The CSP Assessment

Effective since 2021, SWIFT mandated that all Customer Security Programme (CSP) attestations must be independently assessed annually, to help combat fraudulent activities. Finastra, our service bureau partner, successfully launched an independent assessment service in 2021 to support customers through this process, and has since been helping many to achieve SWIFT CSP compliance. 

SWIFT’s Customer Security Programme (CSP) is a common set of security controls aimed at assisting users to secure their SWIFT environments. The SWIFT Customer Security Controls Framework (CSCF) consists of both mandatory and advisory security controls. These mandatory security controls establish a general security baseline and must be implemented by all users, including those that use a Service Bureau.

To ensure that SWIFT members and all SWISSRoute and or Alchemy clients comply on time, IBIS Management is offering independent CSP assessment services through Finastra. Hire certified professionals that know your needs and environment best. Finastra is also listed on SWIFT’s directory of independent CSP providers and complies with the required criteria. 

• Scope and architecture type assessment

 

• Project plan to achieve attestation

 

• Scope document detailing architecture model; relevant infrastructures and applications; message flows; users and in-scope assets

 

• Controls tracker – a detailed breakdown of compliance against each CSCF control requirement

 

• Attestation report – detailed findings against each SWIFT CSCF control, including supporting evidence, assessment, gap analysis and recommendations

 

• Remediation report, including remediation path

 

• Executive summary report

 

• Bi-monthly steering group follow up (optional)