Context-aware compliance checking
Conference ContributionWerf, van der, J.M.E.M. & Aalst, van der, W.M.P. (2012). Context-aware compliance checking. In A. Gal, E. Kindler & A. Barros (Eds.), Business Process Management (10th International Conference, BPM 2012, Tallinn, Estonia, September 3-6, 2012. Proceedings) (pp. 98-113). (Lecture Notes in Computer Science, No. 7481). Berlin: Springer. In Scopus Cited 5 times.
Organizations face more and more the burden to show that their business is compliant with respect to many different boundaries. The activity of compliance checking is commonly referred to as auditing. As information systems supporting the organization’s business record their usage, process mining techniques such as conformance checking offer the auditor novel tools to automate the auditing activity. However, these techniques tend to look at process instances (i.e., cases) in isolation, whereas many compliance rules can only be evaluated when considering interactions between cases and contextual information. For example, a rule like "a paper should not be reviewed by a reviewer that has been a co-author" cannot be checked without considering the corresponding context (i.e., other papers, other issues, other journals, etc.). To check such compliance rules, we link event logs to the context. Events modify a pre-existing context and constraints can be checked on the resulting context. The approach has been implemented in ProM. The resulting context is represented as an ontology, and the semantic web rule language is used to formalize constraints.