Lifecycle Management of Relational Records for External Auditing and Regulatory Compliance

• Published in: 2011 International Symposium on Policies for Distributed Systems and Networks pp. 73 - 80
• Main Authors: Ataullah, A. A., Tompa, F. W.
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.06.2011
• Subjects: Access control; Business; Database systems; History; modeling integrity constraints; object lifecycle modeling; Object recognition; records management; relational database; Relational databases
• ISBN: 1424498791; 9781424498796
• DOI: 10.1109/POLICY.2011.20

Transactional business records are subject to a wide array of regulatory and auditing requirements. The problem of converting task specific business policies to database level constraints is challenging due to the immense complexity of corporate workflows and record lifecycles. In this paper we present a modeling framework for identifying business processes and record lifecycles within relational database systems that supports the automatic generation, implementation and verification of low level data management constraints. Our modeling language allows users to identify states of business processes within a relational database system and subsequently to enforce a broad set of conditional business rules based on the particular path that a business process has taken in the model. Our approach is unique in that it offers a single unified layer for process modeling and implementing complex workflow based constraints, temporal access control constraints, and records retention restrictions. Furthermore we propose the notion of "business process integrity" as a layer above traditional database integrity constraints, which combines conditional access control and general purpose temporal integrity constraints, to assure external auditors that each business record in the database has followed a legal path to its current state.