Book FREE Consultation

URM is pleased to provide a FREE 30 minute consultation on Transitioning to ISO 27001:2022 for any UK-based organisation. Once an enquiry form has been submitted, we will be in touch to understand the nature of your enquiry and to book a mutually convenient time for a 30-minute consultation slot with one of URM’s specialists.

SWIFT CSP Consultancy Services

Assisting organisations comply with the SWIFT CSCF, PCI DSS, ISO 27001/ISO 27002 and NIST SP 800-53

SWIFT CSP Consultancy Services

The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is a Belgian cooperative society which provides a global messaging system that financial organisations use to transmit information and instructions securely.  In order to ensure those organisations’ cyber security defences are adequate and up to date, SWIFT introduced its Customer Security Programme (CSP).   As part of the CSP, users are required to submit their attestation of compliance with the SWIFT Customer Security Controls Framework (CSCF) and share these with counterparts.

The latest version of CSCF (i.e., v 2022) contains 31 controls (22 mandatory and 9 advisory) which are mapped against recognised international standards, i.e., NIST, PCI DSS and ISO 27002.  These 31 controls are based on 3 objectives; ‘Secure your Environment’, ‘Know and Limit Access’ and ‘Detect and Respond’ and are underpinned by 8 principles.  

Since 2021, members of the SWIFT community have utilised independent assessors as part of their attestation process.  The assessment by the independent assessor must come to the same conclusion as the user’s self-attestation status for all controls.  There are 2 attestation formats,  assessment or audit, and either format is acceptable provided that a risk-based approach is adopted which addresses the user’s risk drivers, in-scope components and meets the stated control objectives.  

As well as acting as your independent assessor, URM can assist you prepare for assessment by conducting a gap analysis so you fully understand your current position and any shortfalls in terms of conformance.  Furthermore, if any gaps are identified, we can help you remediate any areas of non conformance.

Gap Analysis

URM will conduct a review of your current cybersecurity posture against the CSCF requirements and identify any gaps within your controls that need improvement, as well as determining your organisation’s readiness for attestation.  As part of this gap analysis, URM will identify whether you have scoped your controls appropriately and ensure that security is addressed as part of the organisation’s governance activities.  Following the gap analysis, URM will produce a report which will not only detail those areas where your organisation needs to develop or improve your control implementation, but also a prioritised list and recommendations on how to address any gaps.

Implementation Support

Following your gap analysis, URM can help you with any remediation work necessary to improve and maintain your cybersecurity level, including developing, implementing and improving the effectiveness of the CSCF controls.  Any control implementation will be balanced between meeting CSCF requirements and ensuring improvements are in line with your current approach and working practices.

Independent Assessment

This is where URM’s specialist conducts an independent assessment in order to verify your implementation of the CSCF mandatory controls against the criteria of ‘satisfied’, ‘partially satisfied’ and ‘not satisfied’.   URM will assess your policies, processes, and business practices against CSCF requirements through interviews with key stakeholders, documentation review, site visits, and a review of your operations.

Get in touch

Please note, we can only process business email addresses.

Why URM?

Risk Management Expertise

Since 2002, URM has been developing and refining its risk assessment methodologies and processes to address the requirements of international standards and has developed a suite of purpose-designed risk management software products (Abriska).

Experience and Competence

URM is not only experienced in assisting organisations comply with the SWIFT CSCF, but also with PCI DSS, ISO 27001/ISO 27002 and NIST SP 800-53, the main standards against which the CSCF controls are mapped.  URM has been involved in assisting hundreds of organisations comply with these standards and will ensure you fully leverage any artefacts gained in complying with these standards as part of your CSCF attestation.

Qualified Assessors

URM’s assessors have attained the required industry relevant professional certifications, e.g., PCI QSA, ISO 27001 lead auditors, CISA.

Company Accreditations

In addition to its 20 years’ experience of delivering practical solutions in the governance, risk and compliance (GRC) space, URM provides reassurance through its own certification to ISO 27001, ISO 22301 and Cyber Essentials Plus, as well as being a CREST-accredited penetration testing organisation.

Information Security FAQISO 27001 FAQ

Common Pitfalls Identified in Organisations Seeking ISO 27001 Certification

Published on
9/5/2024

URM’s blog discusses the common pitfalls of the ISO 27001 implementation and certification process, and how you can avoid making the same mistakes.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
19/4/2024
Planning Your ISO 27001 Audit Programme

URM’s blog drills down into ISO 27001 audits, offering advice on how to effectively develop and implement an ISO 27001 conformant audit programme.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
13/3/2024
How to Meet the ISO 27001 Requirements Around Interested Parties

URM’s blog provides advice and guidance on how you can meet the ISO 27001 requirements around interested parties and their needs and expectations.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
8/3/2024
Lessons Learnt from Early ISO 27001:2022 Transitions

URM’s blog, produced in collaboration with BSI, discusses common mistakes we have seen in early ISO 27001:2022 transitions, and how to avoid them.

Read more
"
Without doubt, URM helped us to achieve our planned objectives a lot sooner than expected. The engagement was a huge success and couldn’t have gone any better.
Group IT Director, UK Mail
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.