|Fehling, Christoph; Kötter, Falko; Leymann, Frank: Compliance Modeling - Formal Descriptors and Tools. |
Universität Stuttgart, Fakultät Informatik, Elektrotechnik und Informationstechnik, Technischer Bericht Informatik Nr. 2014/02.
22 Seiten, englisch.
Compliance, i.e., respecting laws and regulations affects multiple aspects of IT applications. We consider applications centered on a business process model described in BPMN. The business process or multiples thereof supported by the application are described in a formal model, which is then executed by a process engine. Additional functionality is provided by application components, often realized as Web services, which are enacted by the process. In addition to the process engine, these components also rely on a hosting infrastructure, which may be constituted by additional middleware. The server infrastructure is then provided in data centers or cloud environments. All these artifacts make up the application stack that is supporting companies’ business processes. Laws and regulations may result in manifold requirements regarding this application stack. Laws and regulations are not described with the respective layers of an application they affect. Laws, such as the GDV Code of Conduct and the German Federal Data Protection Act, therefore, may impact multiple aspects of the business process model, the deployment of the application supporting this model, and the runtime behavior of the application. Management tasks executed by companies’ employees may also be affected. Due to this manifold impact of laws and regulations, ensuring compliance involves many different technologies and tools. In this report, we present a tool chain for this purpose.