We provide SWIFT CSP - Customer Security Program independent assessment, audit or compliance consuting services. Our speciailists have more than 10 years of relevant IT audit and IT security experience in banking, payment institutions and national banks in Bosnia&Herzegovina, Serbia, Slovenia, Albania, North Маcedonia and Croatia.
We usually provide full audit assessments, without scope limitation (like delta assessments practice, based on previous assessment data and other available assurance reports).
Our assessments include both mandatory and optional controls as a standard practice.
Full assessment (more detailed in Independent Assessment Process Guidelines) means:
- pre-assessment preparations and consultation (initial preparation meeting),
- preparation of testing for all controls (collecting information, establish and send plan details and list of required data/planned test), definition of specific retention constraints of evidence, expected SWIFT architecture diagram
- on-site assessment – testing and reviewing compliance data (two auditors), using latest SWIFT excel templates, limited use of Nessus scanner (local or our licence)
- draft report technical discussion,
- post-assessment activities - final reporting, follow-up activities, support in remediation process and additional KYC update till 31 dec 2023. with project sign-off, deleting of evidences on our systems within 30 days (our regular practice)
During the agreement, we offer a re-assessment to update the status of non-compliant controls and report any changes.
For most clients, we typically conduct on-site assessments for our first evaluations and we recommend initial planning for an on-site assessment.