The PKI Forum, Inc. ( www.pkiforum.org ), a group of software vendors and computer users, endorsed the security and privacy standards WebTrust ( www.webtrust.org ), an AICPA Internet assurance service, uses to audit certification authorities (CAs). By issuing digital certificates, which verify the identity of participants in online transactions, CAs safeguard electronic commerce. The forum addresses matters relating to the public key infrastructure (PKI), an Internet security protocol.
The WebTrust standards help improve the safety of Internet transactions by giving auditors a frame of reference for detecting deficiencies in CAs’ performance.
“CPAs can use the WebTrust criteria to add an additional blanket of trust to the PKI standards and help the CA align itself with benchmarks for good business practices,” said Anthony Pugliese, AICPA vice president of member innovation.
A second AICPA technology assurance product—SysTrust ( www.aicpa.org/assurance/systrust/index.htm )—gained the support of Navision, a maker of accounting systems, which said it will require application service providers distributing its software online to comply with the SysTrust program, which measures the availability, security, integrity and maintainability of systems.
“SysTrust helps minimize the risks facing business partners and users of a particular system by assuring them the system is reliable—that it is capable of operating without material errors or failures during a particular time frame in a specific environment,” Pugliese said.