Unified Compliance Modeling and Management using Compliance Descriptors.

Due to innovations in the field of cloud computing business processes become distributed, encompassing a combination of services spanning multiple IT systems. Due to a growing number of regulations, managing business process compliance in this cloud environment is a necessary task for companies, leading to a growth in compliance management and compliance checking approaches. Compliance stems from laws and is implemented in all parts of enterprise IT. Thus, both a connection between business and IT as well as a broad coverage of compliance scenarios is necessary. To solve both challenges, we use an integrating compliance descriptor for conceptual compliance modeling. This descriptor is used to configure a compliance management architecture, integrating different types of compliance checking. For creating compliance descriptors, it proved necessary to introduce a formalism and a graphical notation, which is introduced and evaluated in a prototype and expert interviews.