Compliance & Risk Assessment

 

1.Service Overview CSP IN SWIFT

As a CSP Assessment Provider V-tech will help you comply and validate successful alignment of controls with the SWIFT CSP framework. Our extensive cyber security experience and expertise will ensure that all your SWIFT security setups are complying with SWIFT security requirements. Customer Security Programmed (CSP) has been introduced to support customers and drive industry-wide collaboration in the fight against cyber fraud

The SWIFT Customer Security Controls Framework (CSCF) consists of both mandatory and advisory security controls for SWIFT users. Mandatory security controls establish a security baseline for the entire community, and must be implemented by all users on their local SWIFT infrastructure

The SWIFT CSP program aims at detection and prevention of fraudulent activity by means of a set of mandatory security controls (SWIFT CSCF) and community wide information sharing initiative. All security requirements can be categorized into three major activities:

  • Secure your Environment
  • Know and Limit Access
  • Detect and Respond

SWIFT publishes further details of the related attestation policy and process in the SWIFT Customer Security Controls Framework (CSCF) Policy document.

The document contains information on:

  • The requirement to attest against SWIFT’s mandatory security controls.
  • The process and timelines for submitting your attestation to the KYC-Security Attestation application.
  • the process for viewing counterparties’ attestation via the KYC Security Attestation application
  • Follow-up actions in case of non-compliance according to the reporting timelines.

2.Independent assessments, users are reminded:

  • Compliance to control objectives is a risk-based approach. The provided implementation guidelines can be used as a starting point but cannot be considered as strict ‘audit checklists.
  • Users engaging with third parties (extended to cloud providers) to host and/or operate in full or in part their own SWIFT infrastructure, have to obtain reasonable comfort from third parties that the outsourced activities and/or externally hosted components are protected as per the security controls.

3.Assessment Process CSP IN SWIFT

The assessment process will be perform based on Customer Security program (CSP) and defined SWIFT latest guidelines.

4.Advantage CSP IN SWIFT

Complying with the standard CSP framework, the financial institutions can:

  • To securely operate their SWIFT environment.
  • To improve their security posture,
  • To increase their reputation,
  • To enhance their security controls management,
  • To increase customer confidence and their business,
  • To avoid penalties