As documented in the Independent Assessment Framework (IAF), all SWIFT users have to perform a Community Standard Assessment to further enhance the accuracy of their attestations. SWIFT mandates that attestations submitted under CSCFv2020 (i.e. as from mid-2020) are independently assessed through either an external or an internal assessment. The option to self-attest will remain available in 2020 and onwards but will be considered as non-compliant.
If you opt for an external assessment, this has to be performed by an independent external organisation. You must ensure that the assessor has existing cybersecurity assessment experience, and that individual assessors have relevant security industry certification(s). For detailed requirements, see section 5 in the IAF.