BOTECH, certification company SWIFT CSP (Customer Security Programme)
What is SWIFT's Customer Security Program (CSP)?
The SWIFT CSP, or Customer Security Program, seeks to prevent and detect fraudulent activities through a series of mandatory security controls. The main objective of these controls is to establish a fundamental level of security across the financial community, mitigating the risk of cyber-attacks and fostering a secure financial ecosystem.
SWIFT CSP Objectives
Protect
Protecting the environment by separating critical systems from the general computing environment
Limit
Limit access and be aware of who is accessing by managing identities and privileges.
Detect
Detecting fraudulent activities, responding to them and exchanging information
SWIFT CSP as a security framework, independent assessment
2017 was the year in which the Society for Worldwide Interbank Financial Telecommunication launched the first version of SWIFT, which saw the light of day with the main objective of implementing minimum controls to ensure that messages are transmitted through secure and reliable channels between all financial institutions. Therefore, it is of utmost importance that financial institutions that are part of the interbank payment ecosystem become certified.
The Society for Worldwide Interbank Financial Telecommunications launched a few years later the CSP (Cutomer Security Programme) to foster a secure financial ecosystem. To comply with the CSP, SWIFT users must support their certification with an independent assessment. The Independent Assessment Framework (IAF) develops the key concepts and rules that guide an independent assessment conducted by an external party and/or an independent internal department.
This independent review can be performed:
- It can be performed by internal assessors as long as they belong to an area independent from the one that operates the controls, i.e., second or third line of defense (compliance, risk management or internal audit). Any person who does not report to the CISO.
- It can be performed by independent third-party assessors or CSP assessment providers with expertise in cybersecurity assessment, such as BOTECH.
- This independent assessment can be performed by a mixed team, composed of internal and external assessors.
We accompany you through the whole process and help you to comply with SWIFT CSP. Shall we talk?
Send us an email to info@botech.info or fill out the following contact form.