Filters








1,059 Hits in 7.6 sec

Business Process Full Compliance with Respect to a Set of Conditional Obligation in Polynomial Time [article]

Silvano Colombo Tosatto, Guido Governatori, Nick Van Beest
2020 arXiv   pre-print
In this paper, we present a new methodology to evaluate whether a business process model is fully compliant with a regulatory framework composed of a set of conditional obligations.  ...  While the generic problem of proving full compliance is in coNP-complete, we show that verifying full compliance can be done in polynomial time using our methodology, for an acyclic structured process  ...  However, the verification would be still in polynomial time with respect to the size of the process model and the cardinality of the set of obligations.  ... 
arXiv:2001.10148v1 fatcat:b2plns6xdvdepeoaazzx3nfzvy

Towards an Abstract Framework for Compliance

Silvano Colombo Tosatto, Guido Governatori, Pierre Kelsen
2013 2013 17th IEEE International Enterprise Distributed Object Computing Conference Workshops  
In particular we show how the framework can be used to solve the problem of deciding whether a structured process is compliant with a single regulation, which is composed of a primary obligation and a  ...  The present paper aims at providing an abstract framework to define the regulatory compliance problem.  ...  in polynomial time.  ... 
doi:10.1109/edocw.2013.16 dblp:conf/edoc/TosattoGK13 fatcat:ahbmchgv2fgxzetjqq3bapmpjm

Proving Regulatory Compliance: A Computational Complexity Analysis of Elementary Variants [article]

Silvano Colombo Tosatto, Guido Governatori, Nick van Beest
2021 arXiv   pre-print
Organisations model their processes using so-called business process models, to allow for verification of their correctness with respect to regulatory requirements and business rules.  ...  in practical settings.  ...  In order to ensure continuous compliance to each of those rules, processes are modelled with socalled business process models, to allow for verification of their correctness with respect to those rules  ... 
arXiv:2105.05431v1 fatcat:gpfwi6isx5gi7b7aryxcuscvca

Machine Understandable Policies and GDPR Compliance Checking [article]

Piero A. Bonatti, Sabrina Kirrane, Iliana M. Petrova, Luigi Sauro
2020 arXiv   pre-print
Towards this end, the SPECIAL H2020 project aims to provide a set of tools that can be used by data controllers and processors to automatically check if personal data processing and sharing complies with  ...  compliance checking that can be used to demonstrate that data processing performed by data controllers / processors complies with consent provided by data subjects, and business processes comply with  ...  The authors are grateful to all of SPE-CIAL's partners; without their contribution this project and its results would not have been possible.  ... 
arXiv:2001.08930v1 fatcat:pg5iq2q7zfd33lqznptk3fbrbu

Business Process Regulatory Compliance is Hard

Silvano Colombo Tosatto, Guido Governatori, Pierre Kelsen
2015 IEEE Transactions on Services Computing  
In the present paper we analyze the complexity of a fragment of the compliance checking problem.  ...  Although the fragment studied leaves out many feature of the original problem, like compensations and non-structured processes, we prove that the complexity of such fragment is already NP-complete.  ...  PARTIAL COMPLIANCE CHECKING is in NP. Proof. The following algorithm verifies if a trace is compliant with a set of punctual obligations and runs in time polynomial in the...  ... 
doi:10.1109/tsc.2014.2341236 fatcat:blo2g32tfbep3nzsnktiwzba6m

How Do Agents Comply with Norms?

Guido Governatori, Antonino Rotolo
2009 2009 IEEE/WIC/ACM International Joint Conference on Web Intelligence and Intelligent Agent Technology  
The key point of our approach is that compliance is a relationship between two sets of specifications: the specifications for executing a process and the specifications regulating it.  ...  The import of the notion of institution in the design of MASs requires to develop formal and efficient methods for modeling the interaction between agents' behaviour and normative systems.  ...  Acknowledgements This paper extends the work presented in [20] .  ... 
doi:10.1109/wi-iat.2009.332 dblp:conf/iat/GovernatoriR09 fatcat:aabre3ue2vcozjecrqrn3u5cc4

Fast Compliance Checking in an OWL2 Fragment

Piero A. Bonatti
2018 Proceedings of the Twenty-Seventh International Joint Conference on Artificial Intelligence  
We illustrate a formalization of data usage policies in a fragment of OWL2.  ...  Then a company's policy can be checked for compliance with data subjects' consent and with part of the GDPR by means of subsumption queries.  ...  Acknowledgements The use case about GDPR compliance illustrated with (5) and Example 2 is due to Benedict Whittam Smith (Thomson-Reuters).  ... 
doi:10.24963/ijcai.2018/241 dblp:conf/ijcai/Bonatti18 fatcat:e6tzkrcpgragtn7b7tbbqypx6e

On compliance checking for clausal constraints in annotated process models

Jörg Hoffmann, Ingo Weber, Guido Governatori
2009 Information Systems Frontiers  
It must be ensured that business practices, as reflected in business processes, comply with the rules.  ...  To address (2), we herein devise a framework where processes are annotated to capture the semantics of task execution, and compliance is checked against a set of constraints posing restrictions on the  ...  of Excellence program.  ... 
doi:10.1007/s10796-009-9179-7 fatcat:u2byxkh46vbg5f367rvcaghszm

Real Time Reasoning in OWL2 for GDPR Compliance [article]

P.A. Bonatti, L. Ioffredo, I. Petrova, L. Sauro, I. R. Siahaan
2020 arXiv   pre-print
Real-time compliance checking is achieved by means of a specialized reasoner, called PLR, that leverages knowledge compilation and structural subsumption techniques.  ...  Data usage policies, the consent of data subjects, and selected fragments of the GDPR are encoded in a fragment of OWL2 called PL (policy language); compliance checking and policy validation are reduced  ...  The GDPR compliance use case -here sketched with (5), (6), and Example 3.2 -is due to Benedict Whittam Smith (Thomson Reuters).  ... 
arXiv:2001.05390v1 fatcat:igusnjpdcbgglgqkne3mm6r5zu

D1.7 - Policy, transparency and compliance guidelines V2

Piero Bonatti, Sabrina Kirrane, Rigo Wenning, Philip Raschke
2018 Zenodo  
This document includes details on the policy and transparency considerations of the use case, and the compliance requirements against policies (T1.3).  ...  In the case of SPECIAL, we could potentially use existing logs as a means to verify compliance of existing business processes (that involve personal data) with respect to privacy preferences and legal  ...  Compliance Checking In order to help companies to comply with the GDPR, in addition to providing data subjects with transparency with respect to the processing of their personal data it is also necessary  ... 
doi:10.5281/zenodo.2549549 fatcat:5xwvoijxubb7xg4xerjdtekjq4

In the Nick of Time: Proactive Prevention of Obligation Violations

David Basin, Soren Debois, Thomas T. Hildebrandt
2016 2016 IEEE 29th Computer Security Foundations Symposium (CSF)  
As a policy language, we employ timed dynamic condition response (DCR) processes.  ...  As key technical results, we show that enforceability of DCR policies is decidable, we give a sufficient polynomial time verifiable condition for a policy to be enforceable, and we give an algorithm for  ...  We then give a sufficient polynomial time verifiable condition for a DCR policy to be enforceable.  ... 
doi:10.1109/csf.2016.16 dblp:conf/csfw/BasinDH16 fatcat:zfupsvzopre5tildp6sdbfiqpa

Fast Compliance Checking with General Vocabularies [article]

P. A. Bonatti, L. Ioffredo, I. M. Petrova, L. Sauro
2020 arXiv   pre-print
The outer structure of the policies is restricted in order to make compliance checking highly scalable, as required when processing high-frequency data streams or large data volumes.  ...  With this language, a company's data usage policy can be checked for compliance with data subjects' consent and with a formalized fragment of the GDPR by means of subsumption queries.  ...  Conclusions In summary, IBQ reasoning constitutes an effective approach to extending PL reasoning with a wide range of vocabularies, formulated with more expressive logics.  ... 
arXiv:2001.06322v1 fatcat:xqyjou4oo5h6peauxsxeaclpqq

D1.3 - Policy, transparency and compliance guidelines V1

Piero Bonatti, Sabrina Kirrane, Rigo Wenning
2017 Zenodo  
This document includes details on the policy and transparency considerations of the use case, and the compliance requirements against policies.  ...  Ether way, the level of detail required to verify the compliance of existing business processes (that involve personal data) with respect to privacy preferences and legal obligations remains an open question  ...  In the case of SPECIAL, we could potentially use existing logs as a means to verify compliance of existing business processes (that involve personal data) with respect to privacy preferences and legal  ... 
doi:10.5281/zenodo.2549531 fatcat:qnqbkvcfqzgvtgkc5r5t2upmgq

Norm Monitoring Under Partial Action Observability

Natalia Criado, Jose M. Such
2017 IEEE Transactions on Cybernetics  
In the context of using norms for controlling multi-agent systems, a vitally important question that has not yet been addressed in the literature is the development of mechanisms for monitoring norm compliance  ...  This paper proposes the reconstruction of unobserved actions to tackle this problem.  ...  of any offender agent (e.g., Business Process Compliance monitoring [27] ), or to put offender agents under close surveillance (e.g., Model-Based Diagnosis Systems [22] ), even when the specific action  ... 
doi:10.1109/tcyb.2015.2513430 pmid:26800560 fatcat:slspagiaizdcvk3wzof7qqjibu

A Formal Service Contract Model for Accountable SaaS and Cloud Services

Joe Zou, Yan Wang, Kwei-Jay Lin
2010 2010 IEEE International Conference on Services Computing  
An open issue is how to ensure accountability in business services offered through Internet. Traditionally a contract is an effective legal means to uphold accountability in business transactions.  ...  SC-CPN can also be used to validate the correctness of obligations in OWL-SC through simulation and state space analysis.  ...  TPAml and ebXML CPP/CPA are designed for business to business (B2B) process integration which requires a full stack of infrastructure support on both sides.  ... 
doi:10.1109/scc.2010.85 dblp:conf/IEEEscc/ZouWL10 fatcat:qy5zax4crvfu3fk5mlnkct3wha
« Previous Showing results 1 — 15 out of 1,059 results