You are here:

SWIFT Assessment

SWIFT (Society for Worldwide Interbank Financial Telecommunication) is an organisation that structures and organises international financial transactions. It is a not-for-profit association founded in 1973 and now has a membership of more than 11,000 banks and financial institutions in over 200 countries. SWIFT was established to make international banking communication easier and more reliable. Thanks to the global telecommunications network maintained by SWIFT, it is possible to exchange information between financial entities around the world.

SWIFT requires all participating institutions to adhere to a strict Customer Security Program (CSP). The CSCF (Customer Security Controls Framework) has been issued as formal guidelines/requirements. This ensures that all areas relevant to payment transactions and communication with SWIFT are strictly protected from the financial institution's other IT systems and the Internet. The document is regularly updated to reflect advances in technology and new practices in security protection.

SC2labs is also listed in the SWIFT Directory of assessment providers:

SC2labs provides SWIFT  assessments service

SWIFT does not certify, warrant, endorse or recommend any service provider listed in its directory and SWIFT customers are not required to use providers listed in the directory

Currently, annual internal compliance validations can be carried out, but by the end of 2023, an independent assessment must be performed during a self-certification. Such an assessment can be conducted  by independent external SWIFT assessors e.g. SC2labs assessors

Kickoff and Planning

The kickoff is considered the start of the engagement after the agreement is executed. We will discuss the certification process, identify the point of contact from both organisations and timelines for assessment, define a project roadmap and plan the next steps.

Preparation phase

In this phase, we propose an individual approach depending on your needs, which may include:

  • training/workshop - our dedicated SWIFT auditors will explain all the requirements of the standard, leading to a better understanding of the process and proper preparation for formal validation
  • scoping/scoping analysis - one of the key elements of the process that will help minimise and determine the exact scope of the audit.

Formal validation

The on-site audit is a formal process in which accredited auditors check the SWIFT environment - the systems, applications and processes that interact with the platform. An in-depth security analysis of the audited solution will be conducted - including interviews with the project team and designated staff, compliance with documentation, security procedures. The work will be conducted in accordance with the guidelines given in the CSCF (Customer Security Controls Framework). Currently, the document contains 32 control points (23 mandatory and 9 additional). During the process, the tests performed and the results of the validation carried out will be documented.


Formal documentation will be submitted within 3 weeks of project completion (receipt of all required data/documents/information by the auditor).

The deliverables include:

  • Report on CSCF Assessment for Mandatory Controls

  • Report on CSCF Assessment for Advisory Controls (optional)

  • Assesment Completion Letter RoC

Continual Support

After your successful certification, we provide continual support in the ongoing maintenance of the organisation’s compliance - we will provide and discuss changes to  the security standard itself, as well as explain and support with emerging issues and questions.