Abstract
The use of computers and sophisticated technologies are on the rise, and organizations are constantly looking for ways to invest in technologies to stay ahead of the competitive market. As such, cyber security and safety measures have been put in place by the organizations to protect them from attacks and to ensure that products and services are safe. However, managing cyber security and safety is becoming more challenging in today's business because people are both a cause of cyber security incidents as well as a key part of the protection from them. It is however that non-compliance with policies and directives are major security breaches. What is not well known, however, are the reasons behind the non-compliance behaviours. This chapter seeks to explore the reasons behind the non-compliance behaviours by use of compliance assessment model (CAM). The chapter reviews a case study in a health centre and systematically assesses the reasons behind the non-compliance behaviour by using the CAM model.
TopIntroduction
The ubiquitous changes in the technological space require stringent measures to ensure that data integrity and security are not compromised. As a result, many rules and regulations have been enacted to manage the risk to stakeholders’ interaction in the technological space. These regulations are not only limited to organizations and businesses, but countries have also put cyber security measures in place to protect their institutions and citizens. As a result of the increased regulations, set of harmonized and consolidated compliance controls have been adopted by organizations to promote operational transparency (Silveira et al., 2012). Importantly, organizations have put in systems and applied commensurate effort to aid compliance to relevant laws, policies, and regulations. This reduces unwanted replication of effort and waste of resources while ensuring that all relevant governance stipulations are attained (Dankwa & Nakata, 2018).
Moreover, without relevant systems and processes that enable compliance knowledge, organizations may repeat and duplicate compliance breaches and even risk information leak or loss as they struggle to learn from the past non-compliance experiences (Caroline & Meyer, 2012). Despite systems and measures in place to curtail impact on security and safety, there are many instances within organizations where non-compliances have been reported. The cause of the non-compliances has been indicated to be multifactorial with different impact on people, organizations and even countries. Again, some questions remain unanswered although there is improved appreciation of how IT systems boost corporate execution (Kim & Kim, 2017). In addition, there is minimal information about the efficacy of the compliance support network in place, promoting the compliance intention of individual employees and thus enabling the assessment of compliance behaviour. Thus, this chapter seeks to address these questions:
The chapter proposes that the understanding and resolution of these questions will enable organizations to make compliance support systems that promote overall employee compliance intention and hence improve compliance behaviour. Consequently, the author seeks to explain the myth about non-compliance by considering the reasons behind non-compliance and the impact of it on safety and security. The author seeks to approach this paper from the potential impact of security and safety breaches on patient treatment and other relevant stakeholders within the health care sector. The author proposes that in most cases, non-compliance occurs because stakeholders do not understand the importance and usefulness of the rules and regulations in place. The study further argues that, many of the non-compliances are due to people not knowing their role in the security and safety architecture, their role in adoption and use of the technology or resource available and the impact of their failures on safety and quality of patient treatment.
The remainder of the chapter is organized as follows: Section 2 summarizes the background of previous research and studies within the field of cyber security and safety. This further considers the various gaps and factors that impede compliance to security and safety procedures, rules and regulations. In section 3, the chapter introduces the methodology that will be followed in this study to address the questions that were posed. Section 4 considers the rationale for the chosen model for the appraisal of the intentions behind the non-compliance behaviour. This is followed in section 5 by review of a case study in the health care sector using the chosen model. In section 6, the chapter discusses the outcome of the assessment and considers the limitation of the study and further work. Section 7 then concludes the whole chapter.
Key Terms in this Chapter
QMS as a Tool: Quality management system comprises all the procedures and processes in place for the subject to use. This involves the policies in place about the use of the technology. It acts as the means or tool for the subjects to interact with the object.
Behavioural Intention: The subjective probability that an individual will perform a specified behaviour. This relates to the intent of the subject to perform the behaviour, especially towards others and things.
Misplaced/Misunderstanding of Roles: This looks at the various roles that exist within the department and how they complement each other in achieving the set goals. This also considers the role of other stakeholders within the organization whose activities impacts on the subject.
Community: The community involves the different sections that may exist within the department and how they interact with each other to achieve the outcome. This may promote the culture that exists within the department and by extension, the organization.
Resources: This includes the staff numbers, the time available to perform task and all the relevant materials and equipment needed by the subject to use the technology as required.
Division of Labour: This is the hierarchy that exist within the department and the organization. This looks at the leadership and management structure and their interaction with the subject which influences their attitude.
Perceived ease of use: The degree to which the person using a particular system believes it to be free from effort ( Davis, 1989 ). Looks at the ease with how the subject can use the technology.
Norms, Rules, QMS: These are the external variables that affects the attitude of the subject in choosing the tool for the required interaction with the object.
Perceived usefulness: Is the degree to which a person believes that using a particular system would enhance their job performance. In other words, the subject perceiving the technology as useful for what they want to do.