First International Workshop on Current Compliance Issues in Information Systems Research (CIISR 2021)

Description of CIISR


“Compliance” refers to rule adherence, i.e., acting in accordance with applicable rules originating from various sources, including laws, standards, contracts, guidelines, etc. [1, 2]. Compliance has been a relevant topic in Information Systems Research (ISR) for several decades, whose initial focus was primarily on the (semi-)automated support in ensuring and validating rule conformity [3–5].

The first International Workshop on Current Compliance Issues in Information Systems Research (CIISR 2021) will take place on March 9th, 2021 in conjunction with the 16th International Conference on Information Systems (WI2021). Based on the main theme of the conference – “Innovation through Information Systems – WI as a trend-setting science” – the workshop will discuss current compliance issues with a high relevance to the ISR area.

Nowadays, compliance is approached from a variety of different perspectives. As part of information security management, for instance, it is examined which operational compliance measures result in desired employee behavior [6, 7]. In the context of cloud computing, for instance, it is examined how compliance with service level agreements can be ensured in hybrid cloud architectures [8, 9]. In the context of business process management, for instance, it is examined how compliance of business processes can be ensured sustainably and economically in digitalized and electronic markets [10–12]. These and many other current aspects of compliance are discussed at the CIISR work-shop. The workshop offers scientists, practitioners and further interested parties a basic program including three speeches on current compliance issues in information security, cloud computing, and business process management.

Furthermore, we cordially invite you to submit and present your completed research papers, short papers, or extended abstracts relevant to the workshop topic. We welcome practical contributions, empirical studies, systematic literature analyses, as well as research papers following the design science research paradigm. The topics of interest include, but are not limited to:

Ensuring compliance with information security policies

● Management of data breaches

● Effectiveness of information security management standards

● Information security under consideration of social factors or in cross-organizational contexts

● …

Compliance issues in cloud contexts

● Ensuring compliance despite the use of hybrid clouds

● Compliance with service level agreements and qualities of service

● …

Ensuring business process compliance

● Business process compliance in the context of outsourcing or in consideration of economic/social factors

● Compliance issues related to process mining

●  …

Current issues of IT compliance

● The influence of current IT-related legal regulations (e.g. the General Data Protection Regulation (GDPR), the second Payment Services Directive (PSD2), etc.) on the operations of companies, (government) institutions, …

● IT compliance and nudging

● …

The investigation of compliance issues related to the COVID-19 pandemic in the ISR sector


Contributions addressing other workshop-relevant topics are also welcome. For the lat-est information on the CIISR workshop, please visit the official workshop website:

For general questions concerning the workshop or submissions, please contact Dr. Stephan Kühnel ( We look forward to your sub-missions and your participation!

Kind regards, Stephan Kühnel, Stefan Sackmann, and Simon Trang


Format of CIISR

The CIISR workshop comprises a total of 3 sessions, each of which is introduced by a speech addressing a current compliance issue. The speeches deal with current challenges in the areas of information security compliance, compliance in the context of clouds, and business process compliance representing the basic workshop program. The remaining slots of the sessions are available for presentations of practical contributions and research results from submissions.

The target group of the CIISR workshop includes academics whose research focus is on current compliance issues, practitioners working in the field of compliance, and all other interested parties. On the one hand, the workshop serves to discuss current trends and new research results by and with (senior) representatives from science and practice. On the other hand, the workshop aims to give young scientists and doctoral students the opportunity to present early research results. Interested participants can also register for participation in the workshop without submitting a contribution.

We intend to hold the CIISR workshop as a face-to-face event. However, in case it is not possible to conduct the workshop on site due to the COVID-19 pandemic, we will offer a fully digital workshop.


Contact persons

Dr. Stephan Kühnel (Hauptansprechpartner)

Lehrstuhl für Wirtschaftsinformatik, insbes. Betriebliches Informationsmanagement Institut für Wirtschaftsinformatik und Operations Research

Martin-Luther-Universität Halle-Wittenberg

Universitätsring 3, 06108 Halle (Saale), Deutschland


Prof. Dr. Stefan Sackmann

Lehrstuhl für Wirtschaftsinformatik, insbes. Betriebliches Informationsmanagement Institut für Wirtschaftsinformatik und Operations Research

Martin-Luther-Universität Halle-Wittenberg

Universitätsring 3, 06108 Halle (Saale), Deutschland


Prof. Dr. Simon Trang

Lehrstuhl für Informationssicherheit und Compliance

Georg-August-Universität Göttingen

Platz der Göttinger Sieben 5

37073 Göttingen, Deutschland E-Mail:


Submission Types, Submission Instructions, Deadlines, and Formalities

We welcome submissions to the CIISR workshop on the above-mentioned topics writ-ten in English. For this purpose, we offer 3 submission types:

(1) Completed research papers/complete practical reports

This submission type includes both advanced research with at least partial evaluation and comprehensive practical contributions.

(2) Short papers (research in progress papers/short practical reports)

Short papers represent ongoing research or ongoing practical projects. In addition to presenting initial results, these papers should also contain an outlook on further research or on further project progress, including planned future work steps.

(3) Extended abstracts

Extended abstracts present and discuss high-quality results of already published contributions (or dissertations/postdoctoral theses) with relevance to the work-shop topic.

Completed research contributions and complete practical reports must not exceed 12 pages, short papers must not exceed 6 pages, and extended abstracts must not exceed 4 pages, including title, abstract, bibliography, author details, and acknowledgements. Possible appendices are not included in the pagination.

Deadlines (tentative):

● Deadline for submissions: January 15th, 2021 (midnight CET)

● Notification of acceptance: February 12th, 2021

● Final paper submission: February 26th, 2021

● Workshop date: March 9th, 2021

When formatting your submissions, please use the official WI2021 template, which you can download here:



Please submit your articles directly via the ConfTool of the WI2021:

If you do not yet have an account, you first have to register for the ConfTool of the WI2021. Already registered users can log in directly, then press „Your Submissions“ and finally select the CIISR Workshop.

With the exception of extended abstracts, the submission of contributions must be made in anonymized form, i.e., all information that would allow the authors to be identified must be removed or blinded (e.g., author names, citations of preliminary works, project names, etc). Each submission will be reviewed double-blind. The author information will be added after the acceptance notification.

All accepted contributions will be published in an open access workshop volume. For the latest information on the submission procedure, the conference system, and the workshop proceedings, please visit the official CIISR workshop website:

Accepted contributions are presented and discussed by at least one author during the CIISR workshop. Short papers and extended abstracts will have a (tentative) presentation time of about 15 minutes and a discussion time of about 5 minutes. For completed research papers and complete practical reports, a (tentative) presentation time of about 20 minutes and a discussion time of about 10 minutes is planned.



1. Becker, J., Delfmann, P., Dietrich, H.-A., Steinhorst, M., Eggert, M.: Business Process Compliance Checking – Applying and Evaluating a generic Pattern Matching Approach for Conceptual Models in the Financial Sector. Information Systems Frontiers 18, pp. 359–405, (2016).

2. Rinderle-Ma, S., Ly, L.T., Dadam, P.: Business Process Compliance (Aktuelles Schlagwort). EMISA Forum, pp. 24–29, (2008).

3. Sackmann, S., Kühnel, S., Seyffarth, T.: Using Business Process Compliance Approaches for Compliance Management with Regard to Digitization: Evidence from a Systematic Literature Review. In: Weske M., Montali M., Weber I., vom Brocke J. (eds) Business Process Management. BPM 2018. Lecture Notes in Computer Science, vol 11080. Springer, Cham, pp 409-425, (2018).

4. Fellmann, M., Zasada, A.: State-of-the-art of Business Process Compliance Approaches: A Survey. Proceedings of the 22th European Conference on Information Systems (ECIS’14), pp. 1–17, (2014)

5. Schultz, M.: Towards an Empirically Grounded Conceptual Model for Business Process Compliance. In: Ng W., Storey V.C., Trujillo J.C. (eds) Conceptual Modeling. ER 2013. Lecture Notes in Computer Science, vol 8217. Springer, Berlin, Heidelberg, pp 138-145, (2013).

6. Trang, S., Brendel, B.: A Meta-Analysis of Deterrence Theory in Information Security Policy Compliance Research. Information Systems Frontiers 21, pp. 1265–1284, (2019)

7. Lembcke, T.-B., Masuch, K., Trang, S., Hengstler, S., Plics, P., Pamuk, M.: Fostering Information Security Compliance: Comparing the Predictive Power of Social Learning Theory and Deterrence Theory. Americas Conference on Information Systems (AMCIS), (2019).

8. Xiaoyong, Y., Ying, L., Tong, J., Tiancheng, L., Zhonghai, W.: An Analysis on Availability Commitment and Penalty in Cloud SLA. In: Computer Software and Applications Conference (COMPSAC), pp. 914–919, (2015).

9. Morin, J.-H., Aubert, J., Gateau, B.: Towards Cloud Computing SLA Risk Management: Issues and Challenges. In: Sprague, R.H. (ed.) 45th Hawaii International Conference on System Sciences. (HICSS) ; USA, 4 – 7 Jan. 2012, pp. 5509–5514, (2012).

10. Seyffarth, T., Kuehnel, S., Sackmann, S.: Business Process Compliance Despite Change: Towards Proposals for a Business Process Adaptation. In: Cappiello C., Ruiz M. (eds) Information Systems Engineering in Responsible Information Systems. CAiSE 2019. Lecture Notes in Business Information Processing, vol 350. Springer, Cham, pp. 227-239, (2019).

11. Kühnel, S., Trang, S., Lindner, S.: Conceptualization, Design, and Implementation of EconBPC – A Software Artifact for the Economic Analysis of Business Process Compliance. In: Laender A., Pernici B., Lim EP., de Oliveira J. (eds) Conceptual Modeling. ER 2019. Lecture Notes in Computer Science, vol 11788. Springer, Cham, pp. 378-386, (2019).

12. Knuplesch, D., Reichert, M., Fdhila, W., Rinderle-Ma, S.: On Enabling Compliance of Cross-Organizational Business Processes, In: Daniel F., Wang J., Weber B. (eds) Business Process Management. Lecture Notes in Computer Science, vol 8094. Springer, Berlin, Heidelberg, pp. 146-154, (2013).