- Customer’s local SWIFT infrastructure architecture type determination (architectures types: A1, A2, A3 or B);
- SWIFT CSP requirements list determination, applicable to identified Customer’s local SWIFT architecture type;
- data collection on the processes, within which the international money transfers implementation is implemented; information resources list determination, which ensures the current processes operation; staff identification, involved in the processes organization of performing international money transfers, servicing information resources and fulfilling SWIFT requirements.
About SWIFT CSP
Compliance Control assesses the Customer’s local SWIFT payment infrastructure compliance with SWIFT Customer Security Program (CSP) requirements.
SWIFT Customer Security Controls Framework – CSCF includes mandatory and recommended security control elements for implementation by SWIFT users in their local SWIFT-related environment. Mandatory security control elements establish common baseline security for the SWIFT community and must be implemented by all users, including those connecting through a service bureau or provider. The required and recommended control elements list is regularly reviewed to reflect the changing threat landscape.
SWIFT users must confirm their compliance level with mandatory control elements, applicable to their SWIFT connectivity architecture type within CSCF. The attestation results must be submitted and published on the KYC-SA portal (Know Your Customer – Security Attestation).
SWIFT has made it mandatory to independently evaluate SWIFT CSCF certifications, starting with new certifications, provided in 2020 within CSCF v2020 since mid-2020.
Compliance Control OÜ specialists have got best practices in assessing compliance with the SWIFT Customer Security Program requirements.
Customers get an additional advice to avoid possible mistakes within SWIFT Customer Security Program requirements implementation and to approach the submitting reports stage to SWIFT with confidence in the maximum possible objective assessment.
- Customer’s internal organizational and technological documents analysis, related to cybersecurity and compliance with SWIFT CSP program requirements;
- Assessment of the Customer’s cybersecurity processes and procedures compliance degree with mandatory and recommended SWIFT CSCF security controls requirements.
The reports on the identified cybersecurity measures and the existing cybersecurity system assessment for the local SWIFT infrastructure will be prepared in the official SWIFT templates format on the current audit results basis:
- CSCF Assessment Template for Mandatory Controls;
- CSCF Assessment Template for Advisory Controls;
- Completion Letter to be submitted to SWIFT and reporting information publication on SWIFT KYC Registry portal.