Implementing Internal Audit for WebTrust CA/NS in Digital Signature Companies

Sarah Rosdiana Tambunan, Indah Elisa Sihombing, Tiarani Sibarani

Abstract


Internal audit plays a crucial role in ensuring the readiness and compliance of Certificate Authorities (CAs) with internationally recognized information security standards, particularly the WebTrust for Certification Authorities and Network Security. This topic has become increasingly relevant due to the growing demand for reliable and regulation compliant digital signature services. This study aims to examine the implementation of internal audit based on the WebTrust standard within a digital signature service provider in Indonesia. The research adopts a qualitative descriptive approach, utilizing document analysis and in-depth interviews with personnel performing trusted roles. The internal audit process consists of five main stages: defining the audit scope, mapping relevant controls to the standard, collecting evidence from operational processes and systems, evaluating the implementation’s conformity, and compiling the final report along with improvement recommendations. The audit findings reveal that most issues are concentrated in CA Environmental Controls, which includes asset management, physical security, and the documentation of policies and procedures. These findings indicate the need for strengthening controls in these areas to enhance the organization’s security posture. The internal audit has proven effective in identifying weaknesses early, providing relevant improvement recommendations, and serving as a strategic step in preparing for the external WebTrust audit. Thus, internal audit can be a critical instrument in improving system reliability, strengthening information security governance, and maintaining trust in digital signature services.

Keywords


Certificate Authority; Internal Audit; WebTrust Standard

Full Text:

PDF

References


Alfi, M. (2023). Analisis Risiko Keamanan Siber dalam Transformasi Digital Pelayanan Publik di Indonesia. Jurnal Kajian Stratejik Ketahanan Nasional, 6(2). https://doi.org/10.7454/jkskn.v6i2.10082

Caroline, E., Kuntadi, C., & Pramukty, R. (2023). Pengaruh Pengalaman Auditor, Dukungan Manajemen Dan Efektivitas Pengendalian Internal Terhadap Efektivitas Fungsi Audit Internal. Jurnal Economina, 2(6), 1487–1497. https://doi.org/10.55681/economina.v2i6.641

CPA Canada. (2017). Webtrust® for Certification Authorities Webtrust Principles and Criteria for Certification Authorities-Ssl Baseline With Network Security. June 2021.

Cremer, F., Sheehan, B., Fortmann, M., Kia, A. N., Mullins, M., Murphy, F., & Materne, S. (2022). Cyber risk and cybersecurity: a systematic review of data availability. Geneva Papers on Risk and Insurance: Issues and Practice, 47(3), 698–736. https://doi.org/10.1057/s41288-022-00266-6

Daffa Saputra, D., & Kiswara, E. (2022). Penerapan Prinsip-Prinsip WebTrust Audit dalam Sistem Informasi Akuntansi dengan Elektronik Banking berdasarkan Technology Acceptance Model (Studi kasus pada Bank Syariah Indonesia Branch Office Lingkup Kota Semarang). Diponegoro Journal of Accounting, 11(4), 1–9. http://ejournal-s1.undip.ac.id/index.php/accounting

Direktorat Jenderal Pengawasan Ruang Digital. (2025). Daftar Penyelenggara Sertifikasi Elektronik Indonesia. https://tte.komdigi.go.id/listpsrenew

Hanifah, A. M., Kuntadi, C., & Pramukty, R. (2023). Literature Review: Pengaruh Sistem Pengendalian Internal, Peran Audit Internal, Komitmen Manajemen Terhadap Good Corporate Governance. Jurnal Economina, 2(6), 1318–1330. https://doi.org/10.55681/economina.v2i6.605

Indonesia. (2008). Undang-Undang Republik Indonesia Nomor 11 Tahun 2008 tentang Informasi dan Transaksi Elektronik. https://doi.org/10.2973/dsdp.proc.12.109.1972

Jalinka, M., Winarno, W. W., & Susanti, P. (2023). Compliance Analysis of Perum Peruri as an Electronic Certification Provider in Implementing Business Practices Management Webtrust Certification Authorities. Journal of Computer Networks, Architecture and High Performance Computing, 5(2), 434–443. https://doi.org/10.47709/cnahpc.v5i2.2477

Kanivia, A., Puspitarini, D. A., Dewi, D. K., Akbari, S., & Chandra, A. K. (2024). Implementasi Teknologi Informasi Terhadap Kualitas Audit Internal. Jurnal Digit, 14(2), 170. https://doi.org/10.51920/jd.v14i2.409

Li, Y., & Liu, Q. (2021). A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports, 7, 8176–8186. https://doi.org/10.1016/j.egyr.2021.08.126

Maulani, G., Gunawan, G., Leli, L., Ayu Nabila, E., & Yestina Sari, W. (2021). Digital Certificate Authority with Blockchain Cybersecurity in Education. International Journal of Cyber and IT Service Management, 1(1), 136–150. https://doi.org/10.34306/ijcitsm.v1i1.40

Permenkominfo. (2022). Tata Kelola Penyelenggaraan Sertifikasi Elektronik. Menkoinfo, 80. https://jdih.komdigi.go.id/produk_hukum/unduh/id/833/t/peraturan+menteri+komunikasi+dan+informatika+nomor+11+tahun+2022

Sahombu, J. M., Wafa, Z., Airawaty, D., & As, H. (2025). Information System Audit : A Case Study of Bank Syariah Indonesia. 5(04), 619–627. https://doi.org/10.58471/jms.v5i04

Sekretariat Negara. (2012). Peraturan Pemerintah Republik Indonesia Nomor 71 Tahun 2019 Tentang Penyelenggaraan Sistem Dan Transaksi Elektronik. Media Hukum, 7(2), 70.

Tektona, R. I., & Laoly, S. R. (2023). Kepastian Hukum Tanda Tangan Digital Pada Platform Privyid Di Indonesia. Acta Diurnal Jurnal Ilmu Hukum Kenotariatan Dan Ke-PPAT-An, 6(2), 245–253. https://doi.org/10.23920/acta.v6i2.1141

Yani, A., Ruseno, N., Santoso, G., Informasi, S. T., Teknologi, U., & Jakarta, M. (2025). Mitigasi Serangan Siber, Data Science, dan Database dalam Infrastruktur Jaringan Pemerintahan Digital. 1(01), 54–62. https://doi.org/10.9000/jupasti.v1i1.1




DOI: http://dx.doi.org/10.30813/jbase.v8i2.8870

Refbacks

  • There are currently no refbacks.


ISSN: 2620-7907


View My Stats