CIISR 2022

Content Description of CIISR

„Compliance“ refers to rule adherence, i.e., acting in accordance with applicable rules originating from various sources, including laws, standards, contracts, guidelines, etc. [1, 2]. Compliance has been a relevant topic in Information Systems Research (ISR) for several decades, whose initial focus was primarily on the (semi-)automated support in ensuring and validating rule conformity [3–5]. Second International Workshop on Current Compliance Issues in Information Systems Research (CIISR 2022) will occur on February 20th, 2022 in conjunction with the 17th International Conference on Wirtschaftsinformatik (WI2022). Based on the conference’s central theme–  „WI for Grand Challenges, Grand Challenges for WI“ –the workshop will discuss current compliance challenges with high relevance to the ISR area.

Nowadays, compliance is approached from a variety of different perspectives. For instance, as part of information security management, it is examined which operational compliance measures result in desired employee behavior [6, 7]. In the context of cloud computing, for instance, it is examined how compliance with service level agreements can be ensured in hybrid cloud architectures [8, 9]. In the context of business process management, for instance, it is examined how the compliance of business processes can be ensured sustainably and economically in digitalized and electronic markets [10–12]. These and many other current aspects of compliance are discussed at the CIISR workshop. The workshop offers scientists, practitioners and further interested parties a basic program including three speeches on current compliance issues in information security, cloud computing, and business process management. Furthermore, we cordially invite you to submit and present your completed research papers, short papers, or extended abstracts relevant to the workshop topic. We welcome practical contributions, empirical studies, systematic literature analyses, as well as research papers following the design science research paradigm.

The topics of interest include, but are not limited to:

  • Ensuring compliance with information security policies
    • Management of data breaches
    • Effectiveness of information security management standards
    • Information security under consideration of social factors or in cross-organizational contexts
  • Compliance issues in cloud contexts
    • Ensuring compliance despite the use of hybrid clouds
    • Compliance with service level agreements and qualities of service
  •  Ensuring business process compliance
    • Business process compliance in the context of outsourcing or in consideration of economic/social factors
    • Compliance issues related to process mining
  • Current issues of IT compliance
    • The influence of current IT-related legal regulations (e.g. the General Data Protection Regulation (GDPR), the second Payment Services Directive (PSD2), etc.) on the operations of companies, (government) institutions, …
    • IT compliance and nudging
  • The investigation of compliance issues related to the COVID-19 pandemic in the ISR sector
  •  …

Contributions addressing other workshop-relevant topics are also welcome.

For general questions concerning the workshop or submissions, please contact please contact Dr. Ilja Nastjuk ( We look forward to your submissions and your participation!    

Kind regards,     
Stefan Sackmann, Stephan Kühnel, Simon Trang and Ilja Nastjuk

Target Group

The target group of the CIISR workshop includes academics whose research focus is on current compliance issues, practitioners working in the field of compliance, and all other interested parties. On the one hand, the workshop serves to discuss current trends and new research results by and with (senior) representatives from science and practice. On the other hand, the workshop aims to give young scientists and doctoral students the opportunity to present early research results.           
Interested participants can also register for participation in the workshop without submitting a contribution. We intend to hold the CIISR workshop as a face-to-face event. However, in case it is not possible to conduct the workshop on site due to the COVID-19 pandemic, we will offer a fully digital workshop.

Submission Types, Submission Instructions, and Formalities

We welcome submissions to the CIISR workshop on the above-mentioned topics written in English. For this purpose, we offer three submission types:

(1) Completed research papers/complete practical reports
This submission type includes both advanced research with at least partial evaluation and comprehensive practical contributions.

(2) Short papers (research in progress papers/short practical reports)
Short papers represent ongoing research or ongoing practical projects. In addition to presenting initial results, these papers should also contain an outlook on further research or further project progress, including planned future work steps

(3) Extended abstracts
Extended abstracts present and discuss high-quality results of already published contributions (or dissertations/postdoctoral theses) with relevance to the workshop topic.

Completed research contributions and complete practical reports must not exceed 12 pages, short papers must not exceed 6 pages, and extended abstracts must not exceed 4 pages, including title, abstract, author details, acknowledgments, and possible appendices. The bibliography is not included in the pagination.

When formatting your submissions, please use the official WI2022 template, which can be downloaded using the following link:

Please submit your articles directly via the ConfTool of the WI2022:

If you do not yet have an account, you first have to register for the ConfTool of the WI2022. Already registered users can log in directly, then press „Your Submissions“ and finally select the CIISR Workshop.

Except for extended abstracts, the submission of contributions must be made in anonymized form, i.e., all information that would allow the authors to be identified must be removed or blinded (e.g., author names, citations of preliminary works, project names). Each submission will be reviewed double-blind. The authors‘ information will be added after the acceptance notification. 

All accepted contributions will be published in an workshop volume or in the official WI Conference Proceedings and must be presented and discussed by at least one author during the CIISR workshop. Short papers and extended abstracts will have a presentation time of about 15 minutes and a discussion time of about 5 minutes. Completed research papers and complete practical reports will have a presentation time of about 20 minutes and a discussion time of about 15 minutes.

Deadlines (extended)

Deadline for submissions:5 December 2021
12 December 2021
(midnight CET) 
Notification of acceptance:19 December 2021
24 December 2021
Final paper submission:9 January 2021
Final acceptance notification:16 January 2022    
Workshop date:20 February 2022

Workshop Schedule

Session 111:0011:55
Opening11:0011:05Stefan Sackmann,
Simon Trang,
Stephan Kühnel, Ilja Nastjuk
Workshop Opening
Kick-off Speech11:0511:20Simon TrangKick-off Speech
Presentation 111:2011:55Tizian Matschak, Theresa Pfaff„The Role of Situational Risk Propensity in Technology Threat Avoidance Behavior“
Coffee Break 11:5512:10
Session 212:1013:20
Presentation 212:1012:45Laura Niedzela, Leonard Nake „Categories of Approaches for IT Security Investment Decisions: A Systematic Literature Review“
Presentation 312:4513:20Emin Mehmet Yazici„Security Issues in Data Analytical Environments“
Open Discussions13:20open endall participantsget together and networking

The three papers of CIISR 2022 can be found at We thank the Association for Information Systems (AIS) and the AIS eLibrary (AISeL) for supporting our event by publishing these articles.

Workshop Organizers

Prof. Dr. Stefan Sackmann
Chair of Business Informatics, esp. Business Information Management
Institute for Information Systems and Operations Research    
Martin Luther University Halle-Wittenberg 
Universitaetsring 3, 06108 Halle (Saale), Germany

Dr. Stephan Kühnel
Chair of Business Informatics, esp. Business Information Management
Institute for Information Systems and Operations Research    
Martin Luther University Halle-Wittenberg 
Universitaetsring 3, 06108 Halle (Saale), Germany

Prof. Dr. Simon Trang
Chair for Information Security and Compliance       
Georg August University of Goettingen
Platz der Goettinger Sieben 5
37073 Goettingen, Germany         

Dr. Ilja Nastjuk
Chair for Information Security and Compliance      
Georg August University of Goettingen
Platz der Goettinger Sieben 5
37073 Goettingen, Germany        

The complete proceedings of CIISR 2023 can be found at We thank for supporting our event by publishing this workshop volume!

Program Committee

  • Prof. Dr. Jörn Altmann
  • Ing. Georg Fischer (Sr. Developer)
  • Prof. Dr. Nadine Guhr
  • Ass. Prof. Dr. Simon Hacks
  • Prof. Dr. Jana Rhese
  • Michael Seifert, M. Sc. (Sr. Manager)
  • Dr. Tobias Seyffarth
  • Prof. Dr. Frank Teuteberg
  • Prof. Dr. Nils Urbach

Web Chair

  • Dr. Stephan Kühnel


  1. Becker, J., Delfmann, P., Dietrich, H.-A., Steinhorst, M., Eggert, M.: Business Process Compliance Checking – Applying and Evaluating a generic Pattern Matching Approach for Conceptual Models in the Financial Sector. Information Systems Frontiers 18, pp. 359–405, (2016).
  2. Rinderle-Ma, S., Ly, L.T., Dadam, P.: Business Process Compliance (Aktuelles Schlagwort). EMISA Forum, pp. 24–29, (2008).
  3. Sackmann, S., Kuehnel, S., Seyffarth, T.: Using Business Process Compliance Approaches for Compliance Management with Regard to Digitization: Evidence from a Systematic Literature Review. In: Weske M., Montali M., Weber I., vom Brocke J. (eds) Business Process Management. BPM 2018. Lecture Notes in Computer Science, vol 11080. Springer, Cham, pp 409-425, (2018).
  4. Fellmann, M., Zasada, A.: State-of-the-art of Business Process Compliance Approaches: A Survey. Proceedings of the 22th European Conference on Information Systems (ECIS’14), pp. 1–17, (2014).
  5. Schultz, M.: Towards an Empirically Grounded Conceptual Model for Business Process Compliance. In: Ng W., Storey V.C., Trujillo J.C. (eds) Conceptual Modeling. ER 2013. Lecture Notes in Computer Science, vol 8217. Springer, Berlin, Heidelberg, pp 138-145, (2013).
  6. Trang, S., Brendel, B.: A Meta-Analysis of Deterrence Theory in Information Security Policy Compliance Research. Information Systems Frontiers 21, pp. 1265–1284, (2019).
  7. Lembcke, T.-B., Masuch, K., Trang, S., Hengstler, S., Plics, P., Pamuk, M.: Fostering Information Security Compliance: Comparing the Predictive Power of Social Learning Theory and Deterrence Theory. Americas Conference on Information Systems (AMCIS), (2019).
  8. Xiaoyong, Y., Ying, L., Tong, J., Tiancheng, L., Zhonghai, W.: An Analysis on Availability Commitment and Penalty in Cloud SLA. In: Computer Software and Applications Conference (COMPSAC), pp. 914–919, (2015).
  9. Morin, J.-H., Aubert, J., Gateau, B.: Towards Cloud Computing SLA Risk Management: Issues and Challenges. In: Sprague, R.H. (ed.) 45th Hawaii International Conference on System Sciences. (HICSS) ; USA, 4 – 7 Jan. 2012, pp. 5509–5514, (2012).
  10. Hake, P., Rehse, J.-R. und Fettke, P.: Toward Automated Support of Complaint Handling Processes: An Application in the Medical Technology Industry. Journal on Data Semantics 10, pp. 41-56, (2021).
  11. Seyffarth, T., Kuehnel, S., Sackmann, S.: Business Process Compliance Despite Change: Towards Proposals for a Business Process Adaptation. In: Cappiello C., Ruiz M. (eds) Information Systems Engineering in Responsible Information Systems. CAiSE 2019. Lecture Notes in Business Information Processing, vol 350. Springer, Cham, pp. 227-239, (2019).
  12. Kuehnel, S., Trang, S., Lindner, S.: Conceptualization, Design, and Implementation of EconBPC – A Software Artifact for the Economic Analysis of Business Process Compliance. In: Laender A., Pernici B., Lim EP., de Oliveira J. (eds) Conceptual Modeling. ER 2019. Lecture Notes in Computer Science, vol 11788. Springer, Cham, pp. 378-386, (2019).
  13. Knuplesch, D., Reichert, M., Fdhila, W., Rinderle-Ma, S.: On Enabling Compliance of Cross-Organizational Business Processes, In: Daniel F., Wang J., Weber B. (eds) Business Process Management. Lecture Notes in Computer Science, vol 8094. Springer, Berlin, Heidelberg, pp. 146-154, (2013).