General Description of the CIISR Workshop "Compliance" refers to rule adherence, i.e., acting in accordance with applicable rules originating from various sources, including laws, standards, contracts, guidelines, etc. [1, 2]. Compliance has been a relevant topic in Information Systems Research (ISR) for several decades, whose initial focus was primarily on the (semi-)automated support in ensuring and validating rule conformity [3-5]. Nowadays, compliance is approached from a variety of different perspectives. As part of information security management, for instance, it is examined which operational compliance measures result in desired employee behavior [6, 7]. In the context of cloud computing, for instance, it is examined how compliance with service level agreements can be ensured in hybrid cloud architectures [8, 9]. And in the context of business process management, for instance, it is examined how the compliance of business processes can be ensured sustainably and economically in digitalized and electronic markets [10-12]. The first International Workshop on Current Compliance Issues in Information Systems Research (CIISR 2021) was intended as a prelude to an exchange format that will enable a continuous interchange of scientists and also practitioners in this field. The workshop took place on March 9th, 2021, in conjunction with the 16th International Conference on Wirtschaftsinformatik (WI 2021). Based on the conference's main theme"Innovation through Information Systems - Business & Information Systems Engineering as a Future-Oriented Discipline"-the CIISR workshop discussed current compliance issues with high relevance to the ISR area.
We invited the scientific community to submit discussion papers and also research results as contributions to the CIISR 2021 workshop. Submissions in numerous subject areas interfacing with compliance were welcome, such as ensuring compliance with information security policies, compliance issues in the context of clouds, ensuring business process compliance, current IT compliance issues, and–for a given current occasion–the impact of the COVID-19 pandemic on compliance in the ISR environment. We called for contributions from the above-mentioned topics that can be assigned to one of the following three submission types: 1.
This submission type includes both advanced research with at least partial evaluation and comprehensive practical contributions.
Short papers represent ongoing research or ongoing practical projects. In addition to presenting initial results, these papers should also include an outlook on further research or project progress, including planned future work steps.
Extended abstracts present and discuss high-quality results of already published contributions (or dissertations/postdoctoral theses) relevant to the workshop topic.
In the submission version, completed research papers and practical reports must not exceed 12 pages, short papers must not exceed six pages, and extended abstracts must not exceed four pages, including title, abstract, bibliography, author details, and acknowledgments. Possible appendices are not included in the pagination. Each paper submitted to the workshop underwent a rigorous double-blind review by at least two reviewers and was evaluated for five criteria: 1) quality of content, 2) significance for theory and practice, 3) originality and level of innovativeness, 4) fitting to the workshop theme, and 5) quality of presentation. The three workshop chairs subsequently discussed the review results of each paper, resulting in a decision of acceptance or rejection. A total of seven papers were submitted to the workshop, of which four were accepted as full papers and one as a short paper. Accordingly, the acceptance rate of full papers was 57 %.
In line with the WI 2021, the CIISR 2021 workshop was held completely online. Despite its virtual form, we are pleased to report that it was well received by the research community. 42 conference attendees were registered for the workshop, and finally, more than 50 attended. The CIISR 2021 workshop and the CIISR 2021 workshop proceedings at hand contain six contributions, including one paper on the keynote speech of the workshop chairs, the four accepted full papers, and one accepted short paper:
Selection of IT Security Measures accompanies the keynote and particularly focuses on the ProBITS project, which is funded by the German Federal Ministry of Education and Research (BMBF) since April 2021 and deals with the economic assessment and analysis of IT security measures in business processes.
analyses compliance in the context of cloud computing. His research is devoted to comparing service level agreements and reducing their heterogeneity. In this context, the paper also sheds light on the management of compliance with agreed-upon requirements.
Literature Review by Mohammed Mubarkoot and Joern Altmann analyses compliance of software and software services. Based on a systematic literature review, existing frameworks of software compliance management are identified and compared to the needs of different industries. The results show heterogeneity in terms of approaches and industries, especially regarding priorities, specifics, and compliance requirements, so further research seems to be vital.
Hengstler and Natalya Pryazhnykova is dedicated to analyzing the relevance of culture to information security on different levels. Their results show that cultural aspects are relevant in different areas of information security, namely in information security governance, in awareness programs, in its influence on compliance behavior, and when designing an organizational security culture. They propose to further analyze the connection between culture and information security in the light of their identified research areas to better understand the impact of culture on security compliance.
Information Security Behavior Theories by Sebastian Hengstler empirically compares different theories for ensuring information security compliance behavior with respect to different cultures. Protection motivation and deterrence theory are tested in Germany, India, and the USA and compared by invariance tests and determination of predictive power. The conclusion suggests that taking a differentiated view on culture might improve information security policy compliance behavior in the future.
IT Supported Business Processes by Tobias Seyffarth presents a holistic framework for managing business process compliance in flexible environments. His research models relations between compliance requirements, business process activities, and underlying IT components. Thus, the approach allows interesting analyses of these relations, especially when changes become necessary. 4
The main person responsible for the workshop was Dr. Stephan Kühnel (general workshop and web chair), who was supported by Prof. Dr. Stefan Sackmann and Prof. Dr. Simon Trang (workshop co-chairs). Stephan Kühnel and Stefan Sackmann are researchers in the field of business process management at the Chair for Information Systems, esp. Business Information Management at the Martin Luther University Halle-Wittenberg. Both are actively researching in the field of economic evaluation of business process compliance and security. Simon Trang is a researcher in the field of information security management and holds the Chair for Information Security and Compliance at the Georg August University of Goettingen. His research focuses on the economic aspects of information security measures and human aspects of information security.
Although the number of submissions to the workshop was manageable, establishing a new workshop in the community would not have been possible without the help of others. Thus, we are very thankful for all the support we received from the teams of the respective chairs. Furthermore, we are very thankful for all the support we got during the review process. We were happy to have so many researchers supporting us in the program committee, namely (in alphabetic order of the last name):
Martin Schultz (HAW University of Applied Sciences Hamburg, Germany),
Tobias Seyffarth (Martin Luther University Halle-Wittenberg, Germany),
In addition, we thank Peter Hofmann (University of Bayreuth, Germany) and Sebastian Hengstler (Georg August University of Goettingen, Germany) for their work as (sub)reviewers. Last but not least, our thanks also belong to Sebastian Lindner (Martin Luther University Halle-Wittenberg, Germany) for his work as a web co-chair and to the WI 2021 team for their support in organizational and technical matters.