SWIFT (Society for Worldwide Interbank Financial Telecommunication) is an organisation that structures and organises international financial transactions. It is a not-for-profit association founded in 1973 and now has a membership of more than 11,000 banks and financial institutions in over 200 countries. SWIFT was established to make international banking communication easier and more reliable. Thanks to the global telecommunications network maintained by SWIFT, it is possible to exchange information between financial entities around the world.
SWIFT requires all participating institutions to adhere to a strict Customer Security Program (CSP). The CSCF (Customer Security Controls Framework) has been issued as formal guidelines/requirements. This ensures that all areas relevant to payment transactions and communication with SWIFT are strictly protected from the financial institution's other IT systems and the Internet. The document is regularly updated to reflect advances in technology and new practices in security protection.
SC2labs staff includes Swift Certified Assessors in the subject area: CSP Assessments
check:
Swift CSP Certified Assessors Directory
SWIFT does not certify, warrant, endorse or recommend any service provider listed in its directory and SWIFT customers are not required to use providers listed in the directory
Currently, annual internal compliance validations can be carried out, but by the end each year, an independent assessment must be performed. Such an assessment can be conducted by independent external SWIFT assessors e.g. SC2labs assessors
Swift CSCF is updated with the new version of the controls framework in July of each year.
If your attestation is assessed against the current version of CSCF and published after July then it will be valid until end of the following year.
However if your attestation is assessed against the old version of CSCF and published before July, then it will only be valid until end of the current year.
Kickoff and Planning
The kickoff is considered the start of the engagement after the agreement is executed. We will discuss the certification process, identify the point of contact from both organisations and timelines for assessment, define a project roadmap and plan the next steps.
Preparation phase
In this phase, we propose an individual approach depending on your needs, which may include:
- training/workshop - our dedicated SWIFT auditors will explain all the requirements of the standard, leading to a better understanding of the process and proper preparation for formal validation
- scoping/scoping analysis - one of the key elements of the process that will help minimise and determine the exact scope of the audit.
Formal validation
The on-site audit is a formal process in which accredited auditors check the SWIFT environment - the systems, applications and processes that interact with the platform. An in-depth security analysis of the audited solution will be conducted - including interviews with the project team and designated staff, compliance with documentation, security procedures. The work will be conducted in accordance with the guidelines given in the CSCF (Customer Security Controls Framework). Currently, the document contains 32 control points (23 mandatory and 9 additional). During the process, the tests performed and the results of the validation carried out will be documented.
Deliverables
Formal documentation will be submitted within 3 weeks of project completion (receipt of all required data/documents/information by the auditor).
The deliverables include:
Report on CSCF Assessment for Mandatory Controls
Report on CSCF Assessment for Advisory Controls (optional)
Assesment Completion Letter
Continual Support
After your successful certification, we provide continual support in the ongoing maintenance of the organisation’s compliance - we will provide and discuss changes to the security standard itself, as well as explain and support with emerging issues and questions.