SWIFT/ISO27001

Preparing for IT compliance

SWIFT CSP – CSCF assessment

While SWIFT users are responsible for protecting their own environments and access to SWIFT services, the Customer Security Programme has been introduced to support users and drive industry-wide collaboration in the fight against cyber fraud.

The Society for Worldwide Interbank Financial Telecommunications (SWIFT) Customer Security Programme (CSP) establishes a common set of security controls known as the Customer Security Controls Framework (CSCF) which is designed to help customers to secure their local environments and to foster a more secure financial ecosystem. The SWIFT CSCF consists of both mandatory and advisory security controls, which should be implemented by all users on their local SWIFT infrastructure. Within the CSCF, security controls are organised in objectives and principles, as follows:

Secure your environment

Restrict Internet access and protect critical systems from the general IT environment
Reduce attack surface and vulnerabilities
Physically secure the environment

Know and limit access

Prevent compromise of credentials
Manage identities and segregate privileges

Detect and respond

Detect anomalous activity to systems or transaction records
Plan for incident response and information sharing

Since mid-2021, SWIFT users are required to assess their level of compliance against the SWIFT CSCF on an annual basis. In order for this to be carried out in a uniform manner, SWIFT issues an Independent Assessment Framework (IAF) document which provides a framework for undertaking assessments against the SWIFT CSCF.

To further enhance the integrity, consistency, and accuracy of attestations, and also to reinforce the security of the global financial community, SWIFT mandates that all attestations against CSCF must be independently assessed as part of the Community-Standard Assessment process. Mazars can support SWIFT users throughout the whole independent assessment process.

ISO 27001 / Information Security Management System

Existing and potential clients, business partners, shareholders, regulators, your board and your wider stakeholders will expect your organisation to manage information security given the impact that a security incident can have on your business. Mazars can support you at all stages of your ISO 27001 journey from aligning with ISO 27001 to achieving and maintaining ISO 27001 certification.

ISO/IEC 27001 is an international standard that sets out the specification for an Information Security Management System (ISMS). Our ISO 27001 services are tailored to your needs with the aim of supporting you to achieve your information security objectives.

Gap analysis

Assess existing practices against ISO 27001 requirements

Our team can provide a comprehensive gap analysis against the ISO 27001 clauses and requirements with the aim of assessing current practices and identifying areas of improvement to achieve the desired objectives (e.g. obtaining certification under ISO 27001 or improving the maturity of the ISMS).

Design and implementation

Develop and deliver an implementation plan to achieve ISO 27001 compliance

Our team can provide support to:

Define ISMS scope, its boundaries and framework development.
Draft or review key policies and related documentation in alignment with the ISO 27001 requirements and your information security objectives.
Define or improve your information security risk assessment and risk treatment plans.
Deliver a project manager role through one of our experts to minimise impact to your business and keep the ISMS knowledge centralised.

Assessment and certification

Confirm readiness for assessment and identify opportunities for improvements

Our team can:

Conduct independent internal audit reviews in alignment with clause 9.2 of the ISO 27001 standard and taking into account the ISO/IEC 27007, Guidelines for information security management systems auditing.
Provide consulting support throughout the certification process, including preparing key personnel for the audit and managing any agreed remediation plans.
Follow up corrective action plans to ensure that issues are defined, tracked and appropriately communicated as required to comply with ISO 27001.

Continuous improvement

Keep the ISMS fit for purpose against the ever-changing threat landscape

Our team can provide consulting support to ensure that your organisation continually improves the suitability, adequacy and effectiveness of the ISMS. These services include:

Managing, monitoring and maintaining your ISMS.
Planning and conducting internal audits.
Maintaining relevant policies and related documentation up to date.
Managing transitions to revised versions of the ISO 27001 standard.

Our expertise and highly qualified team

Team members have experience in dealing with complex environments and projects across all sectors. Our tailored approach to working with clients makes us stand out. We can help support you in undertaking an independent IT compliance assessment utilising highly qualified professionals, holding relevant qualifications, such as:

Certified Information System Auditor (CISA)
Certified Information Security Manager (CISM)
ISO 27001 Lead Auditor
ISO 27001 Lead Implementer
ITIL
PRINCE2

Get in touch

To find out more or discuss your IT audit requirements, please contact us using the form below:

National contact

Simon Withington Director – IT Internal Audit

Detailed profile

Meet the team

Our technology and digital consulting professionals are based throughout the UK.

Tech talks

From AI, data, and robotic process automation to cyber security and disaster recovery, read our articles and listen to our podcasts to discover how you can boost business success and resilience through technology as well as strengthen it's protection, compliance and security.