Schumm, DavidAnstett, TobiasLeymann, FrankSchleicher, DanielStrauch, SteveAbramowicz, WitoldAlt, RainerFähnrich, Klaus-PeterFranczyk, BogdanMaciaszek, Leszek A.2019-01-112019-01-112010978-3-88579-271-0https://dl.gi.de/handle/20.500.12116/19088Compliance requirements coming from laws, regulations and internal policies constrain how a company may carry out its business. A company must take various different actions for preventing compliance violations and for detecting them. Business processes have to be changed accordingly in order to adhere to these requirements. Manual controls need to be installed in order to affect the work which is done outside of IT systems. Technical controls are required for assuring compliance within IT systems. In this paper, we present a compliance management model that captures the compliance problem from a holistic point of view. We elaborate on a technical control which is called compliance fragment and we position it in the compliance management model. A compliance fragment is a connected, possibly incomplete process graph that can be used as a reusable building block for ensuring a consistent specification and integration of compliance into a workflow. In particular, we propose language extensions to BPEL for representing compliance fragments. Furthermore, we introduce a methodology for integrating compliance fragments into given workflows.enText/Conference Paper1617-5468