AIS Transactions on Replication Research


Conceptual replications offer robust tests of theory by subjecting the relational notions of a scientific model to evaluation using alternate instruments, treatments, and subject pools. This study performs a conceptual replication of Moody, Siponen, and Pahnila’s 2018 empirical analysis that integrated elements of eleven theoretical models to produce the unified model of information security policy compliance (UMISPC). This replication employed a substantially more parsimonious instrument, using modestly revised treatment scenarios targeted toward a U.S. audience of 218 IT professionals as opposed to the Finnish graduate students used in the original study. Our results indicate that UMISPC is robust across variations in instruments and subject pools. The replicated model explained approximately two thirds of the variance in information systems security policy compliance intentions across both studies. In contrast, competing models such as the theory of planned behavior and extended protection motivation theory exhibited large changes in explanatory power when the instrument and subject pool were modified. This suggests that UMIPSC may be a superior theoretical model for consistently evaluating security policy compliance behavioral intentions among varied populations. Our results also indicate that the theoretical model is capable of detecting and integrating a wide range of behavioral antecedents that may have differing levels of influence among various populations.