Technical Report TR-2014-02

BibliographyFehling, Christoph; Kötter, Falko; Leymann, Frank: Compliance Modeling - Formal Descriptors and Tools.
University of Stuttgart, Faculty of Computer Science, Electrical Engineering, and Information Technology, Technical Report Computer Science No. 2014/02.
22 pages, english.
CR-SchemaD.2.1 (Software Engineering Requirements/Specifications)
D.2.12 (Software Engineering Interoperability)
F.3.2 (Semantics of Programming Languages)
H.4.1 (Office Automation)
Abstract

Compliance, i.e., respecting laws and regulations affects multiple aspects of IT applications. We consider applications centered on a business process model described in BPMN. The business process or multiples thereof supported by the application are described in a formal model, which is then executed by a process engine. Additional functionality is provided by application components, often realized as Web services, which are enacted by the process. In addition to the process engine, these components also rely on a hosting infrastructure, which may be constituted by additional middleware. The server infrastructure is then provided in data centers or cloud environments. All these artifacts make up the application stack that is supporting companies’ business processes. Laws and regulations may result in manifold requirements regarding this application stack. Laws and regulations are not described with the respective layers of an application they affect. Laws, such as the GDV Code of Conduct and the German Federal Data Protection Act, therefore, may impact multiple aspects of the business process model, the deployment of the application supporting this model, and the runtime behavior of the application. Management tasks executed by companies’ employees may also be affected. Due to this manifold impact of laws and regulations, ensuring compliance involves many different technologies and tools. In this report, we present a tool chain for this purpose.

Department(s)University of Stuttgart, Institute of Architecture of Application Systems
Entry dateDecember 30, 2014
   Publ. Institute   Publ. Computer Science