An approach to combine data-related and control-flow-related compliance rules

Compliance of IT-enabled business processes is a research area gaining more and more attraction for enterprises today. Many enterprises are on the gap of installing workflow systems within their premises. During this process they need to make sure that several regulations, coming from governments or enterprise-internal institutions, are obeyed. We argue that the compliance regulations, enterprises are faced with today, can be built using a number of atomic compliance rules. Until now only control-flow-related atomic compliance rules have been identified in literature. In this paper we extend this list with several data-related atomic compliance rules. We further show how control-flow-related compliance rules and data-related compliance rules can be combined. A fundamental finding that we made in our work with industrial use case partners from EU projects, as well as projects with customers, is that for the specification of control-flow-related compliance rules data issues must also be considered. The main contribution of this paper is a collection of combined compliance rules implementing complex compliance requirements which consist of atomic control-flow related and data-related compliance rules.