Slides of the keynote presentation at ICSOC 2015 Workshop.
The slides argues that a large amount of research in the area of business process compliance, in particular the approaches based on (linear) temporal logic, failed to produce results. In particular it argues that such approaches are not able to correctly determine whether a business process complies with some norms. It shows a simple example where such approaches produces incorrect outcomes. It also shows that Regorous, the compliance frameworks based on the compliance-by-design methodology proposed by Governatori and Sadiq is able to handle such cases, and it offers a practical solution to regulatory compliance of business process.
Handwritten Text Recognition for manuscripts and early printed texts
The Journey to Business Process Compliance. Are We There Yet?
1. The Journey to Business Process
Compliance. Are We There Yet?
Guido Governatori
16 November 2015
www.data61.csiro.au
2. Outline
• Motivation
• Business Process Compliance
• Modelling Business Processes
• A Privacy Dilemma
• No Time for Compliance
• The Regorous Approach to Business Process Compliance
2 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
3. Motivation
2000-2010 Big (financial) scandals lead to more strict regualtory frameworks with
strong compliance components
2005- Regulatory compliance emerged as a multi-billion dollars market
2005-2006 IT frameworks to support regulatory compliance:
• Governatori and Sadiq
• Giblin, Liu et al.
• Ghose and Koliades
• Goedertier and Vanthienen
2015 10 years and 500 papers later
3 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
5. What is Compliance?
Ensuring that business operations, processes, and practices are in accordance
with a given prescriptive (often legal) document
5 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
6. What is Compliance?
Ensuring that business operations, processes, and practices are in accordance
with a given prescriptive (often legal) document
Regulatory
• Basel II
• Sarbanes-Oxley
• OFAC (USA Patriot Act)
• OSFI “blocked entity” lists
• HIPAA
• Graham-Leach-Bliley
Standards
• Best practice models
• SAP solution maps
• ISO 9000
• Medical guidelines
Contracts
• Service Agreement
• Customer Contract
• Warranty
• Insurance Policy
• Business Partnership
5 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
7. Definition of Compliance
6 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
8. Definition of Compliance
Compliance is a relationship between two sets of specifications
6 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
9. Definition of Compliance
Compliance is a relationship between two sets of specifications
Alignment of formal specifications for business processes and formal
specifications for prescriptive (legal) documents.
6 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
10. Definition of Compliance
Compliance is a relationship between two sets of specifications
Alignment of formal specifications for business processes and formal
specifications for prescriptive (legal) documents.
• Conceptually sound representation of business processes
6 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
11. Definition of Compliance
Compliance is a relationship between two sets of specifications
Alignment of formal specifications for business processes and formal
specifications for prescriptive (legal) documents.
• Conceptually sound representation of business processes
• Conceptually sound representation of and reasoning with norms
6 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
12. Compliance Ecosystem
Legal Space Process Space
Compliance
Space
Process
Data
BP Execution
Compliance
Checking
Regulatory
Document
(Formal) Specification
<obligations>;
<permissions>;
<prohibitions;
Analysis
Translation
Monitoring
Violation
Response
Domain Experts
Process Modellers
BP Models
Design TIme
Run Time
Process
Role(s)
New or Existing
New or Existing New
Existing
Existing
ExistingExisting
Violation
Detection
7 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
13. Compliance Recipe
1. Formal Model of Business Processes
8 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
14. Compliance Recipe
1. Formal Model of Business Processes
2. Formal Model of Relevant Norms/Normative Frameworks
8 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
15. Compliance Recipe
1. Formal Model of Business Processes
2. Formal Model of Relevant Norms/Normative Frameworks
3. Combine, shake well and serve!
8 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
17. Business Process Model
Self-contained, temporal and logical order in which a set of activities are executed to
achieve a business goal. It describes:
• What needs be done and when (control flows)
• What we need to work on (data)
• Who is doing the work (human and system resources)
10 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
18. Modelling Processes
A
B
D
C
E
F
G
H
t1 : A, B, C, D, E, F, H
t2 : A, B, D, C, E, F, H
t3 : A, D, B, C, E, F, H
t4 : A, B, C, D, E, G, H
t5 : A, B, D, C, E, G, H
t6 : A, D, B, C, E, G, H
11 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
19. Annotated Traces
Let Lit be a set of literals, T be the set of traces of a process and N be the set of
natural numbers
State : T × N → 2Lit
The function State returns the set of literals describing “what’s going on in a trace t
after the execution of the n-th task in the process”.
12 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
20. Example
A B
C
D
Tasks
• A: “turn the light on”
• B: “check if glass is empty”
• C: “fill glass with water”
• D: “turn glass upside-down”
Propositions
• p: “the light is on”
• q: “the glass is full”
Trace 1: A, B, D
Trace 2: A, B, C, D
• State(i, 1) = { p }, i ∈ { 1, 2 }
• State(1, 2) = { p, q }
• State(2, 2) = { p, ¬q }
• State(2, 3) = { p, q }
• State(1, 3) = { p, ¬q }
• State(2, 4) = { p, ¬q }
13 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
22. A Privacy Act
Section 1: (Prohibition to collect personal medical information)
Offence: It is an offence to collect personal medical information.
Defence: It is a defence to the prohibition of collecting personal medical
information, if an entity immediately destroys the illegally collected
personal medical information before making any use of the personal
medical information
Section 2: An entity is permitted to collect personal medical information if the entity
acts under a Court Order authorising the collection of personal medical
information.
Section 3: (Prohibition to collect personal information) It is forbidden to collect personal
information unless an entity is permitted to collect personal medical
information.
Offence: an entity collected personal information
Defence: an entity being permitted to collect personal medical information.
15 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
25. Making Sense of the Act
• Collection of medical information is forbidden.
• Destruction of the illegally collected medical information excuses the illegal
collection.
• Collection of medical information is permitted if there is an authorising court
order.
• Collection of personal information is forbidden.
• Collection of personal information is permitted if the collection of medical
information is permitted
17 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
26. Making Sense of the Act
• Collection of medical information is forbidden.
• Destruction of the illegally collected medical information excuses the illegal
collection.
• Collection of medical information is permitted if there is an authorising court
order.
• Collection of personal information is forbidden.
• Collection of personal information is permitted if the collection of medical
information is permitted
Collect
Medical
Information
Collect
Personal
Information
Destroy
Medical
Information
T1 T2 T3
Start End
17 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
27. Making Sense of the Act
• Collection of medical information is forbidden.
• Destruction of the illegally collected medical information excuses the illegal
collection.
• Collection of medical information is permitted if there is an authorising court
order.
• Collection of personal information is forbidden.
• Collection of personal information is permitted if the collection of medical
information is permitted
Collect
Medical
Information
Collect
Personal
Information
Destroy
Medical
Information
T1 T2 T3
Start End
The process is not compliant
17 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
29. Linear Temporal Logic for Compliance
In the past 5-10 years many compliance frameworks based on (Linear) Temporal Logic
have been proposed:
• DECLARE, MoBuCom, DecSerFlow
• COMPAS
• BPMN-Q
19 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
30. Motivation
• Linear Temporal Logic (LTL): mature technology to verify systems
• Similarity between conditions for obligations and temporal notions in LTL
• many compliance frameworks proposed LTL to check compliance of business
processes
20 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
31. Motivation
• Linear Temporal Logic (LTL): mature technology to verify systems
• Similarity between conditions for obligations and temporal notions in LTL
• many compliance frameworks proposed LTL to check compliance of business
processes
Can current compliance frameworks based on LTL be used to
determine compliance of processes with norms?
20 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
32. Linear Temporal Logic 101 (Syntax)
• Xφ: at the next time φ holds;
• Fφ: eventually φ holds (sometimes in the future φ); and
• Gφ: globally φ holds (always in the future φ).
In addition we have three binary operators:
• φ U ψ (until): φ holds until ψ holds;
• φ W ψ (weak until): φ holds until ψ holds and ψ might not hold.
Interdefinability
• Fφ ≡ U φ,
• Gφ ≡ ¬F¬φ,
• φ W ψ ≡ (φ U ψ) ∨ Gφ
21 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
33. Linear Temporal Logic 102 (Semantics)
TS, σ |= a
s0
a
s1 s2 s3
TS, σ |= Xa
s0 s1
a
s2 s3
TS, σ |= a U b
s0
a ∧ ¬b
s1
a ∧ ¬b
s2
b
s3
TS, σ |= Fa
s0
¬a
s1
¬a
s2
a
s3
TS, σ |= Ga
s0
a
s1
a
s2
a
s3
a
22 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
34. Linear Temporal Logic 102 (Semantics)
TS, σ |= a
s0
a
s1 s2 s3
TS, σ |= Xa
s0 s1
a
s2 s3
TS, σ |= a U b
s0
a ∧ ¬b
s1
a ∧ ¬b
s2
b
s3
TS, σ |= Fa
s0
¬a
s1
¬a
s2
a
s3
TS, σ |= Ga
s0
a
s1
a
s2
a
s3
a
A formula φ is true in a fullpath σ iff it is true at the first element of the fullpath.
22 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
35. Linear Temporal Logic 102 (Semantics)
TS, σ |= a
s0
a
s1 s2 s3
TS, σ |= Xa
s0 s1
a
s2 s3
TS, σ |= a U b
s0
a ∧ ¬b
s1
a ∧ ¬b
s2
b
s3
TS, σ |= Fa
s0
¬a
s1
¬a
s2
a
s3
TS, σ |= Ga
s0
a
s1
a
s2
a
s3
a
A formula φ is true in a fullpath σ iff it is true at the first element of the fullpath.
A formula is true in a state S
TS, s |= φ iff ∀σ: σ[0] = s, TS, σ |= φ.
22 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
36. Obligation, Prohibition and Permission
Obligation A situation, an act, or a course of action to which a bearer is legally
bound, and if it is not achieved or performed results in a violation.
Prohibition A situation, an act, or a course of action which a bearer should avoid,
and if it is achieved results in a violation.
Permission Something is permitted if the obligation or the prohibition to the
contrary does not hold.
23 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
37. Achievement vs Maintenance Obligations
• For an achievement obligation, a certain condition must occur at least once before
the deadline
‘Customers must pay before the delivery of the good, after receiving the invoice’
• For maintenance obligations, a certain condition must obtain during all instants
before the deadline:
‘After opening a bank account, customers must keep a positive balance until bank
charges are taken out’
24 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
38. Achievement and Maintenance Obligations in
LTL
Maintenance obligation
Gφ G(τ → φ U δ)
Achievement obligation
Fφ G(τ → ¬(¬φ U δ))
25 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
39. Compliance in LTL
To determine, given a model encoding a trace of a business process
and a set of formulas encoding the relevant norms, whether the
formulas are satisfiable by the model.
26 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
40. LTL Compliance Frameworks
• Several compliance frameworks based on LTL have been proposed (e.g.,
COMPAS, MoBuCOM, BPMN-Q, we focus on COMPAS Compliance
Requirement Language CRL).
• Propose templates/patterns to capture “compliance requirements” based on the
“temporal order” of tasks or business process components.
• Templates correspond to temporal logic formulas
27 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
41. CRL Patterns
• Absence: φ isAbsent, φ does not occur in the process
G¬φ
• Existence: φ Exists, φ occurs in the the process
Fφ
• Leads To: φ LeadsTo ψ, φ must always be followed by ψ
G(φ → Fψ)
28 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
42. CRL Contrary-to-duty Pattern
Pattern to represent compensations to violations
φ (LeadsTo|DirectlyFollowedBy) φ1 (Else|ElseNext) φ2 . . . (Else|ElseNext) φn
translated to
G(φ → F|X(φ1 ∧1≤i<n−1 (F|X(φi NotSucceed) ∧ (φi NotSucceed → F|Xφi+1))))
29 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
43. CRL Contrary-to-duty Pattern
Pattern to represent compensations to violations
φ (LeadsTo|DirectlyFollowedBy) φ1 (Else|ElseNext) φ2 . . . (Else|ElseNext) φn
translated to
G(φ → F|X(φ1 ∧1≤i<n−1 (F|X(φi NotSucceed) ∧ (φi NotSucceed → F|Xφi+1))))
but it does not work for maintenance obligations (prohibitions), Gφ ∧ ¬φ → ⊥.
Gφ ∨ F(¬φ ∧ F|Xψ)
29 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
44. CRL Exception Patterns
Strong Exceptions: [[R]]Pattern
φ → ψ
Weak Exceptions: [R]Pattern
φ ∨ ψ
where:
• φ is the LTL translation of R
• ψ is the LTL translation of Pattern
30 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
45. Privacy Act Logical Structure
• A (“collection of medical information”) is forbidden
B (“destruction of medical information”) compensates the illegal collection
• A is permitted if C (“acting under a court order”)
• D (“collection of personal information”) is forbidden
• D is permitted if A is permitted
31 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
46. Privacy Act in CRL and LTL
CRL1 R1 : ([R2]A isAbsent) Else B,
CRL2 R2 : C,
CRL3 R3 : [R4]D isAbsent,
CRL4 R4 : A isPermitted.
32 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
47. Privacy Act in CRL and LTL
CRL1 R1 : ([R2]A isAbsent) Else B,
CRL2 R2 : C,
CRL3 R3 : [R4]D isAbsent,
CRL4 R4 : A isPermitted.
LTL1 G(C ∨ (G¬A ∨ F(A ∧ FB)));
LTL2 G(FA ∨ G¬D).
32 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
48. CRL: Are We Compliant?
Collect
Medical
Information
Collect
Personal
Information
Destroy
Medical
Information
T1 T2 T3
Start End
LTL1 G(C ∨ (G¬A ∨ F(A ∧ FB)));
LTL2 G(FA ∨ G¬D).
• v(start) = { ¬A, ¬B, ¬C, ¬D };
• v(T1) = { A, ¬B, ¬C, ¬D };
• v(T2) = { A, ¬B, ¬C, D };
• v(T3) = { A, B, ¬C, D };
• v(end) = { A, B, ¬C, D }.
M |= LTL1 ∧ LTL2
33 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
49. CRL: Are We Compliant?
Collect
Medical
Information
Collect
Personal
Information
Destroy
Medical
Information
T1 T2 T3
Start End
LTL1 G(C ∨ (G¬A ∨ F(A ∧ FB)));
LTL2 G(FA ∨ G¬D).
• v(start) = { ¬A, ¬B, ¬C, ¬D };
• v(T1) = { A, ¬B, ¬C, ¬D };
• v(T2) = { A, ¬B, ¬C, D };
• v(T3) = { A, B, ¬C, D };
• v(end) = { A, B, ¬C, D }.
M |= LTL1 ∧ LTL2
According to CRL/LTL the process is compliant
33 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
51. The Regorous Approach
Extension, refinement of the compliance-by-design methodology proposed by
Governatori and Sadiq 2007.
1. Annotated business process models
2. Proper representation of norms based on PCL (Process Compliance Logic)
3. Simulate execution of traces and round trips to PCL reasoner
1. Determine what are the obligations in force for each state
2. Determine which obligations have been fulfilled, violated, or pending
3. Determine which violations have been compensated for
http://www.regorous.com
35 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
52. Modelling Norms
Norms are modelled as if . . . then . . . rules
• norms are defeasible (handling exceptions)
• two types of norms
constitutive rules: defining terms used in a legal context
A1, . . . , An ⇒ C
prescriptive rules: defining “normative effects” (i.e., obligations, permissions,
prohibitions . . . )
A1, . . . , An ⇒ [O]C1 ⊗ [O]C2 ⊗ · · · ⊗ [O]Cm
A1, . . . , An ⇒ [P]C
36 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
53. Reasoning with Norms
1. A is a fact; or
2. there is an applicable rule for A, and either
1. all the rules for ¬A are discarded (i.e., not applicable) or
2. every applicable rule for ¬A is weaker than an applicable rule for A.
37 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
54. The Regorous Architecture
Compliance Checker
Logical State
Representation
State(t,1)
State(t,2)
State(t,3)
State(t,4)
Rule1
Rule2
Rule3
Rule4
Rule5
Rule6
Rule7
Rule8
Rule9
...
Compliance
Rule Base
Obligations
Input
...
Annotated Business Process
T2
T5
T3
T1
T4
T7 T6
Legalese Formalisation
Recommendation Sub-system recommendations
whatif
analysis
StatusReport
38 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
55. Privacy Regorously
• collection of medical information is forbidden
c destruction of medical information compensates the illegal collection
r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy
• collection of medical information is permitted if acting under a court order
r2 : courtOrder ⇒ [P]medicalInfo
• collection of personal information is forbidden
r3 : ⇒ [O]¬personalInfo
• collection personal information is permitted if collection of medical information is
permitted
r4 : [P]medicalInfo ⇒ [P]personalInfo
39 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
56. Are We Regorously Compliant?
Collect
Medical
Information
Collect
Personal
Information
Destroy
Medical
Information
T1 T2 T3
Start End
r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy
r2 : courtOrder ⇒ [P]medicalInfo
r3 : ⇒ [O]¬personalInfo
r4 : [P]medicalInfo ⇒ [P]personalInfo
40 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
57. Are We Regorously Compliant?
Collect
Medical
Information
Collect
Personal
Information
Destroy
Medical
Information
T1 T2 T3
Start End
r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy
r2 : courtOrder ⇒ [P]medicalInfo
r3 : ⇒ [O]¬personalInfo
r4 : [P]medicalInfo ⇒ [P]personalInfo
State(start) : ¬courtOrder
40 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
58. Are We Regorously Compliant?
Collect
Medical
Information
Collect
Personal
Information
Destroy
Medical
Information
T1 T2 T3
Start End
r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy
r2 : courtOrder ⇒ [P]medicalInfo
r3 : ⇒ [O]¬personalInfo
r4 : [P]medicalInfo ⇒ [P]personalInfo
State(start) : ¬courtOrder
Force(T1) : [O]¬medicalInfo
[O]¬personalInfo
40 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
59. Are We Regorously Compliant?
Collect
Medical
Information
Collect
Personal
Information
Destroy
Medical
Information
T1 T2 T3
Start End
r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy
r2 : courtOrder ⇒ [P]medicalInfo
r3 : ⇒ [O]¬personalInfo
r4 : [P]medicalInfo ⇒ [P]personalInfo
State(start) : ¬courtOrder
Force(T1) : [O]¬medicalInfo
[O]¬personalInfo
State(T1) : medicalInfo
40 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
60. Are We Regorously Compliant?
Collect
Medical
Information
Collect
Personal
Information
Destroy
Medical
Information
T1 T2 T3
Start End
r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy
r2 : courtOrder ⇒ [P]medicalInfo
r3 : ⇒ [O]¬personalInfo
r4 : [P]medicalInfo ⇒ [P]personalInfo
State(start) : ¬courtOrder
Force(T1) : [O]¬medicalInfo
[O]¬personalInfo
State(T1) : medicalInfo
Violated(T1) : [O]¬medicalInfo
40 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
61. Are We Regorously Compliant?
Collect
Medical
Information
Collect
Personal
Information
Destroy
Medical
Information
T1 T2 T3
Start End
r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy
r2 : courtOrder ⇒ [P]medicalInfo
r3 : ⇒ [O]¬personalInfo
r4 : [P]medicalInfo ⇒ [P]personalInfo
State(start) : ¬courtOrder
Force(T1) : [O]¬medicalInfo
[O]¬personalInfo
State(T1) : medicalInfo
Violated(T1) : [O]¬medicalInfo
Force(T2) : [O]destroy
40 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
62. Are We Regorously Compliant?
Collect
Medical
Information
Collect
Personal
Information
Destroy
Medical
Information
T1 T2 T3
Start End
r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy
r2 : courtOrder ⇒ [P]medicalInfo
r3 : ⇒ [O]¬personalInfo
r4 : [P]medicalInfo ⇒ [P]personalInfo
State(start) : ¬courtOrder
Force(T1) : [O]¬medicalInfo
[O]¬personalInfo
State(T1) : medicalInfo
Violated(T1) : [O]¬medicalInfo
Force(T2) : [O]destroy
State(T2) : personalInfo
40 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
63. Are We Regorously Compliant?
Collect
Medical
Information
Collect
Personal
Information
Destroy
Medical
Information
T1 T2 T3
Start End
r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy
r2 : courtOrder ⇒ [P]medicalInfo
r3 : ⇒ [O]¬personalInfo
r4 : [P]medicalInfo ⇒ [P]personalInfo
State(start) : ¬courtOrder
Force(T1) : [O]¬medicalInfo
[O]¬personalInfo
State(T1) : medicalInfo
Violated(T1) : [O]¬medicalInfo
Force(T2) : [O]destroy
State(T2) : personalInfo
Violated(T2) : [O]¬persoanlInfo
40 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
64. Are We Regorously Compliant?
Collect
Medical
Information
Collect
Personal
Information
Destroy
Medical
Information
T1 T2 T3
Start End
r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy
r2 : courtOrder ⇒ [P]medicalInfo
r3 : ⇒ [O]¬personalInfo
r4 : [P]medicalInfo ⇒ [P]personalInfo
State(start) : ¬courtOrder
Force(T1) : [O]¬medicalInfo
[O]¬personalInfo
State(T1) : medicalInfo
Violated(T1) : [O]¬medicalInfo
Force(T2) : [O]destroy
State(T2) : personalInfo
Violated(T2) : [O]¬persoanlInfo
State(T3) : destroy
40 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
65. Are We Regorously Compliant?
Collect
Medical
Information
Collect
Personal
Information
Destroy
Medical
Information
T1 T2 T3
Start End
r1 : ⇒ [O]¬medicalInfo ⊗ [O]destroy
r2 : courtOrder ⇒ [P]medicalInfo
r3 : ⇒ [O]¬personalInfo
r4 : [P]medicalInfo ⇒ [P]personalInfo
State(start) : ¬courtOrder
Force(T1) : [O]¬medicalInfo
[O]¬personalInfo
State(T1) : medicalInfo
Violated(T1) : [O]¬medicalInfo
Force(T2) : [O]destroy
State(T2) : personalInfo
Violated(T2) : [O]¬persoanlInfo
State(T3) : destroy
Compensated(T3) : [O]¬medicalInfo
40 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
66. The Regorous Evaluation
Formalised Chapter 8 (Complaints) of TCPC 2012. Modelled the compliant
handling/management processes of an Australian telco.
41 tasks, 12 decision points (xor), 2 loops
shortest trace: 6 traces longest trace (loop): 33 tasks
longest trace (no loop): 22 tasks
over 1000 traces, over 25000 states
41 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
67. The Regorous Evaluation
TCPC 2012 Chapter 8. Contains over 100 commas, plus 120 terms
(in Terms and Definitions Section).
Required 223 propositions, 176 rules.
Punctual Obligation 5 (5)
Achievement Obligation 90 (110)
Preemptive 41 (46)
Non preemptive 49 (64)
Non perdurant 5 (7)
Maintenance Obligation 11 (13)
Prohibition 7 (9)
Non perdurant 1 (4)
Permission 9 (16)
Compensation 2 (2)
42 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori
68. Conclusions
• Many scholars jumped on the compliance bandwagon
• Current Compliance Frameworks based on Temporal Logic are not able to model
real life norms.
• Result not restricted to Linear Temporal Logic, it extends to other temporal logics
• Result is not an impossibility theorem. If one knows what are the compliant
traces, one can build a set of temporal formulas corresponding to the compliant
traces (but it means using an external oracle, so useless for compliance)
• Result seems to affect Deontic logics based on possible world semantics.
• PCL and Regorous are not affected by the problem, and offer a viable practical
solution
• 5/10 years of mostly wasted opportunities and research efforts
43 | The Journey to Business Process Compliance. Are We There Yet? | Guido Governatori