Abstract
One crucial aspect that had cost business organizations so much is management of compliance requirements from various regulatory sources. In a bid to avoid being penalized, some organizations have adopted various techniques to accomplish this task. However, literature revealed that few thorough reviews have been centered on this subject in a systematic way. This implies that a review that systematically captured the entire crucial elements such as implementation environment, constraints types addressed, main contributions and strengths of the existing techniques is missing. This has led to the lack of sufficiently good context of operation. A systematic review on existing literatures is presented in this paper, which focuses on the management of business process compliance requirements in order to present summarized evidences and provide a lead-up for appropriately positioning new research activities. The guideline for conducting systematic literature review in software engineering by Kitchenham was employed in carrying out the systematic review as well as a review planning template to execute the review. Results showed that control flow and data flow requirements have been addressed most in recent time. The temporal and resource allocation requirements have been under researched. The approaches that have been employed in business process compliance requirements management are model checking, patterns, semantic, formal, ontology, goal-based requirements analysis and network analysis. The traditional business environment has been put into consideration more than the cloud environment. The summary of research contributions revealed that the approaches have been more of formal techniques compared to model checking and semantics. This shows that there is a need for more research on business process compliance that will be centered on the cloud environment. Researchers will be able to suggest the technique to be adopted based on the combined importance of each criterion that was defined in this work.
Similar content being viewed by others
References
Accorsi R, Lowis DIL, Sato Y (2011) Automated certification for compliant cloud-based business processes. Bus Inf Syst Eng 3(3):145–154. https://doi.org/10.1007/s12599-011-0155-7
Awad AMH (2010) A compliance management framework for business process models. Dissertation, University of Potsdam
Awad A, Barnawi A, Elgammal A, Elshawi R, Almalaise A, Sakr S (2015) Runtime detection of business process compliance violations: an approach based on anti-patterns. In: Proceedings of the 30th annual ACM symposium on applied computing. ACM, pp 1203–1210
Barnawi A, Awad A, Elgammal A, El Shawi R, Almalaise A, Sakr S (2015) BP-MaaS: a runtime compliance-monitoring system for business processes. In: BPM (Demos), pp 25–29
Becker J, Ahrendt C, Coners A, Weiß B, Winkelmann A (2011) Modeling and analysis of business process compliance. In: Nüttgens M, Gadatsch A, Kautz K, Schirmer I, Blinn N (eds) Governance and sustainability in information systems. Managing the transfer and diffusion of IT. Springer, Berlin, pp 259–269
Betke H, Kittel K, Sackmann S (2013) Modeling controls for compliance—an analysis of business process modeling languages. In: 27th international conference on advanced information networking and applications workshops (WAINA). IEEE, pp 866–871
Biolchini J, Mian PG, Natali ACC, Travassos GH (2005) Systematic review in software engineering. System Engineering and Computer Science Department COPPE/UFRJ, Technical Report ES, 679(05), p 45
Cabanillas C, Knuplesch D, Resinas M, Reichert M, Mendling J, Ruiz-Cortés A (2015) RALph: a graphical notation for resource assignments in business processes. In: International conference on advanced information systems engineering. Springer, pp 53–68
Compagna L, Guilleminot P, Brucker AD (2013) Business process compliance via security validation as a service. In: 2013 IEEE sixth international conference on software testing, verification and validation (ICST). IEEE, pp 455–462
Comuzzi M (2017) Alignment of process compliance and monitoring requirements in dynamic business collaborations. Enterpr Inf Syst 11(6):884–908. https://doi.org/10.1080/17517575.2015.1135482
Daniel F, Casati F, D’Andrea V, Mulo E, Zdun U, Dustdar S, Strauch S, Schumm D, Leymann F, Sebahi S, De Marchi F (2009) Business compliance governance in service-oriented architectures. In: International conference on advanced information networking and applications, 2009. AINA’09. IEEE, pp 113–120. https://doi.org/10.1109/aina.2009.112
D’Aprile D, Giordano L, Gliozzi V, Martelli A, Pozzato GL, Dupré DT (2011) Verifying compliance of business processes with temporal answer sets. In: CILC, pp 147–161
Delfmann P, Hübers M (2015) Towards supporting business process compliance checking with compliance pattern catalogues—a financial industry case study. Enterpr Model Inf Syst Arch 10(1):67–88. https://doi.org/10.18417/emisa.10.1.4
Elgammal A, Turetken O (2015) Lifecycle business process compliance management: a semantically-enabled framework. In: 2015 international conference on cloud computing (ICCC). IEEE, pp 1–8
Elgammal A, Turetken O, Van den Heuvel WJ (2012) Using patterns for the analysis and resolution of compliance violations. Int J Cooper Inf Syst 21(01):31–54. https://doi.org/10.1142/S0218843012400023
Elgammal AFSA, Türetken O, van den Heuvel WJAM, Papazoglou M (2015) Formalizing and applying compliance patterns for business process compliance. Softw Syst Model. https://doi.org/10.1007/s10270-014-0395-3
Fellmann M, Zasada A (2014) State-of-the-art of business process compliance approaches. In: 22nd European conference on information systems, ECIS 2014, Tel Aviv, Israel, June 9–11, 2014. http://aisel.aisnet.org/ecis2014/proceedings/track06/8
Fellmann M, Delfmann P, Koschmider A, Laue R, Leopold H, Schoknecht A (2015) Semantic technology in business process modeling and analysis. Part 1: matching, modeling support, correctness and compliance. EMISA Forum 35(1):15–31
Ghanavati S, Hulstijn J (2015) Impact of legal interpretation on business process compliance. In: Proceedings of the first international workshop on technical and legal aspects of data privacy. IEEE Press, pp 26–31
Goedertier S, Vanthienen J, Caron F (2015) Declarative business process modelling: principles and modelling languages. Enterpr Inf Syst 9(2):161–185. https://doi.org/10.1080/17517575.2013.830340
Governatori G, Rotolo A (2010) A conceptually rich model of business process compliance. In: Proceedings of the seventh Asia-Pacific conference on conceptual modelling, vol 110. Australian Computer Society, Inc., pp 3–12
Höhenberger S, Dennis R, Delfmann P (2016) From legislation to potential compliance violations in business processes—simplicity matters. In: Proceedings of the European conference on information systems (ECIS 2016), Instanbul, Turkey
Humberg T, Wessel C, Poggenpohl D, Wenzel S, Ruhroth T, Jürjens J (2013) Ontology-based analysis of compliance and regulatory requirements of business processes. In: CLOSER, pp 553–561
Khawaja A, Urban J (2002) A synthesis of evaluation criteria for software specifications and specifications techniques. Int J Softw Eng Knowl Eng 12(5):581–599. https://doi.org/10.1142/S0218194002001062
Kitchenham B (2004) Procedures for performing systematic reviews, vol 33. Keele University, Keele
Kitchenham B (2007) Guideline for performing Systematic Literature Reviews in Software Engineering, version 2.3. 2007, University of Keele (Software Engineering Group, School of Computer Science and Mathematics) and Durham (Department of Computer Science)
Knuplesch D, Reichert M, Kumar A (2017) A framework for visually monitoring business process compliance. Inf Syst 64:381–409. https://doi.org/10.1016/j.is.2016.10.006
Kumar A, Barton RR (2017) Controlled violation of temporal process constraints—models, algorithms and results. Inf Syst 64:410–424. https://doi.org/10.1016/j.is.2016.06.003
Ly LT, Rinderle-Ma S, Göser K, Dadam P (2012) On enabling integrated process compliance with semantic constraints in process management systems. Inf Syst Front 14(2):195–219. https://doi.org/10.1007/s10796-009-9185-9
Mellado D, Blanco C, Sánchez LE, Fernández-Medina E (2010) A systematic review of security requirements engineering. Comput Stand Interfaces 32(4):153–165. https://doi.org/10.1016/j.csi.2010.01.006
Morales LEM (2014) Business process verification: the application of model checking and timed automata. CLEI Electron J. https://doi.org/10.19153/cleiej.17.2.2
Mustapha AM, Arogundade OT, Vincent OR, Adeniran OJ (2017) Towards a compliance requirement management for SMSEs: a model and architecture. IseB. https://doi.org/10.1007/s10257-017-0354-y
Papazoglou MP (2011) Making business processes compliant to standards and regulations. In: 2011 15th IEEE international enterprise distributed object computing conference (EDOC). IEEE, pp 3–13
Pham TA, Nhan LT (2016) Checking the compliance of business processes and business rules using OWL 2 ontology and SWRL. In: Proceedings of the second international Afro-European conference for industrial advancement AECIA 2015. Springer, pp 11–20
Sadiq S, Governatori G (2015) Managing regulatory compliance in business processes. In: vom Brocke J, Rosemann M (eds) Handbook on business process management, vol 2. Springer, Berlin, pp 159–175. https://doi.org/10.1007/978-3-642-01982-1_8
Schumm D, Turetken O, Kokash N, Elgammal A, Leymann F, Van Den Heuvel W-J (2010) Business process compliance through reusable units of compliant processes. In: International conference on web engineering. Springer, Berlin, pp 325–337
Singh S, Sidhu J (2017) Compliance-based multi-dimensional trust evaluation system for determining trustworthiness of cloud service providers. Future Gener Comput Syst 67:109–132. https://doi.org/10.1016/j.future.2016.07.013
Stratigaki C, Nikolaidou M, Loucopoulos P, Anagnostopoulos D (2016) Business process elicitation from regulatory compliance documents: an E-Government case study. In: 2016 IEEE 18th conference on business informatics (CBI), vol 2. IEEE, pp 8–13
Türetken O, Elgammal A, van den Heuvel WJ, Papazoglou MP (2011) Enforcing compliance on business processes through the use of patterns. In: ECIS
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendix
Appendix
(1) Definition of terms used
-
Compliance requirements These are statements got from regulatory bodies and standards to guide the operations of business process in an industrial domain.
-
Compliance This means an adherence to a requirement or set of requirements guiding the operations of a particular business.
-
Business process This is a collections of activities that leads to the completion of a good or service delivery in a particular enterprise.
-
Business environment This is a form of operation by which a business process is being carried out. There are two environment considered here: traditional and cloud environment. The businesses in traditional environment utilizes the old technological approach while the cloud environment businesses utilizes cloud technologies and platform in carrying out their services.
-
Constraint types They are a category by which compliance requirements are categorized based on what they address in a business process. They are of four major types: dataflow, control flow, timing and resource allocation.
-
Business compliance management This is a system that checks the state of a business process adherence to its corresponding compliance requirements.
-
Compliance analysis and monitoring This is part of the business compliance management where the compliance requirements are analyzed and employed in comparing if an activity or set of activities in the business process adheres to them.
-
Modeling language These are programming tools or platform employed in modelling the business processes.
Rights and permissions
About this article
Cite this article
Mustapha, A.M., Arogundade, O.T., Misra, S. et al. A systematic literature review on compliance requirements management of business processes. Int J Syst Assur Eng Manag 11, 561–576 (2020). https://doi.org/10.1007/s13198-020-00985-w
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13198-020-00985-w