| Autor: |
Mustapha, Abiodun Muyideen, Arogundade, Oluwasefunmi 'Tale, Abayomi-Alli, Adebayo, Adesemowo, A. Kayode, Adeniran, Olusola John |
| Zdroj: |
International Journal of Systems Assurance Engineering & Management; Nov2024, Vol. 15 Issue 11, p5111-5138, 28p |
| Abstrakt: |
Despite the advantages of cloud services, businesses still face compliance challenges. Some have withdrawn from cloud services due to the inability to adhere completely to compliance requirements from regulatory bodies. Considering that adopting cloud services does not require adherence to domain-based requirements but also security requirements, a compliance management approach is essential to cater for such constraints. Existing literature shows that many compliance management approaches focus on data flow and control flow requirements. A few of them considered timing but not security constraints. Hence, compliance monitoring is incomplete and inaccurate. It was also deduced that monitoring business processes against compliance requirements in real-time was not considered appropriately, which is essential for keeping track of performance. This paper presents a business process compliance management system that ensures that business processes can be verified against compliance requirements at both designs and run time. The verification of the business processes was done at design time using a SPIN (Simple Promela Interpreter) model checker and extended compliance patterns at runtime. The evaluation was done using case studies from the financial and health domains, which returned an improved level of accuracy compared to an existing approach. The proposed approach's uniqueness, completeness and traceability were evaluated against the model-based business process compliance management system and the papazoglou compliance management system. It returned 0.95, 0.94, and 0.86, respectively, for the proposed system. Adopting this improved business process compliance management system helps enterprises save penalty costs laid against them due to non-compliance or incomplete compliance. [ABSTRACT FROM AUTHOR] |
| Databáze: |
Complementary Index |
| Externí odkaz: |
|
Full text from SpringerLink