Skip to content

SWIFT CSP

CSP Assessment Provider


SWIFT Customer Security Programme (CSP)
SWIFT has published a set of core security controls that every SWIFT customer must meet. These controls reflect good security practice and should apply to all systems and processes within the end-to-end transaction chain. SWIFT will specifically mandate their application for the customer’s SWIFT-related infrastructure. Applying these controls will raise the security bar for customers on the SWIFT network and further support customers in their efforts to prevent and detect fraudulent use of their local infrastructure. Communication and implementation of these controls will also help to increase security awareness and education in the on-going fight against cyber fraud.

REQUEST A CALLBACK!



Ask the expert

Ask us about SWIFT CSP Audit

Подготовка к аудиту на соответствие требованиям стандарта PCI DSS

Gap analysis

Our methodology of SWIFT CSP Gap Analysis comply with SWIFT regulations and IT security audit best practices. The result is Gap Analysis report with detailed recommendations.

Сертификационный аудит на соответствие требованиям стандарта PCI DSS certification audit

Consulting

Provide consultin and support services. We will assist on impementation processes and regulations for SWIFT CSP Compliance.

Помощь в поддержке соответствия требованиям стандарта PCI DSS в течение года

Audit

Conduct audit SWIFT CSP and inform about successful audit SWIFT.

About SWIFT CSP


SWIFT has published the Customer Security Controls Framework (CSCF) as part of its Customer Security Programme (CSP) established in May 2016 to reinforce the security of the global financial community. The CSCF describes a set of mandatory and advisory security controls for SWIFT users. The mandatory security controls establish a security baseline for the entire community and must be implemented by all users on their local SWIFT infrastructure. Advisory controls are additional security good practices that SWIFT recommends users to implement.
All users connecting to SWIFT directly or indirectly must comply with the mandatory security controls. The SWIFT Customer Security Controls Framework document describes the different technology architecture types and indicates the components to which the security controls attestation process applies.
To meet the requirements of SWIFT CSP, organizations connected to SWIFT must:
  • determine the type of architecture of its local SWIFT infrastructure and, as far as possible, separate it from the rest of its infrastructure;
  • define SWIFT CSP requirements applicable to its local SWIFT infrastructure;
  • implement new or restructure the main security processes in the SWIFT infrastructure to ensure their compliance with SWIFT CSP requirements;
  • if necessary, introduce additional technical solutions;
  • the self-assessment questionnaire should be reviewed and updated annually.
  • Our Approach


    Methodology

    Our methodology of implementation of SWIFT CSP is based on the experience the successful projects implementation and maintenance of the Information Security Management Systems and allows to implement required controls within a reasonable timeline and without heavy resource investment from the customer side. Our approach is to start with getting a comprehensive understanding of the customer environment and current SWIFT CSP compliance position; to continue with a definition of a remediation plan to address any gaps; and to conclude with bringing in our experts into implementing remediation activities.

    Consulting

    We will help identify all the necessary processes required for SWIFT CSP compliance and provide methodical assistance in establishing them, as well as help develop appropriate documentation in accordance with the specifics of your organization.

    Support

    We provide professional assistance in maintaining the compliance with the SWIFT CSP requirements, by means of SWIFT CSP trainings tailored to your company’s specific requirements, as well as third-party audits to ensure greater compliance validation than that of a self-assessment.

    Contact us to get free consultation

    We'll never share your email with anyone else