SWIFT CSP

SWIFT CSP Compliance and Audit

SWIFT Customer Security Programme (CSP)
SWIFT has published a set of core security controls that every SWIFT customer must meet. These controls reflect good security practice and should apply to all systems and processes within the endto-end transaction chain. SWIFT will specifically mandate their application for the customer’s SWIFTrelated infrastructure. Applying these controls will raise the security bar for customers on the SWIFT network and further support customers in their efforts to prevent and detect fraudulent use of their local infrastructure. Communication and implementation of these controls will also help to increase security awareness and education in the on-going fight against cyber fraud.

Соответствие требованиям SWIFT CSP

  Ask a question to our experts

Get free consultation
on SWIFT CSP compliance

About SWIFT CSP

SWIFT has published the Customer Security Controls Framework (CSCF) as part of its Customer Security Programme (CSP) established in May 2016 to reinforce the security of the global financial community. The CSCF describes a set of mandatory and advisory security controls for SWIFT users. The mandatory security controls establish a security baseline for the entire community and must be implemented by all users on their local SWIFT infrastructure. Advisory controls are additional security good practices that SWIFT recommends users to implement.
All users connecting to SWIFT directly or indirectly must comply with the mandatory security controls. The SWIFT Customer Security Controls Framework document describes the different technology architecture types and indicates the components to which the security controls attestation process applies.
To meet the requirements of SWIFT CSP, organizations connected to SWIFT must:
  • determine the type of architecture of its local SWIFT infrastructure and, as far as possible, separate it from the rest of its infrastructure;
  • define SWIFT CSP requirements applicable to its local SWIFT infrastructure;
  • implement new or restructure the main security processes in the SWIFT infrastructure to ensure their compliance with SWIFT CSP requirements;
  • if necessary, introduce additional technical solutions;
  • before 31.12.2017 register on the portal swift.com and fill out the self-assessment questionnaire according to KYC Registry Attribate Application;
  • until December 31, 2013 fully comply with the applicable requirements of SWIFT CSP;
  • the self-assessment questionnaire should be reviewed and updated annually.
  • Our approach to fulfilling the requirements of SWIFT CSP

    Methodology

    Our methodology of implementation of SWIFT CSP is based on the experience the successful projects implementation and maintenance of the Information Security Management Systems and allows to implement required controls within a reasonable timeline and without heavy resource investment from the customer side. Our approach is to start with getting a comprehensive understanding of the customer environment and current SWIFT CSP compliance position; to continue with a definition of a remediation plan to address any gaps; and to conclude with bringing in our experts into implementing remediation activities.

    Documentation

    We will help identify all the necessary processes required for SWIFT CSP compliance and provide methodical assistance in establishing them, as well as help develop appropriate documentation in accordance with the specifics of your organization.

    Support

    We provide professional assistance in maintaining the compliance with the SWIFT CSP requirements, by means of SWIFT CSP trainings tailored to your company’s specific requirements, as well as third-party audits to ensure greater compliance validation than that of a self-assessment.

    Ask us about SWIFT CSP compliance