SWIFT Customer Security Programme (CSP)
SWIFT has published a set of core security controls that every SWIFT customer must meet. These controls reflect good security practice and should apply to all systems and processes within the end-to-end transaction chain. SWIFT will specifically mandate their application for the customer’s SWIFT-related infrastructure. Applying these controls will raise the security bar for customers on the SWIFT network and further support customers in their efforts to prevent and detect fraudulent use of their local infrastructure. Communication and implementation of these controls will also help to increase security awareness and education in the on-going fight against cyber fraud.
SWIFT CSP
CSP Assessment Provider
REQUEST A CALLBACK!
Gap analysis
Our methodology of SWIFT CSP Gap Analysis comply with SWIFT regulations and IT security audit best practices. The result is Gap Analysis report with detailed recommendations.
Consulting
Provide consulting and support services. We will assist on impementation processes and regulations for SWIFT CSP Compliance.
Audit
Conduct audit SWIFT CSP and inform about successful audit SWIFT.
About SWIFT CSP
General Information
SWIFT has published the Customer Security Controls Framework (CSCF) as part of its Customer Security Programme (CSP) established in May 2016 to reinforce the security of the global financial community. The CSCF describes a set of mandatory and advisory security controls for SWIFT users. The mandatory security controls establish a security
baseline for the entire community and must be implemented by all users on their local SWIFT infrastructure. Advisory controls are additional security good practices that SWIFT recommends users to implement.
Who should comply?
All users connecting to SWIFT directly or indirectly must comply with the mandatory security controls. The SWIFT Customer Security Controls Framework document describes the different
technology architecture types and indicates the components to which the security controls attestation process applies.
How to comply?
To meet the requirements of SWIFT CSP, organizations connected to SWIFT must:
determine the type of architecture of its local SWIFT infrastructure and, as far as possible, separate it from the rest of its infrastructure;
define SWIFT CSP requirements applicable to its local SWIFT infrastructure;
implement new or restructure the main security processes in the SWIFT infrastructure to ensure their compliance with SWIFT CSP requirements;
if necessary, introduce additional technical solutions;
the self-assessment questionnaire should be reviewed and updated annually.
Our Approach
Methodology
Our methodology of implementation of SWIFT CSP is based on the experience the successful projects implementation and maintenance of the Information Security Management Systems and allows to implement required controls within a reasonable timeline and without heavy resource investment from the customer side. Our approach is to start with getting a comprehensive understanding of the customer environment and current SWIFT CSP compliance position; to continue with a definition of a remediation plan to address any gaps; and to conclude with bringing in our experts into implementing remediation activities.
Consulting
We will help identify all the necessary processes required for SWIFT CSP compliance and provide methodical assistance in establishing them, as well as help develop appropriate documentation in accordance with the specifics of your organization.
Support
We provide professional assistance in maintaining the compliance with the SWIFT CSP requirements, by means of SWIFT CSP trainings tailored to your company’s specific requirements, as well as third-party audits to ensure greater compliance validation than that of a self-assessment.