This paper aims to investigate two different types of compliance measures: the first measure is a value-monistic compliance measure, whereas the second is a value-pluralistic measure, which introduces the idea of competing organisational imperatives.
A survey was developed using two sets of items to measure compliance. The survey was sent to 600 white-collar workers and analysed through ordinary least squares.
The results suggest that when using the value-monistic measure, employees’ compliance was a function of employees’ intentions to comply, their self-efficacy and awareness of information security policies. In addition, compliance was not related to the occurrence of conflicts between information security and other organisational imperatives. However, when the dependent variable was changed to a value-pluralistic measure, the results suggest that employees’ compliance was, to a great extent, a function of the occurrence of conflicts between information security and other organisational imperatives, indirect conflicts with other organisational values.
The results are based on small survey; yet, the findings are interesting and justify further investigation. The results suggest that relevant organisational imperatives and value systems, along with information security values, should be included in measures for employees’ compliance with information security policies.
Practitioners and researchers should be aware that there is a difference in measuring employees’ compliance using value monistic and value pluralism measurements.
Few studies exist that critically compare the two different compliance measures for the same population.
This research has been funded by the Swedish Civil Contingencies Agency.
Karlsson, F., Karlsson, M. and Åström, J. (2017), "Measuring employees’ compliance – the importance of value pluralism", Information and Computer Security, Vol. 25 No. 3, pp. 279-299. https://doi.org/10.1108/ICS-11-2016-0084
Emerald Publishing Limited
Copyright © 2017, Emerald Publishing Limited