Compliance Flow – Managing the compliance of dynamic and complex processes

doi:10.1016/j.knosys.2007.11.002

Knowledge-Based Systems

Volume 21, Issue 4, May 2008, Pages 332-354

https://doi.org/10.1016/j.knosys.2007.11.002 Get rights and content

Abstract

To develop a reliable system or product, the current best practice for the development process is typically embodied in standards and guidelines, such as IEC61508 for safety and ISO9001 for quality assurance. Generally, the standard proposes a framework, which deals in a systematic manner with all the activities necessary to achieve the required quality. However, every application of a given standard is different because of differences in project details. One serious limitation of current workflow systems is the lack of the ability to ensure that the specification and execution of a process are compliant with the standard.

This paper presents the treatment of managing process compliance in the Compliance Flow system. Process-based reasoning is used to identify compliance errors within a user-defined process by matching it against the standard model during both process specification and process execution. Examples drawing on a version of IEC61508 are used to illustrate the mechanism of modelling and compliance checks. A case study of the development of a light-guard is discussed.

Introduction

In order to provide acceptable systems or services, the current best practice for the development process is typically embodied in recent standards and guidelines, such as IEC61509 [9] for safety and [10] for quality assurance. In this context, a user-defined process complies with a standard if there is a clear description of the development stages, the inputs to each stage are fully and unambiguously defined, and all the objectives and requirements stipulated in the standard are met. In safety-related engineering projects significant amounts of resource are spent on their management and in demonstrating standards compliance; much of the time of developers, managers and quality assurance teams is occupied with tracking and managing the compliance of the project. A workflow system with compliance management ability can considerably shorten the development time and reduce costs.

This paper describes the solution to compliance management in the Compliance Flow system. The proposed approach is to represent a given standard into a structured semi-formal model which acts like a knowledge database, providing information about a standard for process management. Such information is used in a process akin to “spell-checking”, in which a number of compliance checks are performed to assess the degree of compliance of a user-defined process against a standard. Compliance checks can identify compliance errors, assist in process specification and prevent non-compliant tasks in a process from being performed.

The next section gives a brief introduction on workflow systems. Section 3 gives a general introduction to the IEC61508 international standard and identifies its key requirements. Following that, Section 4 introduces the standard modeling approach. Section 5 describes the use of ontology and its motivation. The Compliance Flow process model, where the compliance checks take place, is described in Section 6. Section 7 discusses the different types of checks that can be performed by Compliance Flow. A case study, which shows how Compliance Flow supports the management of an IEC61508 compliance project, is discussed in Section 8, with appropriate conclusions following.

Section snippets

Workflow management system

A workflow is an automation of a business process, in whole or part, during which documents, information or tasks are passed from one participant to another for action, according to a set of procedural rules [16]. The essential workflow characteristics are persons, tasks/activities, application tools and resources [11], [12]. The (role-playing) persons perform tasks using application tools that provide access to various shared information resources. This characterisation of workflow is shown in

IEC61508 international standard

IEC61508 [9], hereinafter referred to as “IEC61508”, is an international standard for the development of Electrical/Electronic/Programmable Electronic Systems (E/E/PEs) that are used to perform safety functions. There are two distinct groups of sub-systems considered in IEC61508: the Equipment Under Control (EUC) and the safety-related system. The former performs the required manufacturing, process, transportation, medical or other activities, while the latter provides the safety functions

Standard modelling

In Compliance Flow, a standard with which compliance by a development process is required is modelled and represented as a Model of Standards (hereinafter referred to as “the Model”). The Model acts as a knowledge-base to provide the required information that will be used in a “spell-check” process to support compliance checks. Fig. 4 is a meta-model of standard modelling, demonstrating the three important aspects of a standard in terms of workflow management.

The use of ontology

As a user-defined process has to be checked against the Model, the terms used in both sides in describing a concept of interest must be consistent, and this is achieved by the use of an ontology. This is a data model that “consists of a representational vocabulary with precise definitions of the meanings of the terms of this vocabulary plus a set of formal axioms that constrain interpretation and well-formed use of these terms” [1]. An ontology is therefore an explicit representation of a “…

Process model

A user-defined process (UDP) is captured through an enhanced activity-based modelling framework following an enhancement of the structures outlined in Section 4.1. The meta-process model is given in Fig. 6. Task decomposition can be performed to any level of detail. The tasks at the lowest level are concrete work instructions, while the tasks at higher levels are more abstract.

As discussed in Section 4.1, task execution is constrained by the pre- and post-conditions with an added type of

Compliance checks

Compliance checks are for checking a UDP against the Model to identify compliance errors and assist the user in specifying a process that meets the requirements of a selected standard. Compliance checks can be grouped into two categories namely (1) error identification and prevention and (2) process management assistance.

Error identification and prevention:

(a)
Correctness Check – To ensure the sequence of tasks specified in a UDP is in accordance with a selected standard.
(b)
Completeness Check – To

Case study – lightguard development

The lightguard development project is one of three trial applications in the Assuring Programmable Electronic Systems (APES) project from ERA Technology Limited, 2000. The lightguard was originally developed to comply with BS EN61496 [6], Safety of Machinery – Electro-Sensitive Protective Equipment, and BS EN954 [5], Safety of Machinery – Safety-Related Parts of Control Systems. BS EN61496 is a product-family standard specifically with requirements for lightguards using active opto-electronic

Conclusions

In this paper, we have identified standard compliance as an important issue in process management. The proposed solution is to model the standard in a way that the required information can be used for automatic compliance checking. Compliance checks are used to check a UDP against the standard model, during both process build-time and run-time, to identify compliance errors, assist in process specification and prevent non-compliant tasks in a process from being performed accidentally.

The

References (15)

A.E. Campbell, S.C. Shapiron, Ontological mediation: an overview, in: Proceedings of the IJCAI Workshop on Basic...
Y.C. Cheung, P.W.H. Chung, R.J. Dawson, Supporting engineering design process with compliance flow – an intelligent...
S.M.W. Easterbrook, A.C. Finkelstein, J. Kramer, B.A. Nuseibeh, Coordinating distributed viewpoints: the anatomy of a...
W. Emmerich, A. Finkelstein, C. Montangero, S. Antonelli, S. Armitage, R. Stevens, Managing standards compliance, in:...
EN, EN954-1:1997 – Safety of machinery. Safety related parts of control systems. General principles for design, 15...
EN, EN61496-1:2004 – Safety of machinery. Electro-sensitive protective equipment. General requirements and tests, 1...
ERA Technology, Assuring Programmable Electronic Systems (APES) Project,...

There are more references available in the full text version of this article.

Cited by (25)

Scenario-based process querying for compliance, reuse, and standardization
2020, Information Systems
Citation Excerpt :
In this paper, we use process scenario templates to trigger retrieval of process models that describe scenarios that match the template. A solution to this problem can support process compliance [16–27], reuse [28,29], and standardization [30,31] use cases in BPM [32]. Process querying studies automated methods for managing, e.g., retrieving or manipulating, repositories of models that describe observed and/or envisioned processes, and relationships between these processes [33].
Process models constitute valuable artifacts for organizations. A process model formally captures the way an organization works internally and interacts with its customers and partners. Over time, more models may be created as business practices evolve (leading to different versions of models) or an organization expands, e.g., through mergers or acquisitions. It is not uncommon for large organizations to have to manage thousands of process models. Retrieval of process models with desired properties then poses a significant challenge, particularly when one is concerned with finding models that describe certain process scenarios, i.e., sequences of tasks captured in models. This paper proposes a method for automated process model retrieval based on scenario compatibility. A process model is retrieved if it has the potential to perform the specified process scenario. To allow for scenarios to be underspecified, wildcards may be used in their description. The paper reports on a formal language for scenario-based process querying, its implementation, and evaluation in the context of industrial and synthetic process models. The results show that the technique works in (close to) real time.
Model-based specification of safety compliance needs for critical systems: A holistic generic metamodel
2016, Information and Software Technology
Citation Excerpt :
Therefore, the RAF metamodel corresponds to safety standard-independent modelling. The approaches that have addressed this type of modelling focus on specific safety compliance needs such as the requirements to fulfil [39], the artefacts to manage [40], artefact traceability [41], and the process to follow [12,42-44]. Safety cases have also been used for the analysis of safety standards in order to determine the safety arguments in the standards and thus how safety is or should be justified [45-50].
Context: Many critical systems must comply with safety standards as a way of providing assurance that they do not pose undue risks to people, property, or the environment. Safety compliance is a very demanding activity, as the standards can consist of hundreds of pages and practitioners typically have to show the fulfilment of thousands of safety-related criteria. Furthermore, the text of the standards can be ambiguous, inconsistent, and hard to understand, making it difficult to determine how to effectively structure and manage safety compliance information. These issues become even more challenging when a system is intended to be reused in another application domain with different applicable standards.
Objective: This paper aims to resolve these issues by providing a metamodel for the specification of safety compliance needs for critical systems.
Method: The metamodel is holistic and generic, and abstracts common concepts for demonstrating safety compliance from different standards and application domains. Its application results in the specification of “reference assurance frameworks” for safety-critical systems, which correspond to a model of the safety criteria of a given standard. For validating the metamodel with safety standards, parts of several standards have been modelled by both academic and industry personnel, and other standards have been analysed. We further augment this with feedback from practitioners, including feedback during a workshop.
Results: The results from the validation show that the metamodel can be used to specify safety compliance needs for aerospace, automotive, avionics, defence, healthcare, machinery, maritime, oil and gas, process industry, railway, and robotics. Practitioners consider that the metamodel can meet their needs and find benefits in its use.
Conclusion: The metamodel supports the specification of safety compliance needs for most critical computer-based and software-intensive systems. The resulting models can provide an effective means of structuring and managing safety compliance information.
Supporting the verification of compliance to safety standards via model-driven engineering: Approach, tool-support and empirical validation
2013, Information and Software Technology
Citation Excerpt :
Together, these could be means to further the field of model-based certification. Regarding compliance to a specific standard, Chung et al. [4] study the problem of compliance of a user-defined workflow with the activities prescribed in IEC61508. They check (process) compliance by comparing user-defined activities in an organization against models of the activities in the standard.
Many safety–critical systems are subject to safety certification as a way to provide assurance that these systems cannot unduly harm people, property or the environment. Creating the requisite evidence for certification can be a challenging task due to the sheer size of the textual standards based on which certification is performed and the amenability of these standards to subjective interpretation.
This paper proposes a novel approach to aid suppliers in creating the evidence necessary for certification according to standards. The approach is based on Model-Driven Engineering (MDE) and addresses the challenges of using certification standards while providing assistance with compliance.
Given a safety standard, a conceptual model is built that provides a succinct and explicit interpretation of the standard. This model is then used to create a UML profile that helps system suppliers in relating the concepts of the safety standard to those of the application domain, in turn enabling the suppliers to demonstrate how their system development artifacts comply with the standard.
We provide a generalizable and tool-supported solution to support the verification of compliance to safety standards. Empirical validation of the work is presented via an industrial case study that shows how the concepts of a sub-sea production control system can be aligned with the evidence requirements of the IEC61508 standard. A subsequent survey examines the perceptions of practitioners about the solution.
The case study indicates that the supplier company where the study was performed found the approach useful in helping them prepare for certification of their software. The survey indicates that practitioners found our approach easy to understand and that they would be willing to adopt it in practice. Since the IEC61508 standard applies to multiple domains, these results suggest wider applicability and usefulness of our work.
New results in modelling derived from Bayesian filtering
2010, Knowledge-Based Systems
Citation Excerpt :
In essence, modelling is postulating assumptions how real-world behaves. One may refine indefinitely the model but the difference between the model and the real-world phenomenon, process or dynamical system which is subject to modelling cannot be avoided [10,22,34,45,49]. Increasing the quality of the models has been one of the favourite research directions during the last years.
This paper suggests an original heuristic modelling algorithm expressed in terms of homogenous combinations of the classical system dynamics and the Bayesian degree of truth employed in modelling. The main benefits of the proposed approach compared to classical modelling are the increased transparency and alleviated computational time. Two case studies, dealing with a mobile robot and an unforced pendulum system, are included to exemplify and test the theoretical results. One of the case studies makes use of the definition and calculation of several discrete plausibilities.
Compliance checking of software processes: A systematic literature review
2022, Journal of Software: Evolution and Process
Modeling data protection and privacy: application and experience with GDPR
2021, Software and Systems Modeling

View all citing articles on Scopus

View full text