Established by SWIFT, the CSP (Customer Security Program) establishes a common set of security controls, known as the Customer Security Control Framework (CSCF), designed to help users secure their local environments and promote a safer financial ecosystem.
ECS has the experience, capacity and certification to advise and assess you in compliance with the CSCF / CSP controls.
Our differentiating factor is the experience we have certifying our infrastructure at the ECS SWIFT Service Bureau.
Consultancy
We help you to identify the type of SWIFT architecture of your organization, we evaluate the risks and we validate the fulfillment of the controls to develop the roadmap that allows you to obtain the certification.
Audit
We are auditors approved by SWIFT to perform the CSP assessment, we evaluate and certify your organization in compliance with the requirements of the security controls framework for the client (CSCF).
ECS Fin provides comprehensive services that help banks and Swift users to address all compliance, design, implementation and operation requirements of the SWIFT infrastructure.
We do the SWIFT risk assessment, review current mandatory controls, and provide a prioritization framework.
We can help you with the design, implementation and operation of the SWIFT infrastructure by reviewing and validating compliance with CSCF controls and issuing Certifications of independent assurance reports.
ECS Fin helps you develop a risk mitigation roadmap after diagnosing and identifying the gaps between mandatory and suggested controls.
SWIFT users must identify the type of architecture that suits the organization’s infrastructure as well as the components according to the scope of the control framework:
Architecture A1
Both the messaging and communication interfaces belong to the Bank.
Architecture A2
Only the messaging interface belongs to the Bank. The Communication interface belongs to SWIFT or a Service Bureau.
Architecture A3
It uses a SWIFT connector since neither the messaging nor the communication interface belongs to the Bank. These interfaces are provided by Service bureau or SWIFT Services such as Alliance Cloud or Alliance Lite 2.
Architecture A4
It uses a Bank connector (Middleware system). The messaging and communication interfaces are provided by the Service bureau or by SWIFT.
Architecture B
The messaging and communication interfaces are provided by the Service bureau and not by SWIFT.
To improve the cybersecurity of financial networks, basic security controls are developed based on three general objectives. SWIFT users must initially comply with 22 controls (mandatory controls) out of 31. All security controls defined by SWIFT are applicable for SWIFT users to complete a secure payment processing chain.
As a certified SWIFT Service Bureau and Independent Assessment provider of certifications, ECS Fin can support you to ensure that the requirements for the evaluation and compliance of the CSP required by SWIFT are met through its consulting services and we can also certify you in its compliance.