An Universal Approach for Compliance Management Using Compliance Descriptors.

Trends like outsourcing and cloud computing have led to a distribution of business processes among different IT systems and organizations. Still, businesses need to ensure compliance regarding laws and regulations of these distributed processes. This need gave way to many new solutions for compliance management and checking. Compliance requirements arise from legal documents and are implemented in all parts of enterprise IT, creating a business IT gap between legal texts and software implementation. Compliance solutions must bridge this gap as well as support a wide variety of compliance requirements. To achieve these goals, we developed an integrating compliance descriptor for compliance modeling on the legal, requirement and technical level, incorporating arbitrary rule languages for specific types of requirements. Using a modeled descriptor a compliance checking architecture can be configured, including specific rule checking implementations. The graphical notation of the compliance descriptor and the formalism it's based on are described and evaluated using a prototype as well as expert interviews. Based on evaluation results, an extension for compliance management in unstructured processes is outlined.