Integrating Compliance Management in Service-Driven Computing
The lack of effective controls over organizational business processes can cause serious consequences for a company's reputation and even jeopardize its existence. There is a need for continuous monitoring of controls and systematic collection and evaluation of relevant data. Compliance management is essential for ensuring that organizational business processes and supporting information system are in compliance with laws, regulations, and various legislative or technical documents pertaining to the place of business. The focus of this chapter is to provide an insight into compliance management and discuss the integration and automation of compliance management in service-driven computing. The chapter elaborates conceptual models for specifying compliance requirements originating from various sources and details aspects such as multi-view process modeling annotated with compliance requirements, annotation of service interfaces and behavioral characteristics, development and reuse of compliant process fragments, architectural patterns to simplify compliance management, and abstract frameworks to ensure compliance in the context of service-driven computing through service adaptation and runtime governance. Finally, approaches to automating compliance management through formalization of compliance requirements, rule- and event-based monitoring, and integration of compliance governance systems with automated reasoning and verification tools are detailed.