+91 9324813180
+1 4847906355
+63 9208320598
+44 1519470017
+84 908370948
+7 9639173485
+62 81808037776
+90 5441016383
+66 993367171
+254 725235855
+256 707194495
+46 700548490FAQ's
SWIFT CSCF Assessment
The Society for Worldwide Interbank Financial Telecommunications (SWIFT) has put forth a security framework under its Customer Security Program i.e. SWIFT CSP for all of its users to address the growing needs of security and transparency as a community to combat the increase in cyber fraud.
What Is The SWIFT CSP?
SWIFT's customer security programme (CSP) aims to prevent and detect fraudulent activity through a set of mandatory security controls, community-wide information sharing initiatives and enhanced security features on their products.
When Is The Deadline For SWIFT CSP Compliance?
SWIFT CSP requires one to submit a self-attestation on an annual basis by 31 December. An independent assessment is required alongside a customers attestations from 31 December 2020 onwards.
What Form Does The SWIFT Required Independent Assessment Need To Take?
- An internal assessment : The internal audit needs to be carried out as per the internal audit function of the customer and independent from the function submitting the attestation.
- An external assessment : An external audit can be carried out by QRC, an assessment against the CSP controls.
What Are The SWIFT CSCF V2020 Controls?
SWIFT’s CSCF V2020 comprises 3 Objectives, 8 Principles & 31 Controls (21 Mandatory & 10 Optional). SWIFT mandatory controls focussed on securing your environment, knowing and limiting access
What If You Attest Non-Compliance For SWIFT?
SWIFT reports all cases of non-compliance and where members have not verified to local regulators.
What If I Suspect My Organisation Has Been Targeted Or Breached?
In any circumstances, it is necessary to share all relevant information and let SWIFT know there is a problem as soon as possible, in order to protect other organisations in the network.
Should Advisory Controls Be Adopted?
Customers are required to implement all mandatory controls.However the advisory controls are provided to reduce the attack surface and vulnerabilities, detecting anomalous activity to systems or transaction records, and planning for incident response and information sharing. These controls should be ideally selected after performing risk assessments.