{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,27]],"date-time":"2026-03-27T15:14:31Z","timestamp":1774624471581,"version":"3.50.1"},"reference-count":26,"publisher":"Springer Fachmedien Wiesbaden GmbH","issue":"2","license":[{"start":{"date-parts":[[2023,5,3]],"date-time":"2023-05-03T00:00:00Z","timestamp":1683072000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2023,5,3]],"date-time":"2023-05-03T00:00:00Z","timestamp":1683072000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"name":"Hochschule Konstanz Technik, Wirtschaft und Gestaltung (HTWG)"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["HMD"],"published-print":{"date-parts":[[2024,4]]},"abstract":"<jats:title>Zusammenfassung<\/jats:title><jats:p>Die digitale Transformation von Gesch\u00e4ftsprozessen und die st\u00e4rkere Integration von IT-Systemen f\u00fchren zu Chancen und Risiken f\u00fcr kleine und mittlere Unternehmen (KMU). Risiken, die zu fehlender IT-Governance, Risk und Compliance (GRC) f\u00fchren k\u00f6nnen. Ziel dieses Beitrags ist es, die Design- und Evaluierungsphase der Erstellung eines Artefakts darzustellen. Dabei wird der Design Science Research Ansatz nach Hevner verwendet. Das Artefakt wird f\u00fcr die Auswahl von Standards entwickelt, indem KMU-relevante Auspr\u00e4gungen und bestehende Rahmenwerke auf die definierten Kriterien angepasst werden<\/jats:p>","DOI":"10.1365\/s40702-023-00974-0","type":"journal-article","created":{"date-parts":[[2023,5,3]],"date-time":"2023-05-03T07:02:31Z","timestamp":1683097351000},"page":"572-585","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["IT-Compliance in KMU\u00a0\u2013 Eine Methode zum angepassten Einsatz von Rahmenwerken","IT-Compliance in SME\u2014a method for the adapted use of frameworks"],"prefix":"10.1365","volume":"61","author":[{"given":"Nico","family":"Deistler","sequence":"first","affiliation":[]}],"member":"93","published-online":{"date-parts":[[2023,5,3]]},"reference":[{"key":"974_CR1","first-page":"Article 6","volume":"9","author":"S Alter","year":"2002","unstructured":"Alter\u00a0S (2002) The work system method for understanding information systems and information systems research. Commun Assoc Inform Syst 9:Article 6","journal-title":"Commun Assoc Inform Syst"},{"issue":"54","key":"974_CR2","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1365\/s40702-016-0281-2","volume":"1","author":"S Bei\u00dfel","year":"2017","unstructured":"Bei\u00dfel\u00a0S (2017) Differenzierung von Rahmenwerken des IT-Risikomanagements. HMD 1(54):37\u201354","journal-title":"HMD"},{"key":"974_CR3","doi-asserted-by":"publisher","first-page":"1047","DOI":"10.1365\/s40702-020-00612-z","volume":"57","author":"N Deistler","year":"2020","unstructured":"Deistler\u00a0N, Rentrop\u00a0C (2020) IT-compliance in KMU \u2013 state of the art. HMD 57:1047\u20131057","journal-title":"HMD"},{"key":"974_CR4","doi-asserted-by":"publisher","DOI":"10.1365\/s35764-021-00380-5","author":"N Deistler","year":"2022","unstructured":"Deistler\u00a0N, Rentrop\u00a0C (2022a) IT-Compliance in KMU \u2013 Experteninterviews zum Status quo. Wirtschaftsinform Manage. https:\/\/doi.org\/10.1365\/s35764-021-00380-5","journal-title":"Wirtschaftsinform Manage"},{"key":"974_CR5","first-page":"233","volume-title":"Proceedings of the 15th IADIS International Conference","author":"N Deistler","year":"2022","unstructured":"Deistler\u00a0N, Rentrop\u00a0C (2022b) An IT-GRC Approach in SME. In: Proceedings of the 15th IADIS International Conference Porto, S 233\u2013237"},{"key":"974_CR6","unstructured":"Deistler N, Rentrop C (2022c) A Method for an IT-GRC Approach in SMEs \u2013 Design Phase. In: PACIS 2022 Proceedings 316. https:\/\/aisel.aisnet.org\/pacis2022\/316. Zugegriffen: 01.08.2022"},{"key":"974_CR7","unstructured":"EU-Kommission (2005) Definition of SMEs. https:\/\/eur-lex.europa.eu\/legal-content\/DE\/TXT\/PDF\/?uri=CELEX:32003H0361&from=EN. Zugegriffen: 11. Febr. 2022"},{"key":"974_CR8","volume-title":"Intelligent information and database systems. 9th Asian conference","author":"F Hartawan","year":"2017","unstructured":"Hartawan\u00a0F, Suroso\u00a0J (2017) Information technology services evaluation based ITIL V3 2011 and COBIT 5 in center for data and information. In. In: Intelligent information and database systems. 9th Asian conference"},{"key":"974_CR9","volume-title":"CISR WP No. 190","author":"JC Henderson","year":"1989","unstructured":"Henderson\u00a0JC, Venkatraman\u00a0N (1989) Strategic alignment. A framework for strategic information technology management. In: CISR WP No. 190 Massachusetts"},{"key":"974_CR13","doi-asserted-by":"publisher","DOI":"10.37307\/b.978-3-503-16311-3","volume-title":"Governance, Risk und Compliance im Mittelstand, Praxisleitfaden f\u00fcr gute Unternehmensf\u00fchrung","author":"T Henschel","year":"2016","unstructured":"Henschel\u00a0T, Heinze\u00a0I (2016) Governance, Risk und Compliance im Mittelstand, Praxisleitfaden f\u00fcr gute Unternehmensf\u00fchrung. Erich Schmidt Verlag, Berlin"},{"issue":"1","key":"974_CR10","doi-asserted-by":"publisher","first-page":"75","DOI":"10.2307\/25148625","volume":"28","author":"A Hevner","year":"2004","unstructured":"Hevner\u00a0A, Salvatore\u00a0M, Jinsoo\u00a0P, Sudham\u00a0R (2004) Design science in information systems research. MISQ 28(1):75\u2013105","journal-title":"MISQ"},{"key":"974_CR12","unstructured":"Hillebrand A et al (2017) Aktuelle Lage der IT-Sicherheit in KMU.WIK Wissenschaftliches Institut f\u00fcr Infrastruktur und Kommunikationsdienste GmbH. https:\/\/www.wik.org\/fileadmin\/Sonstige_Dateien\/IT-Sicherheit_in_KMU\/WIK-Studie_Aktuelle_Lage_der_IT-Sicherheit_in_KMU_Langfassung__2_.pdf. Zugegriffen: 28. Nov. 2020"},{"key":"974_CR27","unstructured":"International Standard Organization (2014) ISO\/IEC 27001:2013. Information Technology \u2013 Security techniques \u2013 Information security management systems \u2013 overview and vocabulary"},{"key":"974_CR14","volume-title":"Cobit 2019: Einf\u00fchrung und Methodik","author":"ISACA","year":"2018","unstructured":"ISACA (2018) COBIT 2019: Einf\u00fchrung und Methodik (ISACA.org)"},{"key":"974_CR28","unstructured":"ITIL Foundation: ITIL4 Edition"},{"key":"974_CR15","doi-asserted-by":"publisher","first-page":"1058","DOI":"10.1365\/s40702-020-00625-8","volume":"57","author":"A Johannsen","year":"2020","unstructured":"Johannsen\u00a0A, Kant\u00a0D (2020) IT-Governance, Risiko- und Compliance-Management (IT-GRC) \u2013 Ein Kompetenz-orientierter Ansatz f\u00fcr KMU. HMD 57:1058\u20131074","journal-title":"HMD"},{"key":"974_CR16","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-658-20059-6","volume-title":"IT-GRC-Management \u2013 Governance, Risk und Compliance. Grundlagen und Anwendungen","author":"M Knoll","year":"2017","unstructured":"Knoll\u00a0M, Strahringer\u00a0S (2017) IT-GRC-Management im Zeitalter der Digitalisierung. In: Knoll\u00a0M, Strahringer\u00a0S (Hrsg) IT-GRC-Management \u2013 Governance, Risk und Compliance. Grundlagen und Anwendungen. Springer Vieweg, Wiesbaden, S 1\u201324"},{"key":"974_CR17","volume-title":"The enterprise engineering series","author":"M Lankhorst","year":"2009","unstructured":"Lankhorst\u00a0M (2009) Enterprise architecture at work. In: The enterprise engineering series. Springer, Berlin Heidelberg"},{"issue":"3","key":"974_CR18","doi-asserted-by":"publisher","first-page":"45","DOI":"10.2753\/MIS0742-1222240302","volume":"24","author":"K Peffers","year":"2008","unstructured":"Peffers\u00a0K, Tuunanen\u00a0T, Rothenberger\u00a0A, Chatterjee\u00a0S (2008) A design science research methodology for information systems research. J\u00a0Manag Inf Syst 24(3):45\u201377","journal-title":"J Manag Inf Syst"},{"key":"974_CR19","volume-title":"Proceedings of the ECIS 2008 conference","author":"J Pries-Heje","year":"2008","unstructured":"Pries-Heje\u00a0J, Baskerville\u00a0R, Venable\u00a0J (2008) Strategies for design science research evaluation. In: Proceedings of the ECIS 2008 conference Galway"},{"key":"974_CR20","volume-title":"IT-Governance. Erfolgsfaktor f\u00fcr die digitale Transformation","author":"C Rentrop","year":"2023","unstructured":"Rentrop\u00a0C (2023) IT-Governance. Erfolgsfaktor f\u00fcr die digitale Transformation. Erich Schmidt Verlag, Berlin"},{"key":"974_CR21","volume-title":"IMS-Forschungsberichte Nr.\u00a07","author":"M Rohlfing","year":"2002","unstructured":"Rohlfing\u00a0M, Funck\u00a0D (2002) SMEs Kritische Diskussion quantitativer und qualitativer Definitionsans\u00e4tze. In: IMS-Forschungsberichte Nr.\u00a07. Universit\u00e4t G\u00f6ttingen, G\u00f6ttingen"},{"issue":"2","key":"974_CR22","first-page":"xiii","volume":"26","author":"J Webster","year":"2002","unstructured":"Webster\u00a0J, Watson\u00a0R (2002) Analyzing the past to prepare for the future: writing a\u00a0literature review. MISQ 26(2):xiii\u2013xxiii","journal-title":"MISQ"},{"key":"974_CR23","volume-title":"IT governance. How top performers manage IT decision rights for superior results","author":"P Weill","year":"2004","unstructured":"Weill\u00a0P, Ross\u00a0JW (2004) IT governance. How top performers manage IT decision rights for superior results. Harvard Business School, Boston"},{"key":"974_CR24","volume-title":"14th International Conference on Telecommunication Systems, Services, and Applications (TSSA)","author":"M Yasin","year":"2020","unstructured":"Yasin\u00a0M, Arman\u00a0A, Edward\u00a0I, Shalannanda\u00a0W (2020) Designing information security governance recommendations and roadmap using COBIT 2019 framework and ISO 27001:2013. In: 14th International Conference on Telecommunication Systems, Services, and Applications (TSSA)"},{"key":"974_CR25","volume-title":"Case study research: design and methods","author":"RK Yin","year":"2014","unstructured":"Yin\u00a0RK (2014) Case study research: design and methods, 5.\u00a0Aufl. SAGE, Los Angeles","edition":"5"}],"container-title":["HMD Praxis der Wirtschaftsinformatik"],"original-title":[],"language":"de","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1365\/s40702-023-00974-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1365\/s40702-023-00974-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1365\/s40702-023-00974-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,4,11]],"date-time":"2024-04-11T15:02:09Z","timestamp":1712847729000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1365\/s40702-023-00974-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,5,3]]},"references-count":26,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2024,4]]}},"alternative-id":["974"],"URL":"https:\/\/doi.org\/10.1365\/s40702-023-00974-0","relation":{},"ISSN":["1436-3011","2198-2775"],"issn-type":[{"value":"1436-3011","type":"print"},{"value":"2198-2775","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,5,3]]},"assertion":[{"value":"15 November 2022","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"27 March 2023","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"3 May 2023","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}