Business Rules for Compliant Business Process Models

The value of business rules in business process modeling has been recognized by several authors: if the knowledge about implicitly present policies and regulations is made explicitly traceable as business rules we can enhance the flexibility of computer-supported business processes. Yet to date it is not fully clear how business rules can be used to model compliant business process models. In this paper, we show that deontic assignments can be used to formally model business protocols. Within the regulatory framework of a business protocol, participants have the autonomy to perform activities according to their own business policies. This can be modeled using reaction rules. 1 Motivation and Methodology Business Information Systems must flexibly support business processes that at the same time are compliant to the intra-organizational policies of the business and the inter-organizational regulations and protocols the business has to observe. Unfortunately, Information Systems have often made business processes more rigid than flexible, by slackening the business’ ability to rapidly guarantee business policy compliance and regulatory compliance. Flexibility is the ability to rapidly incorporate business policy change and regulatory change in the business processes. One aspect in obtaining flexibility of computer-supported business processes is to construct a common language between the business-side and IT-side of organizations. Such a language allows the business-side to formally represent models of how it operates internally and how it can legally interact with business partners. At the same time, such a common language allows the IT-side to have Information Systems support business processes accordingly, with as little development effort as possible. Ideally, Information System Technology must support business process models in such a way that they become human-understandable, yet machine-executable specifications. The value of business rules in business process modeling has been recognized by several authors [1] [2] [3]. We define business rules as atomic, formal expressions of business policy and regulations that define or constrain some aspect of business. The key to business rules is that they make the knowledge about implicitly present policies and regulations explicitly traceable. In this way, changes in policies and regulations can be traced back to the business processes were they are to be enforced, thus enhancing flexibility. Wagner classifies business rules into four categories: integrity constraints, derivation rules, reaction rules and deontic assignments [1]. While the role of integrity constraints, derivation rules and reaction rules in business processes descriptions is reasonably understood [4], it is less clear which role deontic assignments can play in the modeling of business processes. In this paper, we define deontic assignments as the obligations, permissions and prohibitions of both internal and external partners in a business interaction. We show that deontic assignments can be used to formally model commitmentbased business protocols, which can be syntactically verified, semantically validated and from which the public aspects of business process models can be generated for each of the business partners. Consequently companies can use the methodology for dealing with business policy and regulatory change, as is depicted in Fig. 1. Regulations are captured in terms of integrity constraints, derivation rules and deontic assignments. Regulations can be grouped to business protocols, which express the legally acceptable conduct of all process partners in a business interaction. In combination with business policies, which express the policy choices of the business and are formalized as integrity constraints, derivation rules and reaction rules, compliant business process models can be generated. Internal Business Policies External Business Protocols Business Process Models integrity constraints derivation rules external deontic assignments integrity constraints derivation rules reaction rules internal deontic assignments Fig. 1. Methodology: business rules for compliant business process models The advantages of using business rules in business process modeling are clear. The traceability of the rules of business policies and business protocols enable companies to keep track of changes and to take into account dependencies between business rules. Moreover, because business protocols model business interactions from a third party perspective, the business protocols can become standard specifications in the business community, which can stimulate reuse or enable automatic verification of compliance. The rich semantics of the commitment-based business protocols, which are defined in terms of deontic BUSINESS RULES FOR COMPLIANT BUSINESS PROCESS MODELS 559