2021 ISAE 3000 Type 2 reports
SWIFT plays a vital role in supporting the daily operations of our users, and it is critical that we meet all our security, technical infrastructure and operational objectives at all times. At SWIFT, we are committed to providing solutions that meet our clients’ security requirements. As part of this commitment SWIFT makes available ISAE 3000 reports for the SWIFTNet, FIN and Lite2 services.
SWIFTNet and FIN ISAE 3000 Report
We are pleased to announce that SWIFT has completed its 13th independent security review of the internal control policies, procedures, and controls supporting the SWIFTNet and FIN messaging services and has received an unqualified opinion from Deloitte, covering the 2021 calendar year.
Deloitte's opinion on SWIFT’s security for FIN and SWIFTNet is included in the 2021 ISAE 3000 report. ISAE 3000 is an international standard enabling service providers, such as SWIFT, to give independent assurance on their processes and controls to their customers and their auditors. The ISAE 3000 report provides information and assurance on the security and reliability of SWIFT’s core messaging services. The document is aligned with CPMI-IOSCO’s "Oversight expectations applicable to critical service providers" and the related assessment framework.
Alliance Lite2 ISAE 3000 Report
As of 2016, SWIFT also provides a third-party assurance report (under the same standard and using the same framework) for Alliance Lite2. This report has received an unqualified opinion from Deloitte, covering the 2021 calendar year.
Interface Products ISAE 3000 Report
As of 2018, SWIFT also provides a third-party assurance report (under the same standard and using the same framework) for Interface Products. This report has received an unqualified opinion from Deloitte, covering the 2021 calendar year.
Customers of SWIFT
For a copy of the SWIFTNet and FIN ISAE 3000, Interface Products ISAE3000 or the Lite2 ISAE 3000 report, request by email to AssuranceQuestions.Generic@swift.com. Please provide the following when requesting the report:
- Indicate which Report is being requested (SN/FIN, Interface Products or Lite2 report)
- Recipient’s name (and title Mr or Ms)
- Recipient’s job title
- Recipient’s email address
- User organisation’s BIC Code
Each report is confidential, and distribution is restricted to named officials at SWIFT user organisations with a reasonable stated purpose to receive the report.
Please note that the electronic copy of each report is password protected. It has the recipient’s name on each page; and printing or copying of the report are disabled.
Potential Customers of SWIFT
Organisations evaluating the use of SWIFT products and services that are not yet SWIFT customers, may also obtain a copy of the ISAE reports after completing and signing a non-disclosure agreement.