AIS Transactions on Replication Research


Moody et al. (2018) presented a unified model of information security policy compliance (UMISPC) to explain information systems security (ISS) behaviors. The model was empirically tested against 3 main types of security-related behavior: USB practices, not locking computers appropriately, and password issues. In this study, we present a conceptual replication of Moody et al. (2018) in order to provide stronger empirical support. To this end, our study has empirically examined UMISPC through three types of ISS behaviors within a work environment in the European Union (EU), where General Data Protection Regulation (GDPR) is in force. The replication of the empirical study with the three scenarios is original. While the replication in general highlights the strength of UMISPC, the results also indicate some differences from the original study and show that there is still room for improving some of its theoretical concepts.