The Intersection of Business Process Management (BPM) and Blockchain Technology The Decision Making Problem

Uncategorized | February 27, 2018
Home » Company » Blog » The Intersection of Business Process Management (BPM) and Blockchain Technology The Decision Making Problem

Everyday we face an endless string of questions and choices. We don’t necessarily keep detailed record of every decision we make, but this is a fundamental practice for businesses. Businesses are successful in large part because at the core of every business is decision making, with high value decisions at the center of nearly every risk faced by businesses. Decisions are made around the clock which expose the organization to risk of lawsuits, risk of adverse regulatory action, or both. Because of this, organizations make significant investments in systems and processes to defend those decisions.

Unfortunately, a single misstep can ruin a company’s reputation and cost millions in fines, legal expenses or settlements. Not only do these missteps cripple your business, they negatively affect real people. Sometimes it is the right decision to foreclose on a mortgage, to deny a claim, or to deny credit. Especially where this is the case, an organization must be prepared to defend this decision against later questions.

A large portion of an organization’s resources is allocated just to defending decisions, through compliance, risk management, etc. Even though every part of a decision may be written to a database or Business Process Automation (BPA) solution, the problem remains that databases are dangerously malleable.  All it takes is the right credentials to change history of the decision.

Blockchain technology creates an entirely new approach to solving the issue of the unreliability of bits. Blockchain provides a fool-proof trustless system that is immutable, decentralized, and access-controlled.  When you combine the immutable public witness of blockchain technology with the existing BPA software, it creates a practical solution that can defend the basis of the organization’s decisions against later questions.

BPM’s Approach to Risk Management

Business Process Management (BPM) deals with the optimization, analyzation, and creating smart  processes in an organization. It involves a setting in place methodologies and infrastructure consisting of rules and regulations that resonate with the organization’s values in terms of making decisions. Most decisions follow a repetitive cycle of information gathering, concluding, executing, and refinement  to achieve better results.

In today’s industry space, many organizations use software tools to automate the entire decision-making process. Naturally, these processes get stored on databases which need to be constantly audited for their legitimacy. Why do these databases need constant auditing and verification? As mentioned above, decisions carry a significant weight and the process responsible for churning out decisions needs to be backed by evidential data.

Current Solutions for BPM

Many software tools allow companies to map their processes and secure it in databases. There are many BPA tools in the market like PegaAppian, and others. Pega makes it easier to design, model, execute, track, and optimize business processes. It is used for mitigating risks during the decision-making process.

Tools like Pega are very convenient but have a major issue – they are still not secure. Vulnerabilities like SQL injections, extensive user privileges, broken configuration management, or even DoS attacks pose a serious threat to the data present in the databases.

Companies spend millions of dollars every year on auditing and verifying the databases for any problems, creating a huge compliance issue because one needs to prove that the database wasn’t changed at any given time. Even if nothing happened to the databases, it still is a precautionary measure that involves significant cost to the company. In this age of blockchain technology, the process of verifying and auditing databases is unnecessary given that blockchain provides evidential proof to eradicate the cost of audits and verification.

How Blockchain Solves the Problem

Clearly, modern databases are not impervious to data loss or unauthorized data changes. To avoid these vulnerabilities, many companies spend millions of dollars auditing databases to maintain their credibility. Even if the databases are not changed, they do this anyway because businesses require evidence backed data to make decisions. This is where Blockchain technology comes into the picture. Blockchain is an immutable, decentralized, and access-controlled ledger that is distributed to everyone in the system. This ledger contains blocks of data stacked one after the other. Blocks can hold any type of information which does not change at all unless a consensus is reached, which happens either by proof-of-work or proof-of-stake. Each block holds encrypted data including transaction data, a timestamp, and details of the previous block.

Immutability – Blockchain ledgers work on a peer-to-peer mechanism with pre-agreed rules about what data can be added. There are two key functions which make ledgers immutable:

  1. Hash – A hash function is a mathematical function which turns data into a key called a hash. A hash always has a fixed length no matter what data is considered. Data could be anything from a 1000-page book to a one-digit number. There are many hash functions currently in use, and the most common one is SHA-256. For example, the 32-byte (256-bit) hash for the phrase ‘Hash functions are awesome!’ is – 32a5a1ab34a630408308a6b91253b1d9e6667796dd8430017ec0f7eadf3c3236. It is evident that the key cannot be tracked back to the phrase. It is impossible to change any data that has already been hashed, making it immutable.
  1. Blocks – As mentioned above, a block contains encrypted data (hash key), a timestamp, and details of the previous block. The reason why blocks have details of the previous block is to make it impossible to replace any block in the ledger. For example, the pages of a book can easily be replaced as the numbers have no association with the number preceding them. One can easily remove page number 40 and add another page, and name it 40. But a block specifies which block they are building on. In order to change one block, you need to go back to the beginning of the chain and change the entire ledger, which can only happen if a consensus is reached. That is why blockchain ledgers are immutable.

Decentralized – Let’s unpack centralization first. When the power to make decisions resides in a single community/person’s hand, that power is centralized. When every community/person within the system has a say in the decision, that power is known as decentralized power. As the blockchain ledger is distributed to everyone in the system, everyone’s decision is taken into account, but no single central figure has control over the system. There are three types of decentralization and Vitalik Buterin (Co-Founder of Ethereum) clearly explains them in this article.

Implementing Blockchain

To incorporate Blockchain technology in your current BPM or risk management software, you will need to find a blockchain system that is compatible with it.  Blockchain technology can provide security, transparency, and immutability to modern BPM and risk management tools.

Factom can help you in providing the right system compatible with your current BPM software. With a single API call, you’ve created an indisputable, permanent record of the basis of your decision, helping your company save time and money, the two most precious resources.  Are you ready to move towards a practical blockchain solution in 2018? Connect with us at

POSTED: February 27, 2018 BY Jay Smith IN Uncategorized

Before joining Factom, Smith was at Virtusa where he lead creation of a new agile consulting practice, a new market for the company. His past work experience includes leading large accounts as a senior program manager for Wipro and directing business units at CGI for 18 years. Through his 25 year career, Smith designed and built a broad range of systems for financial services firms giving him a deep understanding of the needs of the industry.