Compliance by Design for Artifact-Centric Business Processes

Compliance to legal regulations, internal policies, or best practices is becoming a more and more important aspect in business processes management. Compliance requirements are usually formulated in a set of rules that can be checked during or after the execution of the business process, called

compliance by detection

. If noncompliant behavior is detected, the business process needs to be redesigned. Alternatively, the rules can be already taken into account while modeling the business process to result in a business process that is

compliant by design

. This technique has the advantage that a subsequent verification of compliance is not required.

This paper focuses on compliance by design and employs an

artifact-centric

approach. In this school of thought, business processes are not described as a sequence of tasks to be performed (i.e., imperatively), but from the point of view of the artifacts that are manipulated during the process (i.e., declaratively). We extend the artifact-centric approach to model compliance rules and show how compliant business processes can be synthesized automatically.