Making Sense of Certification Internalization: A Process Model for Implementing Information Security and Data Protection Certifications

Making Sense of Certification Internalization: A Process Model for Implementing Information Security and Data Protection Certifications

Published: 2022 Dezember
Herausgeber: Association for Information Systems (AIS)
Buchtitel: Proceedings of the 17th Pre-ICIS Workshop on Information Security and Privacy (WISP 2022)
Seiten: 1855-1 - 1855-20
Verlag: Association for Information Systems (AIS) eLibrary
Erscheinungsort: Copenhagen, Denmark
Organisation: Association for Information Systems (AIS) SIGSEC

Nicht-referierte Veröffentlichung

BibTeX

Kurzfassung
Information systems certifications are becoming increasingly important for information security and data protection by providing organizations with best practices and independent feedback. However, superficial certification internalization is a significant problem: organizations often implement certifications in a lightweight way without truly integrating them into their organizational practices. To mitigate this problem, it is crucial to uncover how different stakeholders involved in the certification make sense of its purpose and criteria. We strive to explore and theorize how organizations internalize information security and data protection certifications through the lens of sensemaking. We draw on a literature review and qualitative interviews to develop a process model of certification internalization spanning three sensemaking cycles: pre-audit assessment, audit, and post-audit maintenance. Taking a more nuanced view of time and process unfolding, we revealed that the ongoing maintenance of certifications plays a critical role in ensuring certification internalization.

Critical Information Infrastructures

Informationssysteme, IT Zertifikate