A business process is made up of a set of activities that are carried out to create products or services. This series of activities is often analogous to the set of actions performed on an artifact (document). Aside from privacy (unauthorised access should be avoided) and integrity (the document should not be tampered with), the document has “lifecycle” constraints (modifications should be made in a predefined sequence). Any document manipulation that does not adhere to the lifecycle constraints is considered invalid. So far, cryptographic, centralised, and static verification approaches have been exploited to achieve the compliance with the lifecycle, which have their respective limitations.

In this paper, we design and develop a framework leveraging formal runtime enforcement approaches to enforce the lifecycle constraints of a document at runtime, preserving its integrity and privacy using cryptographic approaches alongside. The lifecycle constraints are taken as the specification of the system and the modification done into the document is taken as the (possibly erroneous) input to be enforced. The enforcement mechanism detects any modification attempt made by an individual into the document that is not following the set lifecycle constraints at runtime and the document is safeguarded from such invalid manipulations. We take an example of a collaborative project between an academic and a research institute. We specify the necessary lifecycle constraints and construct an enforcement monitor out of them, which will prevent any unauthorised changes into the document, assuring the system’s safety. The proposed framework has been implemented and enforcement of constraints is demonstrated in the considered scenario.