Scribd Logo
Upload

Welcome to Scribd!

  • 14 views

    EXT Read Me For Customers Service Bureau SWIFT CSP 2021 For Kyriba Cus

    Uploaded by

    gautam_86
    The document discusses SWIFT's mandatory Customer Security Programme (CSP) requirements for 2021. It notes that all SWIFT customers must comply with CSP controls by December 31, 2021. It outlines the CSP implementation phases for Kyriba SWIFT customers, including complying with 2021 requirements, undergoing an independent assessment, and completing a mandatory attestation in the SWIFT KYC-SA portal by the deadline. Kyriba customers are responsible for a subset of controls and must follow Kyriba's guidance to ensure compliance.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    EXT Read Me For Customers Service Bureau SWIFT CSP 2021 For Kyriba Cus

    Uploaded by

    gautam_86
    14 views2 pages
    The document discusses SWIFT's mandatory Customer Security Programme (CSP) requirements for 2021. It notes that all SWIFT customers must comply with CSP controls by December 31, 2021. It outlines the CSP implementation phases for Kyriba SWIFT customers, including complying with 2021 requirements, undergoing an independent assessment, and completing a mandatory attestation in the SWIFT KYC-SA portal by the deadline. Kyriba customers are responsible for a subset of controls and must follow Kyriba's guidance to ensure compliance.

    Original Description:

    Original Title

    EXT_Read_Me_for_Customers_Service_Bureau_SWIFT_CSP_2021_for_Kyriba_Cus

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses SWIFT's mandatory Customer Security Programme (CSP) requirements for 2021. It notes that all SWIFT customers must comply with CSP controls by December 31, 2021. It outlines the CSP implementation phases for Kyriba SWIFT customers, including complying with 2021 requirements, undergoing an independent assessment, and completing a mandatory attestation in the SWIFT KYC-SA portal by the deadline. Kyriba customers are responsible for a subset of controls and must follow Kyriba's guidance to ensure compliance.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    14 views2 pages

    EXT Read Me For Customers Service Bureau SWIFT CSP 2021 For Kyriba Cus

    Uploaded by

    gautam_86
    The document discusses SWIFT's mandatory Customer Security Programme (CSP) requirements for 2021. It notes that all SWIFT customers must comply with CSP controls by December 31, 2021. It outlines the CSP implementation phases for Kyriba SWIFT customers, including complying with 2021 requirements, undergoing an independent assessment, and completing a mandatory attestation in the SWIFT KYC-SA portal by the deadline. Kyriba customers are responsible for a subset of controls and must follow Kyriba's guidance to ensure compliance.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 2

    Important update about SWIFT for Kyriba Service Bureau customers :

    SWIFT Mandatory CSP (Customer Security Programme) 2021 at a glance

    The SWIFT CSP Program

    SWIFT Customer Security Programme (CSP) is a dedicated and mandatory program to support SWIFT customers in
    reinforcing the security of their SWIFT-related infrastructure.
    Combating fraud is a challenge for the entire financial industry. The threat landscape adapts and evolves daily, and SWIFT,
    its partners and customers have to remain vigilant and proactive over the long term.
    While each individual SWIFT customer is responsible for the security of its own environment, the security of the global
    community can only be ensured collectively.
    Kyriba considers the security of its customers extremely seriously, and as such, wants to ensure that our
    customers are fully compliant with all SWIFT requirements which are under their responsibility.

    What it means for Kyriba SWIFT customers

    SWIFT requirements:
    In the context of the CSP, SWIFT defines for their customers an annual framework including a set of security controls to be
    implemented.
    Every SWIFT client is required by SWIFT to implement the mandatory annual CSP at the latest by the end of 2021.
    As Kyriba handles a part of the controls on behalf of its customers, customers only have to implement a subset of
    controls under their responsibility. Those requirements are listed in the documents provided by Kyriba.

    SWIFT Customers have to be compliant to SWIFT CSCF v2021 by Dec 31st, 2021.

    Implementation Phases:

    Kyriba Proprietary and Confidential - 2021


    Reference
    Phase Detail
    Documents

    Compliance to CSCF ● All controls required from SWIFT Kyriba customers from previous
    “SWIFT CSP
    2021 requirements: CSCF requirements
    2021
    Implement SWIFT
    (New !) ● Control 1.4 = Restriction of internet access requirements
    security requirements
    for Kyriba
    under Kyriba Customer’s
    ● Impact of Operator PC definition change customers” >
    responsibility
    Due to a change in the SWIFT definition of the “Operator PCs” (the PCs Section “1.3.
    (New !) SWIFT CSCF
    used to connect to Kyriba application), the scope of controls for Service
    Bureau customers has been increased (11 additional controls relating to 2021”
    Operator PCs)

    ● Control 4.2 Multi-factor Authentication

    As of Dec 31st, 2021, all Kyriba Service Bureau customers able to do


    payments have to implement MFA for their payment users
    ○ Customers can choose “How to setup
    (New !)
    ● To use Kyriba MFA > They have to follow the exact same MFA”
    rules as AL2 customers ;
    ● To use their own MFA > In this case SWIFT is requiring
    the customer to use SSO as the 1st factor to connect to
    the Kyriba application

    IAF (Independent Who has to do the assessment?


    Assessment All clients have to proceed to a Mandatory security assessment
    Framework):
    New mandatory Who can proceed to the assessment?
    Independent Assessment Clients are free to choose if the assessment is done internally and/or
    externally:
    ● Internal assessment carried out by the company’s 2nd or 3rd line of
    defence such as the users’ internal compliance, internal risk of internal
    audit departments (independent from the first line of defence function “SWIFT CSP
    submitting the attestation); and/or 2021
    ● External assessment carried out by an independent external requirements
    organisation. for Kyriba
    customers” >
    In both cases, the assessors have to have cyber security assessment
    Section “2.1.
    experience and lead assessor at the minimum with relevant security industry
    certification. SWIFT
    Assessments
    What is the scope? requirements”
    As Kyriba handles a part of the controls on behalf of customers, customers
    only have to implement a subset of controls (list provided in the Kyriba
    documentations), and thus the assessment will have to cover this scope

    What is the outcome?


    ● The assessors need to issue a customer WORD Completion Letter
    ● Kyriba will provide its own Kyriba WORD Completion Letter (relating to
    the part of Controls handled by Kyriba) to customers in December 2021
    KYC-SA attestation: By 31st Dec 2021, all SWIFT customers need:
    Mandatory attestation to 1. To fill the KYC-SA to confirm full compliance with the mandatory
    “Tutorial
    be filled by the client on controls
    KYC-SA”
    SWIFT website 2. To Keep carefully their Completion letter and the Completion letter
    provided by Kyriba, as they can be required by SWIFT

    Contact: For questions relating to the SWIFT CSP, please contact kyribaswiftcsp@kyriba.com.

    Kyriba Proprietary and Confidential - 2021

    You might also like