Foreword BUSINESS MODELLING DOMAIN

Business Modelling Domain

Business modelling of the operations is an essential prerequisite before information management can be implemented. Institutions should be able to analyse and anticipate the effects of processes, information flows, document management and enabling technologies, such as e-business, upon their operations. 

There are various modelling techniques, which may be applied, some of which are described below, to provide different and comprehensive views of the business activities.  

Models should be developed to represent such items as: 

1. Activities and processes of the business application within and between, stakeholders 

2. Information resources and flows 

3. Application of technologies 

Processes should be documented for such items as: 

1. 1. 1. Work procedures and tasks 

      2. Roles and responsibilities of personnel 

      3. Audit and monitoring procedures 

Types of models

Business modelling takes many different forms and there are many techniques available. What is important is that fundamental processes should be modelled, and the way that this is done should maximise the generation of value for the institution.  For example, analysis of information needs and resources should lead to the development of a corporate information model. In the FIDIS context the generation of value within research activity is important. To this end in later development of the guidelines we would expect to define the objectives, and how we measure them. For instance, the guidelines would have to support: the circulation of information within the Network, the identification and selection of relevant information for ongoing research purposes, the clarification of identity concepts, and certainly innovation itself.

Entity models

Entity models specify the relationships between such entities as people, objects, processes, and information within and between institutions.  They are used to brainstorm, or when working from a fresh start, to specify and resolve business issues and to define the related corporate information. An entity model for information management within FIDIS is shown in Figure 4. It is a generic model, which may be applied by each Work Package.

Figure 4 

Stakeholder models

Stakeholder models highlight the different stakeholders who are involved in the various activities of identity management throughout the supply chain. Stakeholder models may be created for particular business sectors, such as e-health, and they may be used as a basis for information flows within and between stakeholders. In Figure 5, some of the stakeholders involved with identity management are shown at differing levels of governance:  

Figure 5 

Process and information flow models 

Information flow models show the business processes, how they interact with each other and how information flows between them. They provide a functional overview of the operations and allow personnel to see the functions and processes of a business quite independently of the organizational chart. They may show the essential and supportive processes and provide judgment about the value contributed by these processes to business operations. We can superimpose upon the models such flows as information, intelligence, documents, people and finance to indicate how we, as identity management systems developers or research network actors, drive and control the processes.

Compliance models 

A generic compliance model has been developed in order to assess the degree to which institutions are fulfilling their obligations and their effectiveness in applying identity management. The model is shown in Figure 6 and the following statements briefly describe the areas of interest within the model.  

Figure 6 

The model is divided into three parts: 

The top line shows the processes for specifying the Design Criteria for ensuring compliance with the required regulations:

1. Process and Semantic Models 

The process and semantic models that satisfy legal and other requirements.  

1. Select Control & Monitoring Positions 

The monitoring positions where relevant information needs to be collected for compliance purposes.  

1. Design Norms & Performance Criteria 

The required norms and performance criteria, which need to be addressed for compliance with regulations. 

1. Store Design Data 

The store containing all of the information that represents the design criteria.  

The bottom line illustrates the processes for the Actual Monitored Data. This data needs to be collected and measured to enable compliance to be achieved:

1. Compliance Process 

The specification of the compliance process to be applied to activities. 

1. Monitoring Techniques 

A description of the monitoring techniques being applied at the various audit points.  

1. Collect Monitored Data 

A store containing all of the monitored data that is collected during the compliance process. 

1. Interpret Monitored Data 

The analysis and interpretation of the monitored data. 

The middle line represents the processes that compare and analyse the Actual Monitored Data with those of the Design Criteria:

1. Compare Designed Data with Monitored Data 

The process that compares the actual monitored data with the designed data 

1. Compliance Review of Variance 

A compliance review to determine the variance between actual and design data. This gap analysis determines one of three outcomes: satisfactory review, monitoring to be continued or further design and analysis is required. 

The audit points should be where particular activities of interest are taking place or where a transfer takes place of information from one person, department or institution to another. Information which needs to be gathered and checked against specified criteria, may include: 

1. Process being audited 

2. Information being processed 

3. Person responsible for performing the work 

4. The rules and norms which need to be satisfied 

5. Transmission and receipt logs