Skip to main content
Log in

A systematic literature review on compliance requirements management of business processes

  • Review papers
  • Published:
International Journal of System Assurance Engineering and Management Aims and scope Submit manuscript

Abstract

One crucial aspect that had cost business organizations so much is management of compliance requirements from various regulatory sources. In a bid to avoid being penalized, some organizations have adopted various techniques to accomplish this task. However, literature revealed that few thorough reviews have been centered on this subject in a systematic way. This implies that a review that systematically captured the entire crucial elements such as implementation environment, constraints types addressed, main contributions and strengths of the existing techniques is missing. This has led to the lack of sufficiently good context of operation. A systematic review on existing literatures is presented in this paper, which focuses on the management of business process compliance requirements in order to present summarized evidences and provide a lead-up for appropriately positioning new research activities. The guideline for conducting systematic literature review in software engineering by Kitchenham was employed in carrying out the systematic review as well as a review planning template to execute the review. Results showed that control flow and data flow requirements have been addressed most in recent time. The temporal and resource allocation requirements have been under researched. The approaches that have been employed in business process compliance requirements management are model checking, patterns, semantic, formal, ontology, goal-based requirements analysis and network analysis. The traditional business environment has been put into consideration more than the cloud environment. The summary of research contributions revealed that the approaches have been more of formal techniques compared to model checking and semantics. This shows that there is a need for more research on business process compliance that will be centered on the cloud environment. Researchers will be able to suggest the technique to be adopted based on the combined importance of each criterion that was defined in this work.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  • Accorsi R, Lowis DIL, Sato Y (2011) Automated certification for compliant cloud-based business processes. Bus Inf Syst Eng 3(3):145–154. https://doi.org/10.1007/s12599-011-0155-7

    Article  Google Scholar 

  • Awad AMH (2010) A compliance management framework for business process models. Dissertation, University of Potsdam

  • Awad A, Barnawi A, Elgammal A, Elshawi R, Almalaise A, Sakr S (2015) Runtime detection of business process compliance violations: an approach based on anti-patterns. In: Proceedings of the 30th annual ACM symposium on applied computing. ACM, pp 1203–1210

  • Barnawi A, Awad A, Elgammal A, El Shawi R, Almalaise A, Sakr S (2015) BP-MaaS: a runtime compliance-monitoring system for business processes. In: BPM (Demos), pp 25–29

  • Becker J, Ahrendt C, Coners A, Weiß B, Winkelmann A (2011) Modeling and analysis of business process compliance. In: Nüttgens M, Gadatsch A, Kautz K, Schirmer I, Blinn N (eds) Governance and sustainability in information systems. Managing the transfer and diffusion of IT. Springer, Berlin, pp 259–269

    Chapter  Google Scholar 

  • Betke H, Kittel K, Sackmann S (2013) Modeling controls for compliance—an analysis of business process modeling languages. In: 27th international conference on advanced information networking and applications workshops (WAINA). IEEE, pp 866–871

  • Biolchini J, Mian PG, Natali ACC, Travassos GH (2005) Systematic review in software engineering. System Engineering and Computer Science Department COPPE/UFRJ, Technical Report ES, 679(05), p 45

  • Cabanillas C, Knuplesch D, Resinas M, Reichert M, Mendling J, Ruiz-Cortés A (2015) RALph: a graphical notation for resource assignments in business processes. In: International conference on advanced information systems engineering. Springer, pp 53–68

  • Compagna L, Guilleminot P, Brucker AD (2013) Business process compliance via security validation as a service. In: 2013 IEEE sixth international conference on software testing, verification and validation (ICST). IEEE, pp 455–462

  • Comuzzi M (2017) Alignment of process compliance and monitoring requirements in dynamic business collaborations. Enterpr Inf Syst 11(6):884–908. https://doi.org/10.1080/17517575.2015.1135482

    Article  Google Scholar 

  • Daniel F, Casati F, D’Andrea V, Mulo E, Zdun U, Dustdar S, Strauch S, Schumm D, Leymann F, Sebahi S, De Marchi F (2009) Business compliance governance in service-oriented architectures. In: International conference on advanced information networking and applications, 2009. AINA’09. IEEE, pp 113–120. https://doi.org/10.1109/aina.2009.112

  • D’Aprile D, Giordano L, Gliozzi V, Martelli A, Pozzato GL, Dupré DT (2011) Verifying compliance of business processes with temporal answer sets. In: CILC, pp 147–161

  • Delfmann P, Hübers M (2015) Towards supporting business process compliance checking with compliance pattern catalogues—a financial industry case study. Enterpr Model Inf Syst Arch 10(1):67–88. https://doi.org/10.18417/emisa.10.1.4

    Article  Google Scholar 

  • Elgammal A, Turetken O (2015) Lifecycle business process compliance management: a semantically-enabled framework. In: 2015 international conference on cloud computing (ICCC). IEEE, pp 1–8

  • Elgammal A, Turetken O, Van den Heuvel WJ (2012) Using patterns for the analysis and resolution of compliance violations. Int J Cooper Inf Syst 21(01):31–54. https://doi.org/10.1142/S0218843012400023

    Article  Google Scholar 

  • Elgammal AFSA, Türetken O, van den Heuvel WJAM, Papazoglou M (2015) Formalizing and applying compliance patterns for business process compliance. Softw Syst Model. https://doi.org/10.1007/s10270-014-0395-3

    Article  Google Scholar 

  • Fellmann M, Zasada A (2014) State-of-the-art of business process compliance approaches. In: 22nd European conference on information systems, ECIS 2014, Tel Aviv, Israel, June 9–11, 2014. http://aisel.aisnet.org/ecis2014/proceedings/track06/8

  • Fellmann M, Delfmann P, Koschmider A, Laue R, Leopold H, Schoknecht A (2015) Semantic technology in business process modeling and analysis. Part 1: matching, modeling support, correctness and compliance. EMISA Forum 35(1):15–31

    Google Scholar 

  • Ghanavati S, Hulstijn J (2015) Impact of legal interpretation on business process compliance. In: Proceedings of the first international workshop on technical and legal aspects of data privacy. IEEE Press, pp 26–31

  • Goedertier S, Vanthienen J, Caron F (2015) Declarative business process modelling: principles and modelling languages. Enterpr Inf Syst 9(2):161–185. https://doi.org/10.1080/17517575.2013.830340

    Article  Google Scholar 

  • Governatori G, Rotolo A (2010) A conceptually rich model of business process compliance. In: Proceedings of the seventh Asia-Pacific conference on conceptual modelling, vol 110. Australian Computer Society, Inc., pp 3–12

  • Höhenberger S, Dennis R, Delfmann P (2016) From legislation to potential compliance violations in business processes—simplicity matters. In: Proceedings of the European conference on information systems (ECIS 2016), Instanbul, Turkey

  • Humberg T, Wessel C, Poggenpohl D, Wenzel S, Ruhroth T, Jürjens J (2013) Ontology-based analysis of compliance and regulatory requirements of business processes. In: CLOSER, pp 553–561

  • Khawaja A, Urban J (2002) A synthesis of evaluation criteria for software specifications and specifications techniques. Int J Softw Eng Knowl Eng 12(5):581–599. https://doi.org/10.1142/S0218194002001062

    Article  Google Scholar 

  • Kitchenham B (2004) Procedures for performing systematic reviews, vol 33. Keele University, Keele

    Google Scholar 

  • Kitchenham B (2007) Guideline for performing Systematic Literature Reviews in Software Engineering, version 2.3. 2007, University of Keele (Software Engineering Group, School of Computer Science and Mathematics) and Durham (Department of Computer Science)

  • Knuplesch D, Reichert M, Kumar A (2017) A framework for visually monitoring business process compliance. Inf Syst 64:381–409. https://doi.org/10.1016/j.is.2016.10.006

    Article  Google Scholar 

  • Kumar A, Barton RR (2017) Controlled violation of temporal process constraints—models, algorithms and results. Inf Syst 64:410–424. https://doi.org/10.1016/j.is.2016.06.003

    Article  Google Scholar 

  • Ly LT, Rinderle-Ma S, Göser K, Dadam P (2012) On enabling integrated process compliance with semantic constraints in process management systems. Inf Syst Front 14(2):195–219. https://doi.org/10.1007/s10796-009-9185-9

    Article  Google Scholar 

  • Mellado D, Blanco C, Sánchez LE, Fernández-Medina E (2010) A systematic review of security requirements engineering. Comput Stand Interfaces 32(4):153–165. https://doi.org/10.1016/j.csi.2010.01.006

    Article  Google Scholar 

  • Morales LEM (2014) Business process verification: the application of model checking and timed automata. CLEI Electron J. https://doi.org/10.19153/cleiej.17.2.2

    Article  Google Scholar 

  • Mustapha AM, Arogundade OT, Vincent OR, Adeniran OJ (2017) Towards a compliance requirement management for SMSEs: a model and architecture. IseB. https://doi.org/10.1007/s10257-017-0354-y

    Article  Google Scholar 

  • Papazoglou MP (2011) Making business processes compliant to standards and regulations. In: 2011 15th IEEE international enterprise distributed object computing conference (EDOC). IEEE, pp 3–13

  • Pham TA, Nhan LT (2016) Checking the compliance of business processes and business rules using OWL 2 ontology and SWRL. In: Proceedings of the second international Afro-European conference for industrial advancement AECIA 2015. Springer, pp 11–20

  • Sadiq S, Governatori G (2015) Managing regulatory compliance in business processes. In: vom Brocke J, Rosemann M (eds) Handbook on business process management, vol 2. Springer, Berlin, pp 159–175. https://doi.org/10.1007/978-3-642-01982-1_8

    Chapter  Google Scholar 

  • Schumm D, Turetken O, Kokash N, Elgammal A, Leymann F, Van Den Heuvel W-J (2010) Business process compliance through reusable units of compliant processes. In: International conference on web engineering. Springer, Berlin, pp 325–337

  • Singh S, Sidhu J (2017) Compliance-based multi-dimensional trust evaluation system for determining trustworthiness of cloud service providers. Future Gener Comput Syst 67:109–132. https://doi.org/10.1016/j.future.2016.07.013

    Article  Google Scholar 

  • Stratigaki C, Nikolaidou M, Loucopoulos P, Anagnostopoulos D (2016) Business process elicitation from regulatory compliance documents: an E-Government case study. In: 2016 IEEE 18th conference on business informatics (CBI), vol 2. IEEE, pp 8–13

  • Türetken O, Elgammal A, van den Heuvel WJ, Papazoglou MP (2011) Enforcing compliance on business processes through the use of patterns. In: ECIS

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Sanjay Misra.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Appendix

Appendix

(1) Definition of terms used

  • Compliance requirements These are statements got from regulatory bodies and standards to guide the operations of business process in an industrial domain.

  • Compliance This means an adherence to a requirement or set of requirements guiding the operations of a particular business.

  • Business process This is a collections of activities that leads to the completion of a good or service delivery in a particular enterprise.

  • Business environment This is a form of operation by which a business process is being carried out. There are two environment considered here: traditional and cloud environment. The businesses in traditional environment utilizes the old technological approach while the cloud environment businesses utilizes cloud technologies and platform in carrying out their services.

  • Constraint types They are a category by which compliance requirements are categorized based on what they address in a business process. They are of four major types: dataflow, control flow, timing and resource allocation.

  • Business compliance management This is a system that checks the state of a business process adherence to its corresponding compliance requirements.

  • Compliance analysis and monitoring This is part of the business compliance management where the compliance requirements are analyzed and employed in comparing if an activity or set of activities in the business process adheres to them.

  • Modeling language These are programming tools or platform employed in modelling the business processes.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mustapha, A.M., Arogundade, O.T., Misra, S. et al. A systematic literature review on compliance requirements management of business processes. Int J Syst Assur Eng Manag 11, 561–576 (2020). https://doi.org/10.1007/s13198-020-00985-w

Download citation

  • Received:

  • Revised:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13198-020-00985-w

Keywords

Navigation