A Conceptual Analysis about the Organizational Impact of Compliance on Information Systems Security

Protection of data and information security are crucial to business processes and include technical, sociological and organizational aspects. The purpose of this paper is to explore the importance of information security policy and organizational compliance within a socio-technical framework. Citing some of the major compliance acts in the United States, this paper examines how the need arose for information security compliance and the antecedents that made compliance mandatory for organizations. This would apply to any organization, in whichever other country, within its legal compliance framework. A discussion follows to help shed light on how both individual employees and the organization as a whole often fail to implement a satisfactory compliance initiative. Finally, the research presents a set of key factors that influence successful implementation of information system security Compliance into the information security policy (ISP), along with what actions should be taken to make compliance a competitive advantage for the organization, taking advantage of the particular relationship between compliance and ISP.