
Allam Zia
Following a number of security breaches at financial institutions, Swift became concerned about the security of its users. They decided to create a set of security controls and requires all its users to attest their level of compliance with these controls transparently. The CSP is continually updated to address new threats and weaknesses in the ever-changing cybersecurity landscape.
SWIFT aims to support its community in the fight against cyber-attacks. In 2017, SWIFT published its Customer Security Programme. This has evolved over the years and has now been refined to 22 mandatory and 9 advisory (optional) security controls as per the latest SWIFT Customer Security Controls Framework. SWIFT has introduced a requirement that mandates an independent assessment for all customers' attestations to be performed either through use of an independent third-party or accredited second line (e.g Compliance) or third line of defense (e.g Internal Audit).
Swift has defined a set of security objectives in the Customer Security Controls Framework (CSCF). The CSCF consists of [needs rewritten] but not all controls are applicable to all architecture types: it depends on the extent to which an organisation is integrated with Swift systems.
Swift users are required to confirm their compliance with the mandatory security controls between 1 July and 31 December of each year – whether fully compliant or not!
As your trusted partner, BDO will help you achieve your objectives in a pragmatic yet qualitative way.
As Swift Certified Assessors, our assessments are of the highest quality and strive to add value to your organisation instead of just tick-the-box compliance. Our detailed yet straightforward reporting pinpoints what areas you should focus on.
As implementation partners, we focus on the high-risk areas first, making sure your main security gaps are covered. Then, we focus on compliance areas, to ensure an assessment will pass the test.
BDO tailors its work to each individual client’s needs, to ensure our solutions add value where you most need it. Ranging from implementing an ISO27K-compliant GRC security program or a third party security management system to providing DORA and NIS2 assessments and implementations – always in a pragmatic way, tailored to your needs.
Thanks to BDO’s broad expertise, experience and proven record of assisting organisations in both the implementation and the assessment of Swift security controls, you can rely on both enhanced security and compliance with the CSP framework.
All our assesors have proven experience in Swift CSP assessments, IT audits and ISO27K implementations and assessments, and have relevant certifications including the Swift Certified Assessors certification and a combination of CISA, CISM, CISSP, ISO27K Lead Auditor, etc. Furthermore, our low partner-to-staff ratio means high involvement and guidance from partners and experienced staff, and a solid and stable team to perform the assessments.
Allam Zia