<![CDATA[Small and Medium Enterprises (SMEs) in Indonesia face significant challenges in complying with Bank Indonesia's (BI) stringent Payment Service Provider (PJPP) licensing requirements, including cybersecurity mandates (BI 23/6/PBI/2021). This study addresses these challenges by designing a cost-effective, cloud-based solution architecture aligned with ISO 27001:2022 Annex A, simplifying compliance for resource-constrained SMEs. This framework helps SMEs prepare for IT audits with guidelines aligned with Bank Indonesia requirements and the ISO 27001:2022 Annex A standard, and replaces complex enterprise architectures with lightweight, cloud-centric models that leverage Indonesian cloud providers while still meeting Bank Indonesia requirements. Validation through a pilot study with SMEs demonstrated lower compliance costs compared to traditional approaches, achieved through open source tools and hybrid cloud deployments. The combination of IT audit guidelines and solution architecture impacted the results of the IT audit, with only a few findings identified by the external auditor and PT XYZ passing the IT audit. This suggests that the conclusions drawn from the results and discussion indicate that this framework has a significant impact on PSPs, particularly at the SME level. The novelty of this research contributes to practical implementation guidelines for SMEs and the design of cloud-based solution architectures that meet Bank Indonesia requirements.]]>
Copyrights © 2025
