SWIFT CSP Remote / Onsite Assessment Service
What is SWIFT Customer Security Program?
SWIFT first established the CSP program in 2016 with the main aim of implementing practices to protect against, detect and share information about financial service cybercrime. SWIFT had established the Customer Security Control Framework (CSCF) that all SWIFT Users/Banking Identifier Code (BIC) must comply to and submit Security Attestation to SWIFT KYC-SA Application.
Currently, the SWIFT CSCF v2021 has 22 mandatory requirements and 9 advisory requirements that SWIFT users need to comply to by 31 Dec 2021.
Introduction of Independent Assessment Framework (IAF)
With the introduction of the IAF, there are three types of assessments that are allowed:
- Self-Assessment (non-compliant reportable as of Jan 2022)
- Community-Standard Assessment
- SWIFT-Mandated Assessment
The IAF will be completed on Jan 2022 onwards. After the implementation of IAF, only Community-Standard and SWIFT-Mandated Assessment will be compliant within SWIFT KYC-SA Portal.
The main concept of the IAF is to ensure that SWIFT CSP assessments are completed independently, and the assessors hold professional certifications to conduct the assessments professionally.
Risk-Based Approach Assessments
AGES provides CSP assessment services to SWIFT users using on a “risk-based” approach methodology and customer-oriented approach that has proven effective in ensuring compliance. AGES recognized that each SWIFT users’ deployment and security controls are unique due to operational and compliance needs. Hence, an “audit checklist” style assessment will not be effective in assessing CSCF requirements. To date, AGES had conducted over 2000 security assessments over different assessment programs using a “risk-based” approach methodology with positive feedback and experience from our clients.
AGES SWIFT CSP Remote / Onsite Assessment Service
AGES provides both remote and onsite assessment services for the SWIFT CSP assessment service. The assessment service consists of:
- Professional scoping exercise to determine the scope of SWIFT CSP Assessment
- Mandatory security controls review
- Advisory security controls review
- Sampling of technical controls
- Technical guidance of non-conformance found during assessment
- Recommendations and suggestions
The SWIFT CSP assessments will be led by one of AGES professional and certified assessors with the necessary certifications and industry knowledge and experience from the start of the assessment engagement process to the end of the assessment process.
Due to the pandemic situation, AGES offers the assessments both onsite and/or remotely based on the client’s requirements and travel restrictions.
AGES has conducted more than 400 remote assessments since the start of the pandemic using an approved remote assessment methodology that is unique and proves to be useful to validate compliance.