Reference : Business Process Regulatory Compliance is Hard
Scientific journals : Article
Engineering, computing & technology : Computer science
Business Process Regulatory Compliance is Hard
Colombo Tosatto, Silvano mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Kelsen, Pierre mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Governatori, Guido [> >]
IEEE Transactions on Services Computing
[en] compliance ; complexity ; business process
[en] Verifying whether a business process is compliant with a regulatory framework is a difficult task. In the present paper we prove the hardness of the business process regulatory compliance problem by taking into account a sub-problem of the general problem. This limited problem allows to verify only the compliance of structured processes with respect to a regulatory framework composed of a set of conditional obligations including a deadline. Experimental evidence from existing studies shows that compliance is a difficult task. In this paper, despite considering a sub-problem of the general problem, we provide some theoretical evidence of the difficulty of the task. In particular we show that the source of the complexity lies in the core language of verifying conditional obligations with a deadline. We prove that for this simplified case verifying partial compliance belongs to the class of NP-complete problems, and verifying full compliance belongs to the class of coNP-complete problems. Thus by proving the difficulty of a simplified compliance problem we prove that the general problem of verifying business process regulatory compliance is hard.

File(s) associated to this reference

Fulltext file(s):

Open access
ComProof 2.pdfAuthor postprint884.3 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.