An experience report of improving business process compliance using security risk-oriented patterns

Abstract

Nowadays enterprises are searching the efficient compliance management method. Being compliant could potentially help capturing the most important information, using practice and existing process solutions; thus reducing the management effort and cost. When it comes to the security compliance management, it means treating and reducing the security risks to the acceptable level and employing the validated and cost effective security countermeasures. However, the typical question that small and medium enterprises face, is on how to achieve the security compliance in the efficient way. In this paper we report on our experience to use the security risk-oriented patterns to improve business processes of the insurance brokerage. The analysed case showed the major steps to apply the regulatory standard to check compliance, as well as the major procedures needed to improve the business process compliance. The lessons learnt highlight some method guidelines toward compliance management and suggest needed improvement directions for the application of the security risk-oriented patterns.