Verifying Compliance of Process Compositions through Certification of its Components

Abstract

In this paper, we propose a methodology to verify the regulatory compliance of a composition of multiple interacting business process models. The proposed solution is based on providing a compliance certification for the components of the composition, and evaluating the compliance of the encompassing composition by aggregating the information shared by the certifications, going beyond existing techniques merely checking compliance on message flows. An advantage of adopting such methodology is that the computational details of the inner process models are not needed to verify compliance of the composition, so that companies can decide to not disclose such details while still being able to show that adopting their services would lead to compliant solutions in all possible scenarios.