Why Don’t You Join In? A Typology of Information System Certification Adopters

While the importance of information system (IS) certifications to demonstrate compliance with security and personal data protection requirements is constantly increasing, competing (theoretical) viewpoints exist that outline the rationales for organizations to adopt certifications. The results of these competing perspectives are inconclusive research findings in the certification adoption literature. While organizations may use cer-tifications to signal quality to consumers, others mainly adopt certifications to improve internal processes or create institutional legitimacy. To enhance our understanding of the motivation for online vendors to adopt IS certifications, we conduct a literature review and a ranking-type Delphi study with two unique panels comprising certified online vendors ( N = 15 ) and certification authorities ( N = 24 ). As a result, we provide a rank-order list of 24 motivators and 17 demotivators impacting online vendors’ intentions to adopt IS certifications. We reveal that certain motives are context-independent, whereas other motives are specific for electronic markets (e.g., “signal


INTRODUCTION
Over the past few years, online vendors have developed multiple strategies to reduce consumers' uncertainty surrounding system usage and to mitigate related risks in electronic markets.These strategies include, among others, a way of providing consumers with guarantees of a system's qualities, embedding and exposing consumer reviews of such qualities, or developing trustworthy brands (Özpolat, Gao, Jank, & Viswanathan, 2013;Mavlanova, Benbunan-Fich, & Lang, 2016).Another common strategy is to use information system (IS) certifications that represent neutral third-party attestations about systems and related management operations.Such attestations verify the conformity of system features and operations to prespecified certification requirements (Lansing, Benlian, & Sunyaev, 2018).The variety of IS certifications has increased over time as systems have diversified and risks in electronic markets have increased (Lins, Schneider, & Sunyaev, 2018).Well-known IS certifications currently include "Certified Privacy" for Web shops, "CSA STAR" for cloud services, or "ISO/IEC 27001" for management standards for security.Similarly, the recent EU General Data Protection Regulation (GDPR) has claimed that novel data protection certifications will serve as the primary means of signaling compliance with the requirements of GDPR.
Online vendors are likely to benefit from presenting well-established IS certifications on their website or system interface.Certifications increase consumers' trust in a vendor because they provide consumers with immediate assurance information relevant for their system use, including assurances of system security (e.g., absence of malicious programs/malware) and privacy (e.g., appropriate usage of personal data), as well as the integrity of management operations (e.g., reliable system administration; Kim, Steinfield, & Lai, 2008;Hu, Wu, Wu, & Zhang, 2010).Consequently, it appears reasonable that online vendors would adopt IS certifications to achieve such benefits.However, there are three competing theoretical viewpoints for why organizations may adopt certifications, namely, the resource-based view, institutional theory, and signaling theory, because adopting certifications is voluntary and not legally required.While some organizations use certifications to signal quality to consumers, others mainly adopt certifications to improve internal processes or to create institutional legitimacy (Gopal & Gao, 2009;Heras-Saizarbitoria & Boiral, 2013).For example, organizations adopt the ISO 9001 quality management certification to realize internal benefits, such as product improvement and cost minimization (Djofack & Camacho, 2017), whereas other organizations are more driven by competitive pressure (Beck & Walgenbach, 2005).Given these inconsistent views, it remains unclear what motivates online vendors to adopt IS certifications.Without a deeper understanding of the rationale for IS certification adoption, certification initiatives are prone to be rejected by online vendors.
Moreover, online vendors may adopt certifications that are detached from their actual motivations, resulting in false communication to their consumers.In addition, prior research has mainly studied the causes motivating organizations to adopt certifications but has neglected to control for demotivators that prevent organizations from seeking a certification, such as its high cost (e.g., Quazi, Khoo, Tan, & Wong, 2001).To enhance our understanding of the motivating and inhibiting factors for online vendors to adopt IS certifications, we analyze online vendors' intentions to adopt IS certifications in electronic markets using three competing theoretical viewpoints.In doing so, we strive to answer the following research question (RQ):

RQ: What motivates and demotivates online vendors to adopt IS certifications?
We applied a two-step research approach to answer this research question.First, we conducted a literature review to reveal and better understand prevalent inconclusive research findings stemming from three competing theoretical perspectives.Second, we performed a Delphi study comprising an online vendor and certification authority panel to pursue three goals: (1) to empirically validate whether motivators and demotivators derived from various literature streams are applicable and relevant in electronic markets; (2) to identify and describe further motivators and demotivators that might be specific for electronic markets; and (3) to rank identified motivators and demotivators to increase our understanding of their relative importance in electronic markets.The complementary features of the literature review and the two-panel Delphi study allowed us to provide a comprehensive ranked-order list of 24 motivators (e.g., "Increase Consumers' Trust") and 17 demotivators (e.g., "Restricted Flexibility") impacting online vendors' intentions to adopt IS certifications.Reflecting our findings in light of the three competing theoretical perspectives enabled us to derive a typology of certification adopters comprising functionalists, institutionalists, and signalers.
Our study has several implications for research and practice.By synthesizing the existing literature and conducting a Delphi study, we not only validate 16 motives discussed in prior research but also identify 21 novel motives that have not been discussed before.We also reveal that certain motives are context-independent (e.g., "increase in sales and profit"), whereas other motives are specific for electronic markets (e.g., "signal data protection").Unlike prior research on certifications, which is mainly centered around the motivating factors for adopting these certifications, we harness certification authorities' knowledge to gather more detailed information on potential demotivators.We thereby increase our understanding of the boundary conditions for IS certification adoption, in particular, the circumstances under which vendors will struggle to adopt IS certifications.Finally, we provide a more nuanced analysis of certification adoption using the resourcebased view, institutional theory, and signaling theory than has been seen in the literature to date.Specifically, because these theories provide strikingly different predictions of certification adoption, we explore these differences in greater detail to advance the current literature by deriving a typology of certification adopters with a thorough discussion of motivators and opposing demotivators.Thus, our study is also a first step toward resolving the inconclusive findings in the academic literature regarding motives for certification adoption by differentiating certain motives and making sense of particular adopter types and their respective adoption rationales.

RESEARCH BACKGROUND IS Certifications in Electronic Markets
A common strategy to reduce consumers' uncertainty about security, privacy, and reliability and to signal trustworthiness is the adoption of IS certifications, which is particularly important for small and medium-sized online vendors (Sunyaev & Schneider, 2013;Mavlanova et al., 2016).An IS certification is defined as a voluntary assessment of an online vendor's IS and related management processes performed by an independent third party based on requirement catalogs, standards, or regulations (Lansing et al., 2018).Upon successful completion of the certification process, online vendors are permitted to display an assurance seal as a graphical representation of the IS certification on their Web sites or system interfaces.
While a wide variety of IS certifications have already been proposed in electronic markets (see examples in Figure 1), one can generally differentiate three types of IS certifications addressing (1) privacy, (2) security, and (3) businessintegrity concerns of consumers (Hu et al., 2010).First, certifications addressing consumers' privacy concerns are used to alleviate consumers' perceived risks in terms of, for example, inappropriate usage of personal data.Second, certifications addressing consumers' security concerns (e.g., unauthorized access, malicious programs, or malware) are used to reassure consumers that an online vendor uses, for example, intrusion detection software, firewalls, or antivirus and anti-spyware.Finally, certifications addressing business integrity concerns guarantee fair business practices and integrity of related system management operations (e.g., reliable system administration).

Inconsistent Research on Vendors' Intentions to Adopt Certifications
Related research on IS certifications and web seals has been constantly increasing in recent decades and can be divided into three major streams (Table 1): (1) developing, designing, and innovating certifications and underlying attestation processes; (2) analyzing certifications' impact on consumers; or (3) understanding vendors' rationales for adopting certifications and materializing anticipated benefits.First, various scholars have examined the development of trustworthy certifications (e.g., for cloud services ;Lynn, van der Werff, Hunt, & Healy, 2016), the structural elements of certifications (Lansing et al., 2018), and the increase of certification reliability by performing continuous compliance attestations (Lins et al., 2018;Lins, Schneider, Szefer, Ibraheem, & Ali, 2019), among others.Second, research taking a consumer perspective seeks to explain how IS certifications affect consumers, why these effects occur and how to predict the effect of certifications on consumers (e.g., Kim et al., 2008;Kim & Kim, 2011;Lansing, Siegfried, Sunyaev, & Benlian, 2019;Löbbers, & Benlian, 2019).Consumerrelated studies have primarily focused on three effects of IS certifications, namely, increasing consumers' trust perceptions, purchase intentions, and perceived assurance (Löbbers, Lins, Kromat, Benlian, & Sunyaev, 2020).Finally, research taking a vendor perspective-which this study aims to contribute to-analyzes the motivations of organizations to adopt certifications and whether organizations can utilize the benefits of adoption, such as improved performance or increased sales (e.g., Naveh & Marcus, 2004;Djofack & Camacho, 2017).At present, researchers have not reached a clear consensus on the main driving forces behind the adoption of certifications (Prajogo, 2011; • Increase in sales and profit (Gopal & Gao, 2009) • Use certifications as marketing tool (Sampaio et al., 2010) Heras-Saizarbitoria & Boiral, 2013;Djofack & Camacho, 2017).However, there is an agreement to group those motivations into external and internal driving forces (Table 2).Internal driving forces refer to when certifications are adopted autonomously and organizations benefit through their implementation, such as minimization of costs associated with improved internal efficiency.On the other hand, external driving forces refer to the implementation of the certification in response to certain external pressures (e.g., from competitors, consumers, or the government) or incentives, such as perception enhancement of the organization (e.g., image improvements).The classification of internal and external factors originates from three different theoretical perspectives that are commonly used to understand certification adoption motivation (Heras-Saizarbitoria & Boiral, 2013;Lansing et al., 2018), namely, the "resource-based view" (Barney, 1991) to understand internal factors and "institutional theory" (DiMaggio & Powell, 1983) and "signaling theory" (Spence, 1973) to explain external factors.
The "resource-based view" grounds organizational success in the resources and capabilities that are controlled by the organization and may become a source of competitive advantage (Barney, 1991;Grant, 1991).Prior certification research taking this perspective argues that organizations can mature in their implementation of, for example, the ISO 9001 quality management certification by taking the best practices contained in the certification and making changes in organizational quality practices (e.g., Martínez-Costa, Martínez-Lorente, & Choi, 2008).In contrast, a key argument in "institutional theory" is that organizations adopt institutionalized structural elements, such as IS certifications, to ensure their survival rather than to improve performance (DiMaggio & Powell, 1983;Beck & Walgenbach, 2005).Finally, "signaling theory" is fundamentally concerned with reducing information asymmetries between two or more parties (i.e., the consumer and online vendor) by sending signals to intentionally communicate the imperceptible qualities of a signaler (Spence, 1973).Prior certification research taking a signaling perspective proposes that certifications may act as a market signal of superior quality and thereby, for instance, increase sales (e.g., Terlaak & King, 2006;Gopal & Gao, 2009).
Given these competing theoretical perspectives, prior research has debated whether the motives of certification adoption are more internally or externally driven (Djofack & Camacho, 2017).For example, the institutional theory approach has been criticized on the basis that organizations are dynamic and evolving, and therefore, they can respond in different ways, according to their internal resources and capacities (Heras-Saizarbitoria & Boiral, 2013).Additionally, it remains unclear whether these motives are applicable in electronic markets because extant research analyzes only certifications that are based on ISO standards, such as ISO 9001 for quality and ISO 14001 for environmental management systems (Heras-Saizarbitoria & Boiral, 2013).In contrast to ISO standards, IS certifications are regarded as a bundle of signals, comprising diverse assurances, such as security, privacy, availability, consumer-friendliness of contracts, and legal compliance, relevant for electronic markets (Lansing et al., 2019).Finally, only a few studies have sought answers to the question of what hinders companies from adopting certifications (e.g., Kammoun & Aouni, 2013).Understanding such demotivators provides deeper insights into the circumstances under which certain theoretical assumptions might apply.

RESEARCH APPROACH
We apply a two-step research approach.First, we conduct a literature review to better understand and resolve prevalent inconclusive research findings stemming from the three competing theoretical perspectives.Second, we perform a Delphi study to empirically validate whether the findings of the literature review are applicable and relevant in electronic markets.

Literature Review
Our descriptive literature review was comprehensively guided by recommendations from IS research (e.g., Webster & Watson, 2002;Vom Brocke et al., 2015).For the identification of studies addressing certifications in various literature streams, we searched scientific databases that we deemed representative, as they cover a wide range of journal articles as well as conference articles from IS research and the social sciences (i.e., marketing and psychology).We applied a keyword search that resulted in 694 potentially relevant articles.After filtering for relevant articles, we performed a forward and backward search to ensure that the seminal articles were included in our literature set. Figure 2 illustrates our literature selection process, which resulted in 60 relevant articles that were subsequently coded by adapting the process of Lacity, Khan, and Willcocks (2009).The literature analysis process resulted in a list of 13 motivators and seven demotivators.The online supplementary material provides the details of our literature selection and analysis processes as well as a concept matrix summarizing the coding for each article.

Delphi Study
While our literature review revealed motivators and demotivators from diverse contexts (e.g., environmental certification and tourism marketing), we aimed to empirically validate that these motivators and demotivators are applicable and relevant to electronic markets.For this purpose, we performed a Delphi study comprising two unique panels, one that includes certified online vendors and another that includes certification authorities.We followed the Delphi procedure outlined by Schmidt (1997) to brainstorm, select, and rank online vendors' motivators and demotivators when adopting IS certifications.The online supplementary material provides further details on the Delphi process.

Panel selection
We invited online vendors and certification authority experts to participate in our Delphi study because the Delphi approach as a group decision mechanism requires qualified individuals with a good understanding of the topic of interest (Okoli & Pawlowski, 2004).In particular, we invited small-and medium-sized online vendors because they heavily depend upon IS certifications, as these certifications can help them mitigate consumers' concerns (e.g., consumers worry whether personal data are handled correctly; Özpolat et al., 2013;Mavlanova et al., 2016).In addition, we reached out to certification authority professionals involved in IS certifications' issuance and attestation processes.Certification authorities also advise online vendors in weighting IS certifications' intended benefits and costs; hence, further insights into the decision-making process of both certified and noncertified online vendors can be gained by including certification authority experts in our study.
Although there is no consensus among researchers regarding the panel size for Delphi studies, Okoli and Pawlowski (2004) recommended a group of 10-18 experts.We aimed at a minimum of 15 responses in our Delphi study and thus targeted an initial expert panel of approximately 20 members to account for dropouts during the study.Initially, we invited 47 panelists (21 for the online vendor panel and 26 for the certification authority panel), of which 15 (for the online vendor panel) and 24 (for the certification authority panel) accepted our invitations, a number that is consistent with other Delphi studies in IS research (e.g., Singh, Keil, & Kasi, 2009).The demographic data are summarized in Table 3.

Data collection and analysis methods
Brainstorming phase.The first phase involved brainstorming to compare the panelists' responses with our prior literature review findings and to extend our list of motivators and demotivators.We presented the panelists with an online survey comprising a brief overview of the whole Delphi process as well as information about the purpose of the current brainstorming phase.Following this introduction, we asked the panelists to independently name and describe at least three (up to 10) reasons explaining what motivates organizations to adopt IS certifications to identify motivators and what hinders organizations from adopting IS certifications to identify demotivators.By the end of the brainstorming phase, the 15 online vendors had provided a list of 45 motivators and 29 demotivators, whereas the 24 certification authorities had provided a list of 32 motivators and 28 demotivators.Each panelist provided between three and eight motivators as well as between three and four demotivators.
Two authors aggregated and grouped identical answers and similar ones through content analysis.In particular, we open-coded motivators and demotivators by analyzing the responses of our panelists.For each motivator, we coded a name and description.If a new motivator fit with an existing motivator, we assigned it accordingly; otherwise, a new motivator was created.We tried to use the same motivators for both the online vendor and certification authority panels.If ambiguities occurred regarding the exclusive assignment of a new motivator to an existing motivator, the two researchers assigned the new motivator to an existing motivator according to the best of their knowledge.The same approach was applied to the demotivators.The aggregation process resulted in a list of 20 motivators and 16 demotivators.Following Schmidt (1997), we circulated the consolidated list to all the panelists, sought their feedback, and revised our mapping of the motivators and demotivators accordingly.Obtaining the consolidation approved by the panelists is an essential step in any Delphi study because otherwise one cannot be sure that the panelists' thoughts have been adequately captured and represented (Paré, Cameron, Poba-Nzaou, & Templier, 2013).We received feedback from one panelist, which led to an adjustment of our consolidated list in the form of mapping one response to a new motivator, namely, "Signal Integrity."All the remaining panelists confirmed our aggregation.We then consolidated our findings by matching the literature review results to the data from our Delphi brainstorming phase to evaluate the applicability and relevance of the literature findings in electronic markets throughout the upcoming phases.The literature review and the Delphi brainstorming phase together resulted in a consolidated set of 24 motivators and 17 demotivators.Furthermore, we applied theoretical coding to classify the motivators and demotivators under common themes.Theoretical coding enables us to create hierarchical classifications that allow us to move beyond mere description to a more abstract level of conceptualization.In particular, we reflected the identified motivators and demotivators based on the theoretical principles of the "resource-based view," "institutional theory," and "signaling theory" that have been commonly applied by prior research (Heras-Saizarbitoria & Boiral, 2013;Lansing et al., 2018).For example, the brainstorming phase reveals that online vendors are motivated to adopt certifications for "Signal Integrity" and "Signal Data Protection."Reflecting these findings from a signaling theory perspective shows that online vendors use certifications to signal information about the unobservable characteristics and actions of themselves (i.e., hidden information and action).We, therefore, grouped these motivators into the theoretical category "convey hidden information and hidden actions."By comparing our findings with these theoretical perspectives, we identified three types of certification adopters, namely, "functionalists," "institutionalists," and "signalers." Selection phase.In the selection phase, we narrowed the consolidated list into a more manageable set for the ranking phase.Following the suggestions provided by Schmidt (1997), we separated the panels into online vendors and certification authorities.Then, we independently presented the consolidated set of motivators and demotivators to each panel in a random order and asked each panelist to select (not rank) his or her top 10 motivators and demotivators to adopt IS certifications.Only 34 panelists (15 of the online vendor panel and 19 of the certification authority panel) participated in this selection phase.We then reviewed this selection of the top ten motivators and demotivators from each respondent and retained only those motivators and demotivators selected by the vast majority of the panel.Again, the extant literature does not provide any definite cutoff value but instead uses diverse thresholds ranging from as low as 30% (e.g., Piccinini, Hanelt, Gregory, & Kolbe, 2015) to as high as 70% (e.g., Singh et al., 2009).We experimented with different cutoff values (i.e., 40%, 45%, and 50%), with a cutoff value of 45% producing the most promising results.To this end, we chose a cut-off value of 45% for both panels, as this allowed us to include, for example, "ensure legal conformity," which we considered to be a specific motivator for electronic markets.A set of nine motivators and 10 demotivators that were chosen by the online vendor panel as well as another set of eight motivators and 11 demotivators that were chosen by the certification authority panel were used in the next phase.Because we deemed this a usable number of motivators and demotivators to be ranked (i.e., not too many motivators or demotivators), we did not perform a second selection phase.
Ranking phase.We asked each panel independently to review the list and rank the items in order of priority (separately for both motivators and demotivators) and to provide a short explanation for their ranking of the items.We presented the selected motivators and demotivators in a random order and provided information on how many panelists selected a motivator or demotivator.Following Schmidt (1997), we used Kendall's coefficient of concordance (W) to measure the degree of consensus among the panelists.Moreover, we used the Friedman test to calculate the mean rank for each item (Friedman, 1937).Of the 15 panelists of the online vendor panel, only 14 panelists participated in the first round of ranking, yielding a Kendall's W of 0.24 (N = 14; χ 2 = 26.933;p < .001)for the motivators and 0.201 (N = 14; χ 2 = 25.309;p = .003)for the demotivators, suggesting a weak level of consensus among the panelists.Of the initial 24 panelists of the certification authority panel, only 11 panelists completed round one of the ranking phases, reaching a Kendall's W of 0.193 (N = 11; χ 2 = 14.879; p = .038)for the motivators and 0.26 (N = 11; χ 2 = 28.545;p < .001)for the demotivators, suggesting a weak level of consensus among these panelists as well.Against this background, we decided to conduct a second round of ranking.In the second round, six online vendors participated, yielding a Kendall's W of 0.756 (N = 6; χ 2 = 36.311;p = .01)for the motivators and 0.327 (N = 6; χ 2 = 17.636; p = .040)for the demotivators.On the one hand, this result suggested that a strong level of consensus had been reached among the motivators and, on the other hand, this result suggested that there was still little consensus among the demotivators.Only five certification authority experts participated in round two of the ranking phase, yielding a Kendall's W of 0.659 (N = 5; χ 2 = 23.067;p = .002)for the motivators and 0.574 (N = 5; χ 2 = 28.691;p < .001)for the demotivators.These ratios suggested that, in both cases, a moderate level of consensus had been reached.At this stage, we discussed whether we should conduct another round of ranking to obtain a greater level of panel consensus.In making such decisions, the trade-off between the feasibility (i.e., the indulgence of the panelists, the researcher's resources, and the additional time required) and the potential gain must be evaluated (Schmidt, 1997).We felt that some fatigue had set in among our panel members (as reflected in the increased number of dropouts in both panels across this whole Delphi study).Since we had fulfilled one of the stopping rules suggested by Schmidt (1997) in the second round, we decided against a third round of ranking.

Functionalists
Adopters are considered functionalists when they adopt IS certifications in an autonomous way to leverage and implement IS certifications as an organizational resource to achieve organizational benefits (Table 4).In line with the resourcebased view, either functionalists lack internal capabilities or strive for continuous improvement and therefore "internalize the certification's best practices" and "access certification authorities' expert knowledge."In doing so, functionalists aim to "achieve benefits from thorough internalization," such as cost savings or competitive advantages.

Internalize certifications' best practices
Online vendors taking a functionalist role adopt IS certifications to internalize the structured approach and best practices contained in certifications and to make use of attestation results for internal improvements.Internalization refers to the process of absorbing both tacit and explicit information into the organization and translating it into knowledge, which is then applied with a purpose (Knight  , 2002).In this regard, certifications provide guidelines that must be internalized into the organizations' internal operations and used as daily practices (Naveh & Marcus, 2004).Our findings support this resource-based view, given that vendors adopt IS certifications for "Quality and Productivity Improvements," such as increasing the efficiency and quality of internal processes (Sampaio, Saraiva, & Guimarães Rodrigues, 2010: "Checking and optimizing the ordering processes" [online vendor]).Two specific areas of quality improvements were noted by the panelists: "Increasing IT Security" and "Ensuring Legal Conformity."Regarding the former, the security of the IT infrastructure underlying an online vendor's business is assessed as part of a certification process.Identified security issues and vulnerabilities can be resolved by online vendors (where necessary): "Certification also has the advantage that the certified company sometimes knows after the examination what it could improve itself, for example, concerning security measures" [online vendor].Regarding the latter, the IS certification process provides support for improving the conformity regarding the legal requirements an online vendor's business faces, particularly by reviewing online vendors' general terms and conditions as well as related legal texts.In doing so, IS certifications can note weaknesses in compliance with legal matters.However, functionalists fear "Restricted Flexibility" when internalizing certifications because they have to adjust individual processes to meet best practices and standards (Kammoun & Aouni, 2013)."The certification requirements, which must be implemented, can restrict the scope of the day-to-day business as well as the flexibility of the employees" [certification authority].A restriction in flexibility may therefore hamper online vendors from making use of strategic resources, such as assets, capabilities, and organizational processes, that lead to competitive advantages (Barney, 1991;Grant, 1991).Finally, some online vendors may not even attempt to adopt IS certifications because they are afraid of not being able to internalize the certification requirements: "Legal requirements, such as the right of revocation, which are required for completing the certification, are difficult to implement" [certification authority].We refer to this demotivator as "Fear of Failure," which results from challenging certification requirements.

Gain access to experts
Functionalists also adopt IS certifications to "Gain Access to Experts": "The company wants to improve its processes/services through the (specialist) expertise of the certifier.In addition to possible certification results, […], there are often also optional optimization hints and recommendations from the auditors" [certification authority].The resource-based view provides the rationale that online vendors are concerned not only with the deployment and exploitation of existing strategic resources but also with the investment and augmentation of resources to buttress and extend positions of competitive advantage (Grant, 1991).This strategy is often referred to as "filling resource gaps" and may lead to the external adoption of complementary resources.Certification authorities' profound knowledge and experience in online vendors' businesses and technological and organizational safeguards (Lansing et al., 2018) can thus be viewed as complementary resources that can be leveraged to improve existing resources: "Through the view from the outside, problems may be pointed out which one does not perceive in the daily work by oneself" [certification authority].
In contrast, relying on (external) certifications also has drawbacks.First, online vendors place themselves in a position where they are "Depending on a Certification Authority": "Shop owners do not want to be dependent on the seal provider" [online vendor].Certification authorities might not only deter or punish inappropriate behavior by the online vendor, such as imposing financial penalties, they also may have control over the advancement of proprietary certification schemes and therefore have an (indirect) impact on organizational routines that are intended to be internalized by online vendors.Second, one panelist also raised "Data Confidentiality Concerns" when disclosing internal information during the certification attestation.While a certification attestation covers, among other things, assessing the system documentation about its security and data protection measures, interviewing online vendor employees, or conducting on-site assessments (Lansing et al., 2018), certification authorities gain deep insights into online vendors' operations and their sources of competitive advantages, which can be misused by malicious employees of the certification authority.

Achieve benefits from thorough internalization
Taking recourse to the resource-based view, a certification internalization process will produce a set of routines and procedures (tacit and explicit) for internal operations, which function as a unique factor that cannot be easily imitated by other organizations (Prajogo, 2011).This inimitability is translated into improved performance and, consequently, a competitive advantage (Wernerfelt, 1984).Hence, certifications help organizations build their unique internal operational capabilities, which may produce variability in performance against their competitors in the market, while the certification and its underlying standard are not unique (Prajogo, 2011).Both prior research and the panelists emphasize that online vendors may increase their market competitiveness by internalizing IS certifications.Such a "Competitive Advantage" is supported by the increasing demand for certified systems in sensitive markets that, for instance, impose high security and privacy requirements.
In addition, the findings highlight that online vendors try to "Achieve Cost Savings" and "Increase Consumer Satisfaction" by internalizing certifications.For example, online vendors can increase consumer satisfaction by improving the usability of the system interface or adjusting the guarantees provided by the system (e.g., a money-back guarantee to give consumers a feeling of safety).Regarding cost savings, the findings are double-edged.On the one hand, the reviewed literature stresses cost savings stemming from the potential to increase the efficiency of internal processes and to reduce quality deficiency costs by internalizing best practices and standards (e.g., ISO 9001 quality management; Llopis & José Tarí, 2003;Heras-Saizarbitoria & Boiral, 2013).On the other hand, a major demotivating factor that hampers the internalization of IS certifications is "Expenditure."Functionalists perceive high efforts and resulting expenditures that are involved in the implementation of routines and procedures: "From my personal experience, it can be said that certifications are often accompanied by major software changes" [certification authority].In particular, a certification requires an enormous effort in documentation (Lins et al., 2018).Nevertheless, prevalent expenditures involved in the internalization of certifications increase the inimitability of the certification and internalization process and thus enable performance improvements and a competitive advantage in the resource-based view (Wernerfelt, 1984).

Institutionalists
Adopters are considered institutionalists when they adopt IS certifications to conform to institutional pressures and seek to achieve legitimacy, which is the acceptance of the organization by its environment (Mignerat & Rivard, 2009), thereby ensuring their long-term survival.The environment is defined as organizations that constitute a recognized area of institutional life, including key suppliers, consumers, regulatory agencies, and other organizations that produce similar services or products (DiMaggio & Powell, 1983).It is a foundational assumption of institutional theory that demands manifest as "coercive," "mimetic," and "normative pressures" (DiMaggio & Powell, 1983).Consequently, institutionalists adopt certifications to satisfy these pressures and ensure legitimacy (Table 5).

Satisfy coercive pressures
Institutionalists pursue certifications in response to the coercive pressures posed by other parties to which their businesses are largely dependent on and that are powerful enough to directly reward compliance or sanction noncompliance (DiMaggio & Powell, 1983).In line with prior IS research (cf.Mignerat & Rivard, 2009),  (Quazi et al., 2001) or data protection certifications to prove GDPR compliance.Organizations typically strive for regulatory compliance to prevent legal sanctions (DiMaggio & Powell, 1983).Moreover, "Supplier" or "Consumer Pressure" may push online vendors to adopt IS certifications (Llopis & José Tarí, 2003).Adopting certifications and thereby showing compliance with suppliers and consumer pressures enables market access or expansion in international or domestic markets (Heras-Saizarbitoria & Boiral, 2013; Kammoun & Aouni, 2013): "Especially in B2B businesses, there are also consumers who only make contracts with vendors who are certified" [certification authority].
In contrast, panelists report negative "Side Effects" when satisfying coercive pressures: "It happens that the consumers misuse the certification and the assessments to put pressure on the vendor" [online vendor].For example, while some IS certifications attach consumer reviews to the certification seal (e.g., the European TrustedShops certification), online vendors fear negative consumer responses that counteract the effects of certifications.

Satisfy mimetic pressure
Mimetic pressure is defined as the pressure that results from uncertainties regarding specific problem solving, the performance of specific activities or the achievement of distinct goals (DiMaggio & Powell, 1983).Institutional theory argues that such uncertainties are powerful forces that encourage imitation: organizations may model themselves on other organizations to enhance their legitimacy and demonstrate their performance compared to their peers.Research shows that such mimetic pressure typically stems from competitors and peers (Mignerat & Rivard, 2009).Both prior research and the panelists highlight that vendors perceive "Pressure from Competitors" to adopt certifications (Quazi et al., 2001;Sampaio et al., 2010;Prajogo, 2011).In particular, IS certifications are regarded as a common practice and a "must-have" to ensure survival: "Other providers already have seals, they belong to the state of the art" [certification authority].With an increasing number of organizations becoming certified, the certification process is only valued as an "entry ticket" to compete and does not, on its own, lead to competitive success (Nair & Prajogo, 2009).In this situation, the value of the certification as a differentiator diminishes: "a quality label is a hygiene factor, the absence of which is regarded as a deficiency but the presence of which is not an advantage" [online vendor].Instead, institutionalists try to "Increase Comparability" in the environment when satisfying mimetic pressure by certification adoption and thus achieve legitimacy: "Consumers can recognize seals and compare them with similar offers" [certification authority].

Satisfy normative pressures
A third source that impacts online vendors' decision to adopt IS certifications refers to normative pressures that stem from norms specified by institutions such as professional or industry associations (Mignerat & Rivard, 2009).Normative pressure differs from coercive pressure insofar as institutions that exert normative pressure have no authority to directly enforce compliance and sanction noncompliance (DiMaggio & Powell, 1983).Our literature review confirms that online vendors are driven by "Pressure from the Public," such as the rules defined by local communities (Zutshi & Sohal, 2004), or "Pressure from Industry Associations" to ensure compliance with industry expectations (Prajogo, 2011).Further, institutional theory stresses that norms also result from education and professional networks that span organizations (DiMaggio & Powell, 1983).For example, to the extent that managers and employees are drawn from the same universities, they will tend to view problems similarly and to see the same policies and procedures normatively sanctioned and legitimated.To ensure compliance with employees' normative values or practices prevalent in the general business environment, employees may exert pressure on their employing organization, which is referred to as "Internal Normative Pressure" (Khalifa & Davison, 2006).Our literature review reveals inconsistent views on internal pressure that results from employees and managers.On the one hand, online vendors may adopt certifications because the adoption decision is rooted in the inner conviction of the employees or top management.For example, employees may enforce pressure to help the environment and engage in eco-friendly behavior by internalizing an environmental management system, such as ISO 14001 (Zutshi & Sohal, 2004), or foster a quality culture within an organization through implementation of ISO 9001 (Nair, & Prajogo, 2009).Likewise, certification adoption may be a genuine concern of top management to foster the company's strategy (Quazi et al., 2001).
On the other hand, "Resistance from Employees" might also emerge and hamper adoption (Zutshi & Sohal, 2004).Resistance typically arises from inadequate training and support or employees' unwillingness to change their operating procedures.Additionally, panelists mentioned that "Limited Management Commitment" slows adoption.Particularly in cases where managers decide to focus on other short-term (e.g., seasonal business) or long-term goals (e.g., a new software system to be installed), IS certifications will probably not be adopted due to an almost exhausted budget.One reason for such a negative stance of the organization is a "Lack of Experience and Knowledge in Getting Certified."While some online vendors underestimate the efforts and resources required throughout the certification process (Llopis & José Tarí, 2003), other online vendors overestimate the amount of effort involved, particularly in meeting the certification requirements.Both under-and overestimation may result from limited knowledge about IS certifications and hamper certification adoption.

Signalers
Adopters are considered to be signalers when they adopt IS certifications to communicate information regarding their unobservable characteristics and actions.IS certifications are regarded as signals that consumers may find useful to consider when, for example, making a purchase decision.In general, signals must be costly (i.e., requiring significant time or effort to fake) to reliably separate reputable vendors from imposters, which is a central component of signaling theory referred to as the separating equilibrium (Spence, 1973).Under such circumstances, highquality vendors receive benefits from sending signals, and low-quality vendors receive benefits from not sending signals (Connelly, Certo, Ireland, & Reutzel, 2011).Prior research has shown that certifications can act as reliable signals and create a separating equilibrium (Terlaak & King, 2006;Lansing et al., 2019).Consequently, if a vendor already has high-quality attributes, it is useful to adopt IS certifications to "convey hidden information and actions" or "use them as a marketing tool," thereby "encouraging consumers to interact" with the vendor (Table 6).

Convey hidden information and hidden actions
According to the certification and signaling literature, signalers employ certifications to reduce information asymmetries between the vendor and the consumer (Terlaak & King, 2006).Our findings confirm these assumptions, as vendors try to "Increase the Transparency" of their systems, order and payment processes, and products and services because certifications expose information about various characteristics of the vendor that consumers might value, hence providing an advantage over other vendors: "processes […] are transparent and easier to follow" [online vendor].In particular, signals can bridge informational problems by making otherwise hidden information and hidden actions observable (Spence, 1973;Connelly et al., 2011).While hidden information is outlined as a situation Vendor benefits from some consumer action (i.e., using the system) due to the certification.

Acquire more consumers, increase sales and profit
Not perceiving benefits, costs, already certified in which a vendor has more information available regarding an imminent decision by the consumer, a hidden action is defined as the state in which a vendor chooses an unobservable level of effort, from the consumer's view, regarding the product and services offered.Our findings show that signalers adopt certifications to render hidden information and to overcome hidden actions.First, vendors aspire to "Signal Integrity": "By using a seal, we want to be reputable toward our consumers" [online vendor].Certifications ensure a low level of fraud potential and recovery of consumers' compromised assets in case something unexpected happens, which, in turn, lowers consumers' risk perception.Second, online vendors adopt IS certifications to "Signal Data Protection" by highlighting that they collect, process, and handle data confidentially as well as follow data protection regulations.The reason behind the adoption of these certifications is that "online vendors work with highly sensitive consumer data and thus have to show their consumers that they process data with great care" [online vendor].Finally, vendors adopt certifications to "Signal Buyer Protection," referring to secure shopping and payment processes: "The seal is designed to give website visitors a secure shopping experience" [certification authority].Through reducing information asymmetries with IS certifications, vendors aim to "Increase Consumers' Trust" in the system and the vendor: "when we sought certification, there were many skeptical consumers, who had problems to provide their credit card details.By using well-known certifications, we initiated countermeasures" [online vendor].However, certification authority experts also raised concerns that signalers are hesitant to adopt in cases in which online vendors identify that there are "No Suitable Certifications" that help to resolve information problems: "With the multitude of so-called labels, seals, certification symbols, it is difficult to find the right supplier" [certification authority].Likewise, online vendors' imperceptible qualities might go beyond what is communicated by the signal because certifications "Only Attest to Minimum Standards" and typically do not consider online vendors' specific circumstances: "Auditors do not address the unique characteristics and related benefits of the system itself but rather check generic certification requirements" [certification authority].In such situations, signaling theory assumes that the signals may not correlate with an unobservable quality, referred to as a low signaling fit (Connelly et al., 2011), ultimately impeding adoption.

Use certifications as a marketing tool
In addition to conveying information to reduce information asymmetries, online vendors adopt IS certifications because they can be used as "Marketing Tools" (Llopis & José Tarí, 2003;Sampaio et al., 2010).Online vendors can exploit a certification's popularity to improve their organization's public image.Certifications can thus be part of a larger marketing strategy.The reason behind this is that "the public image of a certified company is always better" [online vendor].The signaling theory literature supports this assumption by arguing that the credibility of the endorser (i.e., the certification authority) will subsequently transfer to the signaler (Aiken, Liu, Mackoy, & Osland, 2004).In addition, adopting certifications may help online vendors to "Achieve a Better Web Search Ranking," as presumed by one online vendor: "appearance at the top of a Google search" [online vendor].While the specific search algorithms are opaque and constantly evolving, the online community dealing with search engine optimization remains uncertain whether embedding independent reviews and seals impacts search results.
The certification authorities further noted two threats for using certifications as effective marketing tools, leading signalers to hold back.First, a "Certification's Lack of Credibility" resulting from the poor reputation of, or consumer's limited familiarity with, the certification and respective authorities: "Does 'EVERY' potential consumer know the seal, certificate, or provider of the certification?[…] Unknown seals offer no added value" [certification authority].Second, a "Certification's Lack of Reliability" can result from the certificate authorities' inability to maintain its assurances in the long run.The panelists explained that existing certifications represent only a retrospective view of the fulfillment of technical and organizational measures when the certifications are issued.Typically, certification authorities evaluate an online vendor's adherence to a certification's criteria during a comprehensive attestation, which is performed once.Throughout the validity period of one to three years, certification deviations or breaches may not be detected until long after their occurrences because certification authorities validate certification adherence via spot checks only during annual surveillance attestations (Lins et al., 2019)."Certifications are snapshots, such as a technical inspection for a car […] Everything was fine at the time of the attestation.However, as soon as you leave the test site, safety is over" [online vendor].This phenomenon is also referred to as signal erosion in signaling theory, as the degree to which the correlation between the signal and the quality in question declines over time, hence reducing the effectiveness of the signal (Connelly et al., 2011).Finally, if an online vendor already possesses a "Strong Brand" and good reputation in the market (e.g., Amazon), certifications as marketing tools are not necessary (Özpolat et al., 2013): "Organizations with their strong brand do not need or want any external trademarks shown on their websites" [certification authority].

Encourage consumers to interact with an online vendor
In line with signaling theory, for an IS certification signal to be effective, the online vendor as a signaler benefits from some consumer action (i.e., using the system) that the consumer would not have made without perceiving the signal (Connelly et al., 2011).Signalers consider IS certifications to be an opportunity to "Acquire More Consumers" when embedding a Web assurance seal (i.e., the graphical representation of IS certifications) on their websites and system interfaces.Online vendors hope that the presentation of such seals persuades consumers to buy from them because the seals show that the online vendors are audited by a certification authority and are therefore trustworthy.As one vendor stated, "With the seal, we hope to convince consumers to buy from us."In this way, the participants also indicated that they expect an "Increase in Sales and Profits" following a certification's adoption.
In contrast, our findings reveal that online vendors also face several challenges during the early process of decision-making (i.e., when deciding which IS certification and certification authority to choose) that inhibit online vendors from adopting IS certifications.First, organizations are unsure whether and how they can benefit from certifications, or they claim that there is not enough benefit to becoming certified (Llopis & José Tarí, 2003)."Certifications' intended effects are not known in advance and cannot be easily measured" [certification authority].As a result, online vendors often decide to use their limited resources (e.g., financial and human resources) for other opportunities that are more promising ways to increase sales compared with adopting IS certifications.We refer to this demotivator as "Not Perceiving Benefits."Furthermore, online vendors face a trade-off between achieving benefits, such as a possible increase in sales, and the costs that are associated with IS certifications: "The cost-benefit ratio is not right" [online vendor].Therefore, high "Signaling Costs" that result from the adoption (i.e., certification fees) and implementation of certifications (i.e., staff training and hiring of consultants) impede online vendors from adopting certifications.Signaling theory strongly emphasizes that signaling costs are required to ensure the effectiveness of an IS certification because it enables the differentiation of high-and low-quality vendors (i.e., creation of a separating equilibrium; Spence, 1973).Nevertheless, it is important to note that when the costs are too high, the signal will fail to differentiate organizations in the market, and all organizations will choose not to certify (Terlaak & King, 2006).
Second, some online vendors do not seek further IS certifications because they are "Already Certified" and thus see no benefit in showing additional web assurance seals on their websites.This demotivator, however, stands against findings in the signaling theory literature stating that using complementary signals might produce incremental improvements in consumers' perception because coexisting signals act as reinforcements (e.g., Yen, 2006).Recent research on adopting multiple certifications provides the initial reasoning by showing that adopting more IS certifications does not necessarily benefit an organization because the benefits of additional certifications depend on "who" is certifying and what is certified (cf.Lanahan & Armanios, 2018).A follow-on certification from a different certification authority may reveal additional information, thereby reducing information asymmetries, and bolster the external perception of the vendor's potential value.Conversely, more certifications from the same authority may not reveal additional information and thus may harm the organization.

RELATIVE IMPORTANCE OF MOTIVATORS AND DEMOTIVATORS
The findings from the selection and ranking phases also provide insights into which certification adopter type is most prevalent in the context of electronic markets (Table 7).
Motivators related to the signaler and functionalist types were most often selected and highly ranked, whereas no motivator of the institutionalist type was selected by >45% of the panelists.The online vendor panel perceives "Increasing Consumers' Trust" (mean rank = 1.33), "Signal Integrity" (2.83), and "Increasing Consumer Satisfaction" (3.33) as the most important motivators as well as "Use as a Marketing Tool" (6.67), "Signal Data Protection" (7.83), and "Increasing IT Security" (8.67) as the least important motivators.For the certification authority panel, "Increasing Consumers' Trust" (1.20), "Acquiring Consumers" (2.60), and "Signal Integrity" (3.00) are the most important motivators, whereas "Increasing Consumer Satisfaction" (6.00) and "Achieving Competitive Advantages" (7.00) are the least important motivators.

Comparing the Results of the Literature Review and the Delphi Study
While we identified motivators and demotivators that were present in both the literature review and Delphi study, we provide a first indication that there is a set of motivators and demotivators impacting organizations' intentions when deciding to adopt a certification that are independent of the actual contexts, such as electronic markets or an environmental certification.For example, the motivators "Increase in Sales and Profit," "Quality and Productivity Improvements," and "Achieve Competitive Advantages," as well as the demotivators "Expenditures" and "Costs," seem to be independent of the context because these were often listed and discussed in the literature and our Delphi study.However, the findings of our study reveal differences in motives as well.In particular, we found motivators and demotivators that were not present in the prior literature and are specific for electronic markets, including "Signal Data Protection" and "Ensuring Legal Conformity."These differences mainly relate to the actual content of the certification (i.e., what is certified), such as security and privacy requirements for systems.Furthermore, motivators and demotivators assigned to the institutionalist type are more strongly derived from related literature on the certification of management standards (i.e., ISO 9001 and 14001), including "Pressures from Public or Industry Associations" and "Internal Normative Pressures."In contrast, our findings reveal that the signaler and functionalist types are more prevalent in electronic markets compared to the institutionalist type.Consequently, our findings also support our assumption that motives in electronic markets differ from those in related disciplines.

Comparing the Online Vendor and the Certification Authority Panel
All of the motivators were identified by both panels except the motivator "Increase in Comparability," which was solely identified in the certification authority panel.This agreement indicates a consensus among practitioners and shows that certification authorities know vendors' reasons for adopting IS certifications.Regarding the demotivators, online vendors only raised five demotivators compared with the certification authorities, who discussed 15 demotivators.While this imbalance might result from the composition of our online vendor panel, in which all online vendors are certified, using experts of certification authorities as a second panel in our study helped us to obtain a better understanding of potential demotivators.It should also be noted that the literature review yielded considerably more motivators than demotivators.This finding not only supports our assumption that previous research has more frequently examined motivators than demotivators but also strongly highlights the value of soliciting the knowledge of certification authorities to identify demotivators, which has been neglected in prior research when studying certification adoption.
Concerning the selections and rankings, online vendors tend to select motivators assigned to the signaler type more than the functionalist type of motivators.In contrast, certification authorities' selections are more dispersed across the signaler and functionalist types.On the one hand, both panels similarly rated several motivators and demotivators, such as "Increasing Consumers' Trust," "Acquiring Consumers," "Costs," and "Expenditures."On the other hand, it is interesting to note that there are differences in their perceptions.For example, the demotivator "Side Effects" was ranked higher by the online vendors (rank 4) than the certification authorities (rank 9), providing insights that some motives may have been underestimated by certification authorities and require future work on establishing countermeasures.

Comparing Types of Certification Adopters
Clustering our findings in light of the three competing theoretical perspectives reveals that motivators and demotivators are interdependent and can be assigned in favor of certain adopter types, ultimately helping us to build up a typology of certification adopters.Whereas "signalers" already possess high-quality attributes and use IS certifications as a means to reduce information asymmetries, "functionalists," in contrast, may lack the quality attributes or are striving for continuous improvement and therefore will thoroughly internalize best practices contained in certifications.Such internalization will then enable functionalists to achieve (long-term) advantages, such as increased consumer satisfaction and competitive advantages, compared with signalers, who rely on the certification reputation in the market to achieve benefits, such as increased sales."Institutionalists" also lack the required qualities but are solely seeking legitimacy through the adoption of IS certifications.In contrast to functionalists, institutionalists adopt a minimalist approach in implementing best practices and simply meet the requirements at the minimum level, often taking a shortcut approach in adopting the certification (Nair & Prajogo, 2009).In his study, Boiral (2003, p. 732) found that organizations adopting the ISO 9001 standards from an institutionalist perspective "integrated their quality system superficially so that the organization could pass the certification audit without posing serious questions that were seen to be unnecessary and undesirable."Hence, the motivation for seeking legitimacy can easily overshadow the purpose of building strategic organizational resources, such that organizations may not be able to fully benefit from the adoption of certifications (Beck & Walgenbach, 2005;Prajogo, 2011).
Despite these findings, it should be noted that the typology presented in this paper is analytical: the types are not always empirically distinct or mutually exclusive.The types, however, are able to describe the extremes of motives.The adopter types also share basic motives, such as "Costs" for certifications or "Limited Management Commitment," which may commonly surface in the decision process about whether to adopt certifications.For example, "Costs" are assigned to signalers but might also be considered by institutionalists.However, given mimetic pressure, institutionalists may inevitably have to accept the associated costs and adopt certifications, whereas signalers might choose another marketing strategy promising a better cost-benefit ratio.Likewise, the type might change over time; for instance, online vendors might follow a functionalist's approach and internalize the best practices contained in the certification first and then use the acquired IS certifications to signal the improved quality and performance gained through internalization, following a signaler's approach in the long run.

Implications for Research and Practice
With our study, we contribute to the research on IS certification taking a vendor perspective and investigating related research streams, as summarized in Table 8.First, we study the motives for IS certification adoption in electronic markets, which is an essential context in everyday life, whereas much of the existing work in certification pertains to the certification of management standards, such as ISO 9001 and ISO 14001 (Heras-Saizarbitoria & Boiral, 2013).By synthesizing the existing literature and conducting a Delphi study, we not only validated 16 motives discussed in prior research but also identified 21 novel motives that have not been discussed before.However, we also reveal that certain motives are context-independent (e.g., "Increase in Sales and Profit," "Quality and Productivity Improvements"), whereas other motives are specific for the electronic markets, such as "Signal Data Protection" and "Buyer Protection." Second, unlike prior research on certifications, which has addressed mainly the motivating factors for adopting certifications (e.g., Quazi et al., 2001;Sampaio et al., 2010;Djofack & Camacho, 2017), we study both motivators and demotivators.In particular, we included certification authorities' knowledge to provide a differentiated view on potential demotivators that have been neglected by prior research.Although this inclusion makes the empirical data gathering more challenging, it adds significantly to our understanding of the opposing factors of certification adoption.Considering demotivators also helped us understand the peculiarities of adopter types and boundary conditions for adoption, namely, describing the circumstances in which individual adopter types will struggle when adopting IS certification, which is largely missing in related research.
Third, we provide a more nuanced analysis of certification adoption by incorporating different theoretical lenses (i.e., the resource-based view, institutional theory, and signaling theory) than has been seen in the literature to date.The literature has mainly differentiated between the external and internal benefits of certification adoption guided by the resource-based view or institutional theory (e.g., Martínez-Costa et al., 2008;Sampaio et al., 2010).Specifically, while these theories provide strikingly different predictions for certification adoption, we explore these differences in greater detail compared to the previous literature by deriving a typology of certification adopters with a rich discussion on motivators and opposing demotivators.Our study is also a first step toward alleviating the inconclusive findings regarding motives for certification adoption in the academic literature by assigning certain motives to a particular adopter type.Surprisingly, only a few articles have even considered signaling theory as a useful lens for studying certifications from This typology helps researchers to classify vendors according to their adoption motives, thereby seeking to resolve the inconclusive findings regarding motives for certification adoption in academic literature.We further contribute to research by separating external motives into signalers and institutionalists, providing more sophisticated explanations on certification adoption than before.We also encourage certification research on developing and designing certifications and underlying attestation processes to consider which adopter type they want to address.
a vendor perspective (e.g., Terlaak & King, 2006;Gopal & Gao, 2009), whereas research taking a consumer perspective has long acknowledged the value of signaling theory in explaining certification effectiveness (e.g., Özpolat et al., 2013;Mavlanova et al., 2016).Thus, we further contribute to research by separating external motives into signalers and institutionalists, providing more sophisticated explanations on certification adoption, as highlighted by the high ranking of signaler motives in the electronic markets.
While we took a vendor perspective and identified three major certification adopter types, our findings also inform related literature streams on IS certifications (Table 2).When comparing our findings against the backdrop of research taking a consumer perspective, we confirm that vendors intend to achieve certification effects, namely, increasing consumers' trust perceptions (e.g., K. Kim & Kim, 2011), purchase intentions (e.g., Mousavizadeh, Kim & Chen, 2016), and perceived assurance (e.g., Lowry et al., 2012).Increasing consumers' trust was rated as most important by the online vendors and certification authorities (rank 1 certification authority and vendor panel), followed by the desire to acquire additional consumers by increasing their purchase intentions (rank 2 certification authority and rank 4 vendor panel).However, our findings emphasize that trust takes a dual form in the context of certifications.First, consumers' trust in online vendors is increased because information asymmetries are reduced and certifications confirm vendors' integrity, competence, and benevolence.Second, the mechanism of trust transfer takes place to increase consumers' trust.Assuming that a certification authority is trustworthy, its certification can establish a cognitive association with a certified vendor, whereby a consumer's trust in a certification authority is transferred to a certified vendor (Doney, Cannon, & Mullen, 1998).Although consumer-related studies on certification effectiveness acknowledge the potential occurrence of trust transference (e.g., Hu et al., 2010;Kim & Kim, 2011), existing studies have neglected to test whether and how trust transference takes place in the context of certification.We thus recommend future certification research to consider the duality of trust when analyzing the effectiveness of certifications.This research also provides a more fine-grained view of increasing consumers' perceived assurance.Prior research has mostly operationalized perceived assurance concerning reducing the security and privacy concerns of consumers (Kim & Kim, 2011;Lowry et al., 2012).Our findings confirm that vendors aim to increase IT security and legal compliance as well as to signal data protection, thereby fostering consumers' perceptions of assurance.However, our findings highlight that vendors are also acquiring IS certifications to increase transparency in general, to signal integrity and to increase consumer satisfaction, among other reasons.Consequently, future research taking a consumer perspective might examine more effects that can result from IS certifications.
We also inform certification research on developing and designing certifications and the underlying attestation processes (Table 2).Certification authorities and related organizations developing a new certification should carefully consider which adopter type they want to address.If certifications want to address the needs of specific adopter types, such as certifications targeting functionalists, they should focus on providing best practices and implementation guidance for organizations to foster internalization.Other certifications may require thorough scrutiny to exclude certain adopter types.For example, research projects are developing new data protection certifications to prove compliance with the GDPR (e.g., the cloud data protection certification AUDITOR).However, if institutionalists internalize the underlying data protection practices only superficially (cf.Boiral, 2003), consumers' sensitive data and data protection rights (e.g., right to be forgotten) might be at risk.As a consequence, thorough certification attestation processes are required to prevent such superficial internalization by institutionalists in the case of data protection certifications.

Limitations and Directions for Future Research
We are well aware that our study contains some limitations.First, the results of our Delphi study are based on a limited number of subjects.Although the Delphi methodology does not require the panel to be a representative sample in a statistical sense, given the nature and size of our panels, one must be cautious in generalizing our findings.Having said this, the sample is relatively diverse in terms of the panelists' backgrounds, ranging from managers to auditors, consultants, and lawyers, but at the same time, it is homogenous given that all the organizations are located in Germany.Future research should examine whether our findings are still valid in other cultural contexts.A second limitation relates to the low level of consensus among the experts in the online vendor panel after round two of the Delphi ranking phase for the demotivators.This level of consensus may reflect the various IS certifications that our panelists probably had in mind and the diverse organizational settings that each panelist represented.While another round of ranking might have resulted in a greater level of consensus, we felt that a non-negligible degree of panel fatigue had set in.Rather than risking further drop-offs in participation, we decided to stop at this point having already reached a reasonable degree of confidence in the rankings, except for the demotivators in the online vendor panel (Schmidt, 1997).Future research may therefore apply quantitative research methods to validate our qualitative findings.Finally, further research is required to examine how to prevent institutionalists' minimalist approach in adopting certifications to prevent adverse consequences, such as faked quality.

Figure 1 :
Figure 1: Example IS certifications and their respective seals for electronic markets.

Figure 2 :
Figure 2: Illustration of the literature selection process.
as a senior consultant with McKinsey & Company.His current research interests include the transformative value of cloud computing, online platforms, digital transformation, and digital business models, with over 150 academic publications in these areas.His work has appeared in MISQ, JMIS, JAIS, JIT, JSIS, ISJ, EJIS, EJOR, JSR, DSS, MIS Quarterly Executive, and several others.He is currently Associate Editor of the European Journal of Information Systems and the International Journal of Electronic Commerce and serves the Editorial Review Board of the Journal of Service Research.Ali Sunyaev is a professor for computer science at the Karlsruhe Institute of Technology (KIT), Germany.Before joining KIT, he was a professor at the University of Kassel and the University of Cologne.He received his PhD in information systems from the Technical University of Munich (TUM).His research work accounts for the multifaceted use contexts of digital technologies with research on human behavior affecting IT applications and vice versa.His research appeared in journals including JIT, JMIS, JAIS, IEEE Transactions on Cloud Computing, Communications of the ACM, and others.His research work has been appreciated numerous times and is featured in a variety of media outlets.

Table 1 :
Literature streams on IS certifications (gray-filled cells indicate this study's focus).

Table 2 :
Three competing theoretical perspectives on motivators to adopt certifications.

Table 3 :
Demographic data for the online vendor and certification authority panels.

Table 4 :
Objectives of functionalists and related motivators and demotivators.

Table 5 :
Objectives of institutionalists and related motivators and demotivators.
Boiral, 2013;Djofack & Camacho, 2017)ures most notably originate from consumers, suppliers, and governments.The literature and panelists view certifications as a means to satisfy regulatory requirements and demonstrate an organization's compliance with "Regulatory Pressures" (Heras-Saizarbitoria &Boiral, 2013;Djofack & Camacho, 2017): "As part of [our service], we as the provider are obliged to undergo a specified certification procedure every two years" [online vendor].For example, organizations may adopt the ISO 14001 certification to be in compliance with environmental regulations

Table 6 :
Objectives of signalers and related motivators and demotivators.

Table 7 :
Results of the selection and ranking phase, showing motivators and demotivators that were selected by a minimum of 45% of panelists.

Table 8 :
Summary of the main findings and their relation to existing certification research.