SWIFT Compliance Audit

8+ bln

financial messages in 2020

200+

territories connected

11,000

banking institutions connected

The banking industry is a lucrative, and therefore frequent target of cyberattacks. To respond to current and future threats, the Society for Worldwide Interbank FInancial Telecommunications (SWIFT) introduced their Customer Security Programme (CSP) in 2016.

The program outlines the Customer Security Controls Framework (CSCF), which comprises a set of mandatory and advisory security controls that apply to all member banks and financial institutions.

As a member of SWIFT, Group-IB is recommended to perform external attestations of any other member and offers comprehensive compliance audit.

The guidelines are regularly updated to reflect technological advances, new cybersecurity practices, and changes to the threat landscape. The current CSCF consists of 3 main objectives, 8 main principles, 31 security controls.

Objective

Principle


Secure your environment

  • Restrict internet access
  • Protect critical systems from the general IT environment
  • Reduce attack surface and vulnerabilities
  • Physically secure the environment

Know and limit access

  • Prevent compromise of credentials
  • Manage identities and segregate privileges

Detect and respond

  • Detect anomalous activity to system or transaction records
  • Plan for incident response and information sharing

Compliance requirements


All SWIFT members must conduct a security attestation every year:

External evaluation

Conducted by an independent organization. The auditors themselves must be certified within the IS industry

Internal evaluation

Conducted at the expense of the organization’s independent qualified internal assessor

Audit process by Group-IB

1Preliminary data analysis
  • Analysis of internal documents
  • Clarification of the audit parameters
  • Creation of audit plan
2Perfomance of audit
  • Interview
  • Collection of audit findings
  • Review of business processes
3Preparation of report
  • Creation of report on SWIFT compliance
  • Development of recommendations to eliminate gaps
4Drafting of internal documentation

Review and update of company’s internal documents based on audit results

What you get

Assessment and understanding

of your current state

Recommendations

for improving the effectiveness of protective measures and for SWIFT CSCF compliance

Consulting

on how to enhance organization and administrative documentation, and reporting guidelines

Why choose Group-IB’s Compliance Audit and Consulting

First-rate team of certified experts

Team of qualified experts who have 10+ years of experience auditing various infrastructures (GDPR DPP, CISSP, CISA, PCI QSA, ISO and others)

Technological and human intelligence

The strong synergy between Group-IB’s experts and proprietary Threat Intelligence & Attribution ensure up-to-date knowledge of attacker TTPs

Comprehensive approach

We not only check for compliance but also draft internal documentation and recommendations, and provide risk assessments and consulting

No nonsense reporting

We provide thorough, easy-to-read reports that clearly outline gaps in compliance as well as corresponding remediation measures

Contact us to receive a consultation
on Compliance Audit

Report an incident

24/7 Incident Response Assistance +65 3159-4398

Thank you for the inquiry! We will contact you soon.
Cookies

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

 
All you need to know to #StayCyberSafe