SWIFT Security Attestation Has your organisation conducted an independent assessment in 2025? BackgroundSWIFT has revised counterparty requirements to include an independent assessment as part of the annual counterparty attestation process.A SWIFT attestation is an assessment that ensures organisations meet satisfactory compliance levels against the SWIFT Customer Security Controls Framework (CSCF) as part of the mandated Customer Security Program (CSP), founded on industry accepted principles (PCI-DSS, ISO27001 and NIST)All counterparties must attest before the expiry date of the current control's version, confirming full compliance with the mandatory security controls no later than 31 December each year.The independent assessment can be performed internally by qualified (e.g., QSA, CISSP, CISA, etc.) internal individuals and/or external SWIFT CSP Certified Assessor(s). Download Steps to complianceProtiviti’s Certified Assessors and SWIFT professionals can help your organisation address the SWIFT independent assessment with our experience in working with various SWIFT counterparties locally and internationally. Protiviti can assist you in steps 1, 2 and 3 of the following key steps towards SWIFT CSP controls compliance. How Protiviti can help Secure Your Environment Perform an independent or joint assessment in step 3 of the lifecycle. To analyse current control environments to determine if controls satisfy SWIFT CSP requirements and allow customers to submit their Know Your Customer – Self Attestation (KYC-SA). Strategy and implementation Assist SWIFT counterparties with remediation of identified gaps in mandatory controls or implementing best practice advisory CSP controls within their SWIFT environment and strategic transitions. Independent or co-source assessment Perform the independent assessment leveraging an outsourced or co-sourced delivery model. Leadership Tim Speelman Tim is a director with a track record of developing and implementing strategic plans that align with the demands and gaps of global and local enterprises. Before joining Protiviti, Tim was a regional CISO responsible for APAC within a large recruitment company with core ... Learn More Hirun Tantirigama Hirun is a managing director and Protiviti Australia's technology consulting lead with 18 years’ experience in providing risk and regulatory advisory services across a variety of clients and industries. He has led complex, transformational programs across areas such as ... Learn More Shane Silva Shane is an accomplished managing director based in Sydney, leading the data governance and technology assurance practices for Protiviti Australia. With a career spanning more than 16 years in the professional services industry, Shane is recognised for his exceptional ... Learn More Featured insights BLOGS Year one insights: SEC cybersecurity incident management disclosure rules 9 min read CFOs should school CISOs on materiality evaluations and reporting to the board, while CISOs can help finance chiefs better understand recovery costs, remediation efforts, single versus aggregate breaches and the nature of compromised data. Partnering... WHITEPAPER Navigating sanctions compliance through the transition to ISO 20022 16 min read The International Organisation for Standardisation’s (ISO) new global messaging standard, ISO 20022, is set to be adopted by payment processing organisations globally by 2025. FLASH REPORT NIST Releases Version 2.0 of Its Cybersecurity Framework (CSF): What This Means for Your Organisation 7 min read On February 26, 2024, The National Institute of Standards and Technology (NIST) released version 2.0 of its updated and widely used Cybersecurity Framework (CSF). This latest edition of the CSF is designed for all audiences, industry sectors and... PODCAST Emerging tech and the future of payments with Swift’s Head of Oceania, Suresh Rajalingam 3 min read In this VISION by Protiviti interview, Protiviti Director Ruby Chen and Protiviti Senior Director Rupesh Mahto sit down with Swift’s Suresh Rajalingam, who heads up the Oceania region and a team covering 20 countries across the region. Rajalingam is... BLOGS ISO 27002 Is Changing: What You Need To Do 5 min read ISO 27002 contains details of controls required to be certified under the ISO 27001 standard. With the ever changing security threat landscape and the need to protect information assets, the International Organisation for Standardisation (ISO) has... Previous Article Pagination Next Article
