecture-centric support for adaptive service collaborations
ACM Transactions on Software Engineering and Methodology (TOSEM)
Hi-index | 0.00 |
Context: Ensuring software systems conforming to multiple sources of relevant policies, laws, and regulations is significant because the consequences of infringement can be serious. Unfortunately, this goal is hardly achievable due to the divergence and frequent changes of compliance sources and the differences in perception and expertise of the involved stakeholders. In the long run, these issues lead to problems regarding complexity, understandability, maintainability, and reusability of compliance concerns. Objective: In this article, we present a model-driven and view-based approach for addressing problems related to compliance concerns. Method: Compliance concerns are represented using separate view models. This is achieved using domain-specific languages (DSLs) that enable non-technical and technical experts to formulate only the excerpts of the system according to their expertise and domain knowledge. The compliance implementations, reports, and documentation can be automatically generated from the models. The applicability of our approach has been validated using an industrial case study. Results: Our approach supports stakeholders in dealing with the divergence of multiple compliance sources. The compliance controls and relevant reports and documentation are generated from the models and hence become traceable, understandable, and reusable. Because the generated artifacts are associated with the models, the compliance information won't be lost as the system evolves. DSLs and view models convey compliance concerns to each stakeholder in a view that is most appropriate for his/her current work task. Conclusions: Our approach lays a solid foundation for ensuring conformance to relevant laws and regulations. This approach, on the one hand, aims at addressing the variety of expertise and domain knowledge of stakeholders. On the other hand, it also aims at ensuring the explicit links between compliance sources and the corresponding implementations, reports, and documents for conducting many important tasks such as root cause analysis, auditing, and governance.