Skip to Content
Author's profile photo Emmanuel PIGOUT

MASTER project: Bottom-Up approach for Compliance

The MASTER’s bottom-up approach for compliance is to introduce an evidence model that describes the evidence that some service can produce based on the actions it performs in an abstract fashion, using ontological concepts. These concepts form a shared vocabulary with control modellers, such that both understand the meaning of the concept each uses. Consequently, using instances of the model, the CSO and CIO will be able to produce environment agnostic models of controls that reference the concepts defined in the common vocabulary. The modeller can then determine what evidence to capture to prove or disprove a control’s correct application. These models will thus govern business activity and can be applied to the described services if available or any equivalent service.

Bottom-up approach for Compliance

 Indeed a popular way for a company to model and implement business processes is through the adoption of the Service Orientated Architecture (SOA) paradigm. SOA requires an IT system to be architected in such a way that it can be exposed as services. These services externalise internal behaviours of the system through a common, standardised interface. Business processes are then modelled to orchestrate these services to reach the business goal required by the process. This allows the actual services that provide the business process implementation to change independently from the process specification. As such, so long as a set of services provide the same functionality, one may be dynamically chosen at runtime. This allows external entities to implement part of a business process, thereby allowing the process owner to outsource aspects of the activities of the process..

Therefore, the bottom-up approach prone by MASTER consist for a constraint to be related to service behaviours, for this purpose a model is required that allows a service to define its behaviour in a way such that supporting evidence can be inferred and collected.


In this project we are collaborating with distinguished panel of industrial and university partners:

ATOS Origin; Universita` di Trento; Engineering Ingegneria Informatica S.p.A.; British Telecom; ETH; University of Stuttgart; LERO; ANECT; Deloitte; IBM; CESCE; Fondazione San Rafaele; Stiftelsen SINTEF

For further information please visit the website ( and contact:

Emmanuel Pigout (

Dr Philip Miseldine (

Theodoor Scholte (

Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.