CSP Assessment

Swift introduced the Customer Security Programme in 2019. The main goal of Swift’s Customer Security Programme (CSP) is to help financial institutions ensure their protection and readiness to face cyberattacks. It also provides Banks with a tool to verify that security policies are up-to-date and effective in protecting the integrity of the wider financial network. Users compare the security measures they have implemented with those detailed in the Customer Security Controls Framework (CSCF), before attesting their level of compliance annually.

Each year as of July Swift issues an updated version of the CSCF. It means that each year banks must attest themselves against an updated CSCF version and then support their attestation with an Independent Assessment.

Swift mandates that, at minimum, all mandatory controls of the attestation are
independently assessed. It is required for the independent assessor(s) to confirm that for
CSCF the controls are under review, the control objective is met, the in-scope components
are covered, and the risk drivers are addressed. At a minimum, the mandatory controls
must be independently assessed. While the implementation of advisory controls is
recommended but optional; they must also be independently assessed when considered
for inclusion in the attestation.

The deadline for self-attestation, and independent assessment, is 31 December.

What ProFIX Group offers and what we do?

• CSP Independent Assessment: We will provide you with an independent assessment of your compliance with the Swift CSCF actual version. As a result of this independent assessment, we will provide you with a detailed report you can use to support your application.
• Understanding your existing infrastructure policy and defining a remediation plan to achieve compliance with CSCF.
• Over 20 years of experience working with Swift in different roles – as Swift Service Bureau, Swift Business Partner, and Swift Consulting Partner.
• Our assessors hold ISO 27001 Lead Auditor certification which is mandatory according to CSP Independent Assessment Framework.

We use our experience and deep knowledge of the Customer Security Programme and
Swift infrastructure to support banks with the mandatory Independent Assessment.