Towards compliance requirements modeling and evaluation of E-government inter-organizational collaborative business processes Laura González, Andrea Delgado Instituto de Computación, Facultad de Ingeniería, Universidad de la República, Uruguay {lauragon,adelgado}@fing.edu.uy Abstract Business process compliance requirements are becoming increasingly important to organizations as they focus on their processes and the way they are carried out in their daily operation. Being compliant with regulations and laws, among others, is mandatory in an e-government environment where these processes are to be transparent to citizens and subject to public audits. Also, in e-government domain, as these processes are mostly inter-organizational collaborative processes that are spread within several organizations, compliance definition, monitoring and evaluation becomes more complex. In this paper we present an approach to deal with compliance requirements modeling and evaluation for such processes. We focus on modeling compliance requirements over BPMN 2.0 and evaluating this specification against process execution traces, in order to detect compliance violations. We present a Compliance Requirements Modeling Language (CRML) and its connection with BPMN 2.0 elements, a Compliance Requirements Model (CRM) specific for business processes, and an initial view on post-mortem compliance evaluation with process mining. 1. Introduction Business Process Management (BPM) [1, 2, 3] provides the basis to support the business process lifecycle from modeling, configuration and enactment to evaluation. Modeling business processes (BPs) is a key input for this lifecycle, which is mandatory in organizations where Business Process Management Systems (BPMS) [4] are in place to enact processes. Although there are several languages and approaches for modeling BPs, in organizations with BPMS settings, the preferred one is the Business Process Model and Notation (BPMN 2.0) [5]. Business process compliance requirements are becoming increasingly important to organizations as they focus on their processes and the way they are carried out in their daily operation. Modeling Compliance Requirements over BPs posses several challenges, since there are few modeling languages for specifying compliance [6], and being the main focus controlling compliance itself, they are usually not completely suitable for modeling complete BPs with extra elements for compliance. Being compliant with regulations and laws, among others, is mandatory in an e-government environment where these processes are to be transparent to citizens and subject to public audits. Also, as these processes are mostly inter-organizational collaborative processes that are spread within several organizations, compliance definition, monitoring and evaluation becomes more complex. For these inter-organizational collaborative processes we identified mainly two interaction scenarios between participants to consider [7]: (i) closed, in which interactions between organizations are explicitly defined and agreed as collaborative BPs (e.g., e-government domain); or (ii) open in which organizations offer capabilities for integration, not explicitly agreeing on their BPs but mainly on the contract of the capabilities they provide or require to be able to participate in the collaboration. Despite the fact that e-government is a closed environment, the execution of processes can be difficult to trace and to reconstruct between different participant organizations. This fact can be a barrier when trying to evaluate compliance requirements violations for such processes, based on process execution traces. Process Mining [8] provides the means for: i) discovering business process models from event logs where process execution traces are provided, ii) checking conformance of execution data against an (existing or discovered) process model, and iii) enhancing process models with other execution information such as resources involved. Our approach is based on process mining to evaluate compliance violations using post-mortem process execution data i.e. event logs, but also considering compliance requirements modeling. Although some existing compliance requirements evaluation approaches also Proceedings of the 54th Hawaii International Conference on System Sciences | 2021 Page 2079 URI: https://hdl.handle.net/10125/70868 978-0-9981331-4-0 (CC BY-NC-ND 4.0)