DOI: 10.4018/IJISSCM.2016010101 Copyright © 2016, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited. International Journal of Information Systems and Supply Chain Management Volume 9 • Issue 1 • January-March 2016 1 Information Security Compliance Behaviour of Supply Chain Stakeholders: Infuences and Differences Ibrahim Shafu, Auckland University of Technology, Auckland, New Zealand William Yu Chung Wang, Auckland University of Technology, Auckland, New Zealand Harminder Singh, Auckland University of Technology, Auckland, New Zealand ABSTRACT Supply chain security is an emerging topic in the supply chain management literature. Information security is a key component of supply chain security, and this study aims to identify the factors that influence the compliance behaviour with respect to information security. A related objective is to understand the extent to which compliance was substantive or symbolic. Adopting a qualitative approach, the authors conducted semi-structured interviews with stakeholders based in New Zealand who are involved in international supply chains. The interviews find that compliance behaviour is affected by the influence of other organizations, organizational perceptions of compliance, and the rules and norms of exchange in different contexts. The results also indicate that compliance behaviour is more symbolic than substantive in the supply chain environment. KeywoRDS Compliance Behaviour, Information Security, Institutional Theory, Security Initiatives, Social Exchange Theory, Supply Chain Security INTRoDUCTIoN Supply chain security (SCS) is an emerging field of research within the supply chain management (SCM) discipline. Security is a key concern for SCM because supply chains are complex, vulnerable and fragile because they are made up of interdependent stakeholders who rely on their partners’ trustworthiness and commitment (Sarathy, 2006). With the need to protect national borders against terrorists using conveyances or containers to ship weapons of mass destruction or harmful bio-weapons, SCS has become an even more important issue for many countries (Closs & McGarrell, 2004; Lee & Whang, 2005; Urciuoli, 2010). However, little empirical literature supports policy or practice in this emerging field (Williams, Jason, & Stephen, 2008). Closs and McGarrell (2004) define supply chain security as: “the application of policies, procedures, and technology to protect supply again assets (products, facilities, equipment, information and personnel) from theft, damage, or terrorism, and to prevent the introduction of unauthorised contraband, people or weapons of mass destruction into the supply chain” (page 8).