Compliance by design for artifact-centric business processes

Compliance to legal regulations, internal policies, or best practices is becoming a more and more important aspect in business processes management. Compliance requirements are usually formulated in a set of rules that can be checked during or after the execution of the business process, called compliance by detection. If noncompliant behavior is detected, the business process needs to be redesigned. Alternatively, the rules can be already taken into account while modeling the business process to result in a business process that is compliant by design. This technique has the advantage that a subsequent verification of compliance is not required.This paper focuses on compliance by design and employs an artifact-centric approach. In this school of thought, business processes are not described as a sequence of tasks to be performed (i.e., imperatively), but from the point of view of the artifacts that are manipulated during the process (i.e., declaratively). We extend the artifact-centric approach to model compliance rules and show how compliant business processes can be synthesized automatically.