Lifecycle Management of Relational Records for External Auditing and Regulatory Compliance

Transactional business records are subject to a wide array of regulatory and auditing requirements. The problem of converting task specific business policies to database level constraints is challenging due to the immense complexity of corporate workflows and record lifecycles. In this paper we present a modeling framework for identifying business processes and record lifecycles within relational database systems that supports the automatic generation, implementation and verification of low level data management constraints. Our modeling language allows users to identify states of business processes within a relational database system and subsequently to enforce a broad set of conditional business rules based on the particular path that a business process has taken in the model. Our approach is unique in that it offers a single unified layer for process modeling and implementing complex workflow based constraints, temporal access control constraints, and records retention restrictions. Furthermore we propose the notion of "business process integrity" as a layer above traditional database integrity constraints, which combines conditional access control and general purpose temporal integrity constraints, to assure external auditors that each business record in the database has followed a legal path to its current state.