Achieving Traceable Compliance using the Ampersand Method Open University of the Netherlands TouW gathering March 6th 2010 Henriëtte Sangers

Different aspects research Compliance Business Ontologies Ampersand Method IT systems development GAP

Mind the Gap Compliance Follow rules Obedience Do the right thing Respect others The limits of our language mean the limits of our world Wittgenstein (1922)

Two Gaps in IT Systems Development 1.Different use of concepts – misunderstandings about desired functionality 2.Wrong implementation of correctly understood desired functionality  Contribute to the bad track record of IT projects

The importance of being… an OU student  Usually you are older…what’s so great about that?  Let’s try: more mature? More experienced? => If you work in IT: you saw the gap  If you really want to know the gap cross it! => Use the opportunities to experience the other side  Chance to get better understanding of mutual dependency Business - IT

Compliance Organisations operating according to rules and regulations set for this type of organisation. Financial World Barings IceSave ING New regulations to restore public trust in the financial system: People, procedures and IT-systems all need to be compliant! - Basel II - SOx - MIFID - CDD Lehman Brothers ABN AMRO => Focus now on ‘getting it right’

Compliance Challenge  Adapt to rapidly changing ruling in a competitive market stay flexible change at low costs  Specific difficulties compliance: translating compliance ruling into measures for organisation many rules and regulations from different sources traceability - ‘proving’ compliance

Compliance Challenge - surveys Mercury US and European businesses expect a large part of IT budgets will go to compliance projects in the coming years Deloitte and Touche Complexity of IT environments is seen as a major impediment in compliance projects Gartner Organisations can experience a competitive advantage by handling compliance issues more efficiently than others

The Ampersand Method I  Rule based Business Process Management Stef Joosten  Formal approach to IT systems development  Succeeds / incorporates: Calculating with Concepts: finding and verifying business rules ADL (A Description Language): capturing business rules  building blocks: Concepts: entities which are important to users Relations: associations between concepts Rules: invariants, represent business logic

The Ampersand Method II  Business processes are derived from business rules, not built with them.  Based on relation algebra, can be used to: Get clarity about specifications (cycle chasing) Specifying and even generating IT systems which can be proven to implement business logic (as in business rules) correctly.

Bridging the Gap: Ontologies  How to represent the real world: ontologies, the silver bullet?  Everybody his own ontology: solving problems or raising misunderstandings to a higher level?  Why use ontologies in IT: Enabling common understanding: sofa/couch, property/attribute Reuse domain knowledge Make domain knowledge explicit, support analysis  Long history in IT Systems Analysis and Design (ISAD), a.o. Bunge-Wand-Weber representation model

Use of Ontologies in IT  Applications: information integration, P2P information sharing, web service composition, ambient intelligence, web navigating and querying (Marktplaats)  Recent developments in the area of automated concept matching and ontology integration

Ampersand, Business Ontologies and Compliance Business (compliance) rules can be used directly, no need to program business processes All business (compliance) logic in one place, easy to check by users and auditors Mathematical prove that functionality matches business (compliance) rules can be provided Business ontologies easy to use with Ampersand, help bridge the gap between compliance ruling and business concepts

Research at Purdue University  CERIAS program: Center for Education and Research in Information Assurance and Security  Articles on: traceable and flexible compliance with privacy ruling use of ontologies to support common understanding of concepts  Computer Science Research group dedicated to: Digital Identity Management and Protection

Articles Purdue University Examples: Traceable and Automatic Compliance of Privacy Policies in Federated Digital Identity Management. 6th Workshop on Privacy Enhancing Technologies. Cambridge University UK, Achieving Privacy in Trust Negotiations with an Ontology-Based Approach. IEEE Transactions on Dependable and Secure Computing, January-March 2006

The Case  Federated environment of medical service providers and patients  Automated exchange of patients’ information among service providers  Compliance with patients’ privacy preferences  Breaches of trust need to be traceable  Other requirements: common understanding of concepts (medical, privacy preferences) automated matching of concepts flexibility and traceability

Purdue Solution I 1.Check isMoreStrict 2.A. Privacy preference templates PPx stricter than Ppy if x < y

Purdue Solution II 3. Check logging - trace back 2.B. Customized privacy preferences More complex checks / ordening.

Ampersand Solution Concepts, Relations and Rules Concepts: entities which are important to users CONCEPT "Participant" "party in federated service network, person or service provider." CONCEPT "PrivacyPreference" "a policy statement about how to deal with information" CONCEPT "Data" "the type of data that can be stored of a person." Relations: associations between concepts belongsTo :: PrivacyPreference => Participant subsumes :: PrivacyPreference * PrivacyPreference [TRN,ASY] PRAGMA "" " subsumes, is less strict than “ requestsInformationFrom :: Participant * Participant Rules: invariants, represent business logic requestsInformationFrom -: (hasPrivacyPreference; hasPrivacyPreference~) \/ (hasPrivacyPreference; subsumes~; hasPrivacyPreference~) EXPLANATION "Information can only be requested from a party with an equally or less strict privacy policy."

Ampersand Solution - base x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x xx x x x x x x x x x x x x x x x xx x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x requestsInformationFrom -: (hasPrivacyPreference; hasPrivacyPreference~) \/ (hasPrivacyPreference; subsumes~; hasPrivacyPreference~) possible occurrences allowed occurrences actual occurrences

Ampersand Solution - flexibility x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x xx x x x x x x x x x x x x x x x xx x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x requestsInformation -: ((belongsTo~; hasPurpose; subsPurpose~; hasPurpose~) /\ (belongsTo~; refersToData; subsData~; refersToData~)) \/ (permissionTo~; permissionConcerns) possible occurrences allowed occurrences special permission actual occurrences

Ampersand - ontologies subsPurpose :: Purpose * Purpose [TRN,ASY] PRAGMA "" " subsumes, is less strict than" = [ ("General-purpose", "Treatment") ; ("General-purpose", "Insurance") ; ("General-purpose", "Research") ; ("Research", "Teaching") ; ("Research", "Development") ; ("Research", "Marketing") ].

Ampersand - ontology integration x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x xx x x x x x x x x x x x x x x x xx x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x requestsInformationFrom -: hasPrivacyPreference; hasPurpose; subsPurpose~; hasPurpose~; hasPrivacyPreference~ EXPLANATION "Information can only be requested from a party with an equally or less strict purpose policy." possible occurrences allowed occurrences out of bound occurrences

Ampersand - screen

Solutions Compared AmpersandPurdue programming business processesderiving business processes from rules business logic in systems codingbusiness logic in rule base mathematical prove providedmathematical prove not provided more familiar to most IT staffless well known

Conclusions I  Ampersand method offers advantages in achieving compliance in IT business rules used directly to generate IT system all business logic in one place, easy to check correct implementation can be proven  Business ontologies enhance usability Ampersand easy to integrate with Ampersand / ADL help bridge gap between compliance- and business concepts allow combination of rule patterns / compliance patterns

Conclusions II  Advantages Ampersand method combined with business ontologies reach beyond compliance help get clarity about desired functionality less discussion about implementation issues increase IT developers productivity enhance flexibility

Further Research  Automated matching of business logic and (compliance) ruling, supported by business ontologies  Generating a ‘compliance certificate’ based on correct matching of compliance ruling and business concepts  Integrating Ampersand compliance- and business rule patterns to offer extended functionality in IT systems development

Master Thesis  Choose a subject you like, after all you are stuck with it! QUESTIONS?  Watch out for dependencies  Choose a subject which is doable in the time you want to spend  Combine with job or join existing research, take into account: Level of freedom Academic level Time efficiency  Say good bye to your friends and go for IT!