The SWIFT Security Controls Framework is a set of mandatory and suggested controls that all financial institutions that are SWIFT customers must comply with.

What is its function?

It establishes a baseline of controls aimed at preventing fraudulent activities and ensuring the security of information handled by SWIFT customers.

How to get certified? 

Controls are regularly updated. SWIFT customers must perform a self-assessment of the mandatory requirements and ensure compliance to achieve certification.

By what standards is it governed?

SWIFT establishes these controls based on an analysis of cyber threat intelligence and are aligned with leading international security standards:

  • NIST Cybersecurity Framework
  • ISO 27001: 2013
  • PCI DSS

What are the objectives of these controls?

  • Protect the environment.
  • Know and limit access.
  • Detect and respond.

What does DATASEC offer you?

  • Consultancy / Audit.
  • Diagnosis and identification of the existing GAP with respect to mandatory and suggested controls.
  • Development of an Action Plan for compliance and initiation of the improvement process.
  • Support in the implementation of the required controls.
  • Documentary and technical support.
  • Survey of important evidences.
  • Support in the preparation and development of the audit.
The Diagnosis will be able to identify the current situation and the level of risks that the organization presents. With those data it is possible to establish objectives and generate an Action Plan, identifying deadlines and actors involved. Based on the plan, our consultants will guide you in the effective compliance of the controls established by SWIFT, providing documentary and technical support. Subsequently, we will work with the purpose of preparing and developing the Audit to achieve certification.

Datasec is listed on SWIFT's website in the Cybersecurity Service Provider Directory and the Assessment Provider Directory.

"SWIFT does not certify, warrant, endorse, guarantee, or recommend any service provider listed in its directory and SWIFT customers are not obligated to use the providers listed in the directory."