Industry governance, risk, and compliance (GRC) solutions stand to gain from various analyses offered by formal compliance checking approaches. Such adoption is made difficult by the fact that most formal approaches assume that a mapping between concepts of regulations and models of operational specifics exists. We propose to use Semantics of Business Vocabularies and Rules along with similarity measures to create an explicit mapping between concepts of regulations and models of operational specifics of enterprises. We believe that this proposal takes a step toward adapting and leveraging formal compliance checking approaches in industry GRC solutions.
WSO2's API Vision: Unifying Control, Empowering Developers
Toward Better Mapping between Regulations and Operational Details of Enterprises Using Vocabularies and Semantic Similarity
1. Sagar Sunkle, Deepali Kholkar, and Vinay Kulkarni.
Tata Consultancy Services, India
Toward Better Mapping between Regulations and
Operational Details of Enterprises UsingVocabularies
and Semantic Similarity
Disparity between Labels in Formal Regulations
and Operational Specifics
Mapping the vocabularies of regulations
and operational specifics
Sadiq et al., Governatori et al., Kamada et al.
Formal Contract Language based on Defeasible Logics;
Operational Specifics as a Business Process Model
Ramezani et al.
Rules as Petri-net Patterns, Operations from the Event Log
Regulation:“A discount of 10% is granted if the customer is a gold
customer; 5% are granted if the customer is a silver customer.”
Knuplesch et al., Ly et al.
Rules in terms of Compliance Rule Graph; Operations in terms of Events
Regulation:“For payment runs
with amount beyond euro
10,000, the payment list has to be
signed before being transferred
to the bank and has to be led
afterwards for later audits.”+
Event“payment list A is
transferred to the bank”
Rule 1: Before opening an
account, customer information
must be obtained and verified.
Rule 2: Whenever a customer
requests to open a deposit account,
customer information must be
recorded before opening the
account.
Awad et al.
Rules in Business Process Modeling Notation (BPMN) Query (BPMN-Q), later in
Temporal Logic; operational specifics in terms of BPMN Models
Regulation
Text
Formal
Representation
Enterprise Data
VocabularyReg
Conceptual Mapping based
on Semantic Similarity
BPMN Models
Petri Net
Models
Other
Operational
Specifics
Terminological
Dictionaryoperations
• Mapping between labels of formal representations of regulations and operational
specific is usually implicitly assumed
• A terminological mapping is necessary to tell where in the operational activities a
rule from regulations becomes applicable
• Semantics of business vocabulary and rules (SBVR) provides a semantic model for
formal terminology with support for disambiguation of concepts via semantic
communities
Liu et al., Mueller et al.
Rules in graphical Business Property Specification Language,
later into Linear Temporal Logic; operational specifics in terms of BP models
in the Business Process Execution Language, later into Pi calculus
Vocabulary
Terminological
dic onary
Body of shared
concepts
Body of shared
meanings
Body of shared
guidance
Element of guidance
Seman c community
presents
unites
Text
ExpressionRepresenta on
Designa on
Defini on
Verb Concept
Wording
Statement
expression
isUsedToExpress subCommunity
meaning
Meaning Concept
Noun concept
Verb concept
Characteris c
incorporates
Logical Formula on
Modal Formula on Obliga on
Formula on
Logical Opera on
Logical Operand
isBasedOn
embeds
Proposi on
Legends
Business Vocabulary
Terminological Dic onary
Meaning and Representa on
Vocabulary
Business Rule Vocabulary or Logical
Formula on of Seman cs
• Create vocabulary to capture regulatory and business domain using business
vocabulary
• Model regulation body of concepts with meaning and representation vocabulary
concepts
• Model body of guidance in terms of regulatory rules using business rules
vocabulary
• Model various representations of concepts used by regulatory and business
communities including operational concepts using terminological dictionary
• Ongoing- Exploit SBVR structure along with word/concept similarity measures
This enables semantic mapping between concepts of regulations and
operational specifics and streamlines regulatory compliance.