From July 2020, all SWIFT users will be obligated to carry out an independent assessment when self-attesting.
As a minimum, the ‘Community Standard Assessments’ must cover all mandatory controls in the latest version of the Customer Security Controls Framework (CSCF) that are applicable based on a user’s CSP architecture type and infrastructure. Users that have attested against advisory controls may also consider asking the assessor to include these in the evaluation.
What is the SWIFT Customer Security Programme?
The SWIFT Customer Security Programme (CSP) requires every member organisation to define, document, implement and assess their payment processes and technologies against SWIFT’s set of Objectives, Principles and Controls
The SWIFT Customer Security Controls Framework describes a set of mandatory (21 controls) and advisory (10 controls) security controls for SWIFT customers. The mandatory security controls establish a security baseline for the entire community and must be implemented by all users on their local SWIFT infrastructure. SWIFT has chosen to prioritise these mandatory controls to set a realistic goal for near-term, tangible security gain and risk reduction. Advisory controls are based on good practice that SWIFT recommends users to implement. Over time,
How can DigiSôter help?
We can assist SWIFT member organisations to comply with the SWIFT security requirements by providing them with a tailored approach, employing a cross functional team of subject matter professionals in IT audit, assurance and cyber security, who are familiar with and have experience in the financial services industry and SWIFT.
We can help with:
- Conducting targeted information gathering workshops with the business, IT, legal, compliance, security, privacy and risk management stakeholders
- Assessing your readiness to meet the new SWIFT CSP rules and requirements
- Implemention guidance for new controls and remediation of existing controls within your organization
If you need SWIFT CSP support or for any other questions on risk management, IT security & IT governance, contact us at: firstname.lastname@example.org or +32 2 318.12.71 www.digisoter.com