Resistance and power in a security certification scheme: The case of c:cure

摘要

Using the lens of Clegg's circuits of power (CoP) framework, this study examines the resistance to a UK information security certification scheme through three episodes of power that led to its withdrawal in 2000. The UK authorities sought to generate market competition between a generic certificate scheme with lower costs and international recognition and one based on technical rigor, but they failed in their objectives because of resistance from organizational players. This paper makes contributions to the understanding of the discursive nature of resistance to change in the research of standards and certification, and contributes to the literature by formulating the concept of discourse resilience: the property of discourses to resist change. It identifies the non-agentic nature of resistance in the absence of coercive power and presents a reflection on legitimacy as a required attribute for the acceptance of a certificate scheme. The research finds that what organizations deem to be legitimate is the result of power.