SWIFT AUDITING

Protecting the SWIFT network, your customers and your reputation

The Society For Worldwide Interbank Financial Telecommunication (SWIFT), the network that enables banks to exchange information about financial transactions, moves trillions of dollars around the world every day.

Security in the messaging service is paramount. Customers must adhere to the SWIFT Customer Security Controls Framework (CSCF), described by SWIFT as “a security baseline for the entire community” – yet the messaging service has become a prime target for sophisticated cyber attackers.

There are three levels of compliance: Self-attestation, internal audit or third-party review.

What we do

Dionach are independent SWIFT Customer Security Programme (CSP) auditors, providing assurance for organisations opting for an external assessment as part of the SWIFT Independent Assessment Framework (IAF).

Since July 2020, all SWIFT users have been required to carry out an independent assessment when self-attesting. As a listed provider of the SWIFT Partner Programme, Dionach fulfil the requirement of an independent external assessment.

As your chosen auditor, we will help to reduce complexity in the compliance process and relieve the pressure on your internal resources. 

Note that SWIFT does not certify, warrant, endorse or recommend any service provider listed in its directory and SWIFT customers are not required to use providers listed in the directory.

Need help with cybersecurity solutions? We are experts!

SWIFT CSP Attestation Audit

Engaging Dionach as an external specialist will not only ensure you meet SWIFT’s mandatory compliance requirements, but also deliver an additional level of assurance in the security of your SWIFT-related infrastructure.

An attestation audit identifies where risk drivers from the SWIFT CSP are, or are not, met. Our clear report meets requirements for SWIFT IAF supporting documents, provides insight and tailored advice on how to address non-conformances to achieve attestation, and guides you through submission of a fully compliant attestation via the SWIFT KYC-SA application.

SWIFT CSP Gap Audit

Your first external assessment may highlight more non-conformances than previously identified by internal assessments or self-attestation. As such, it may be beneficial to undergo a gap audit before an attestation audit.

Dionach’s SWIFT CSP gap audit is an analysis of your organisation’s SWIFT-related infrastructure to understand what you need to do to meet SWIFT’s mandatory compliance requirements. Consultants will interview relevant staff, review your current policies, procedures, and practices, then produce a detailed gap audit report which defines your current compliance levels, highlights any areas that need to be addressed, and provides tailored recommendations to achieve compliance against the SWIFT CSCF controls.

WHY CONDUCT Regular Swift auditing?

HOW WE WORK

We deliver the whole spectrum of cyber security services, from long-term, enterprise wide strategy and implementation projects to single penetration tests.

Our team works with you to identify and assess your organisation’s vulnerabilities, define enterprise-wide goals, and advise how best to achieve them.

Our recommendations are clear, concise, pragmatic and tailored to your organisation.

Independent, unbiased, personalised – this is how we define our services. We guide you to spend wisely and invest in change efficiently.

Find out how we can help with your cyber challenge

dISCOVER OUR LATEST RESEARCH

ICS-SCADA-REMOTE-ACCESS

The Growing Cybersecurity Risks of AI and Mitigations: External and Internal Threats

As artificial intelligence (AI) continues to advance and permeate various industries, it brings about significant benefits and transformative capabilities. However, along with its tremendous potential, AI could also impact organisations’ cyber risk profile by introducing new risks which have not been previously considered. In this article, we will explore the growing threats associated with AI, […]
Data-Classification-

How to classify sensitive data within your organisation (2/2)

In this second part of our two-part blog we will discuss the requirements to correctly classify your data. Following on from part one once the identification and classification of your data has been completed you need to focus upon data handling. Establish Data Handling Requirements There are numerous forms of technical, operational and management controls […]
sensitive-data-GDPR

How to classify sensitive data within your organisation (1/2)

A crucial first step towards ensuring your data is secure is to identify and classify your information assets. Without considering these tasks you will neither know where your assets are nor how to keep them secure. Information · which assets are more valuable than others · which assets require additional security controls Failure to classify […]