Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Three Decades of Formal Methods in Business Process Compliance: A Systematic Literature Review

Hugo A. López, Thomas T. Hildebrandt

TL;DR

A systematic literature review on process compliance frameworks based on formal models reveals strong consensus around verification techniques as central to process compliance, though there is less agreement on the earlier and later phases of compliance.

Abstract

Digitalization efforts often face a key challenge: business processes must not only be efficient in achieving their goals but also adhere to legal regulations. Business process compliance refers to aligning processes with these regulations. Numerous frameworks have been developed to address this, with the earliest dating back to 1981. This study focuses on rigorous frameworks using formal methods to verify or ensure compliance. We conducted a systematic literature review (SLR) on process compliance frameworks based on formal models. Our goal was to assess the current state of research on process model compliance and identify gaps and opportunities for future work. Starting with 5018 candidate studies from 1981 to the establishment of GDPR, we selected 46 primary studies. These frameworks were categorized by their phases, the languages used for processes and compliance, and their reasoning techniques. We also examined their practical applicability, the case studies they were tested on, the types of users involved, and the skills needed for compliance. Also, we assessed the maturity of each framework. Our findings reveal strong consensus around verification techniques as central to process compliance, though there is less agreement on the earlier and later phases of compliance. Model checking is the dominant technique, but the compliance and process languages have evolved. Most frameworks are still conceptual with prototype implementations, often failing to account for compliance professionals like legal experts or law changes. In conclusion, there is a need for comprehensive empirical studies to better understand the anatomy and maturity of regulatory compliance frameworks, and for robust evaluation methods to benchmark these frameworks. This review offers valuable insights for researchers and practitioners in process compliance.

Three Decades of Formal Methods in Business Process Compliance: A Systematic Literature Review

TL;DR

A systematic literature review on process compliance frameworks based on formal models reveals strong consensus around verification techniques as central to process compliance, though there is less agreement on the earlier and later phases of compliance.

Abstract

Digitalization efforts often face a key challenge: business processes must not only be efficient in achieving their goals but also adhere to legal regulations. Business process compliance refers to aligning processes with these regulations. Numerous frameworks have been developed to address this, with the earliest dating back to 1981. This study focuses on rigorous frameworks using formal methods to verify or ensure compliance. We conducted a systematic literature review (SLR) on process compliance frameworks based on formal models. Our goal was to assess the current state of research on process model compliance and identify gaps and opportunities for future work. Starting with 5018 candidate studies from 1981 to the establishment of GDPR, we selected 46 primary studies. These frameworks were categorized by their phases, the languages used for processes and compliance, and their reasoning techniques. We also examined their practical applicability, the case studies they were tested on, the types of users involved, and the skills needed for compliance. Also, we assessed the maturity of each framework. Our findings reveal strong consensus around verification techniques as central to process compliance, though there is less agreement on the earlier and later phases of compliance. Model checking is the dominant technique, but the compliance and process languages have evolved. Most frameworks are still conceptual with prototype implementations, often failing to account for compliance professionals like legal experts or law changes. In conclusion, there is a need for comprehensive empirical studies to better understand the anatomy and maturity of regulatory compliance frameworks, and for robust evaluation methods to benchmark these frameworks. This review offers valuable insights for researchers and practitioners in process compliance.

Paper Structure

This paper contains 79 sections, 2 equations, 16 figures, 12 tables.

Table of Contents

  1. Introduction
  2. Research Methodology
  3. Research questions
  4. Search strategy
  5. Keywords and synonyms
  6. Generic search string
  7. Pilot extraction
  8. Inclusion and exclusion criteria
  9. Control Set
  10. Validity of the search strategy (internal validity)
  11. Selection of Primary Studies
  12. Quality Assessment
  13. Data extraction
  14. Research Question 1: Elements conforming Compliance Frameworks
  15. Abstraction Levels
  16. ...and 64 more sections

Figures (16)

  • Figure 1: The search strategy protocol
  • Figure 2: Construction of the Quasi Gold Standard Dataset
  • Figure 3: The search and selection protocol
  • Figure 4: Primary Studies: Distribution per year/type of publication
  • Figure 5: Abstraction Levels
  • ...and 11 more figures