Understand the Swift,

For trouble-free

Swift business, information and network security of the core components within the whole organization (from board level to the CEO and executives, to the operations department) for active management.

Swift, the comprehensive information security measures.These measures are intended to cope with the extreme situation, as well as to prevent any physical and logical access unauthorized, such access could lead to the confidentiality, integrity, or availability.We include protect our workplace physical control and prevent unauthorized access to data and the logical access system, also including our ability to detect, response and recovery.

In order to ensure the physical security of IT assets and data, we design and build special-purpose data center into the highest level of protection mechanism;Business requirements based on strict review mechanism, strict access control for the site;And in the process of the whole cycle of computer hardware and media operation to enforce strict control.

In our service and software architecture, design, development, maintenance and operation, we also adopt a similar way.By using a structured development theory, we make sure the Swift services in support of our customers business, software and technology in the logic of highest level of security.Consists of security professionals specialized team cooperation with industry leaders to review all design and safety practices, provide guidance, support, and testing services, and to ensure that our products and service to the customers before the proper design, implementation and operation.

The risk framework

Swift, the depth into the risk management in the operation, and our risk management based on the risk of very deep culture, the culture is reflected in our motto: "never trouble-free" (FNAO).Three solid defense support and supervision and Swift method of risk management.The first is the management, the line of defense is responsible for the development and implementation of reliability and security of the solid framework;The second is, risk and compliance department is responsible for the overall risk framework;The third is the auditing department.All of these lines are backed by powerful third-party security 雷竞技手机版appsystem, and by the external security audit institutions according to the applicable International authentication business guidelines (International Standards on Assurance Engagements) request submit audit reports.

Swift's overall enterprise risk management framework within the organization for the whole of Swift provides a unified, overall risk management point of view, and based on other risk management and control of Swift operation, such as information security risk management.Information security risk management framework specifies how to identify and reduce the safety risk, track and report to the board of directors of the Swift such risk step by step.The framework is designed to reflect evolving risk management practices, because of the risk management practices in response to new threats and to adjust the arms race in the network.

Swift, internal audit and external security audit continuously on risk and control functions of Swift, independent and objective review, assessment and report, jointly build perfect information security risk management system.Internal audit team itself accept outside review regularly, it can assure the board of directors and Swift management team operation in accordance with international auditing standards and practices.

The network map

Swift network security very seriously.We actively from various public and proprietary or confidential channels to understand the external network events, malicious technique and network threats, push us in the prevention, detection and/or continuing to pour money into resilience.Whenever our full investigation makes us believe that such a threat or weak links may pose a risk to our operation safety, we will promptly take appropriate action to reduce such risks and protect our service.

We and widely recognized standard (such as ISO or NIST network framework, strategic and long-term investing heavily in network infrastructure.But we acknowledge that there is no excuse for complacency;We must not be we as a global financial infrastructure role of core strength and reputation.Swift will continue to invest and focus on safety, to maintain in the threat of a changing pattern leading status.In view of the increasing threats, Swift, formulation and implementation of network security for three years period roadmap, the roadmap to define our focus in security field.Our network investment can be divided into four main aspects:

• Understanding - the adversary and understand our own risk;
• Prevention - increase the inherent difficulty of enemy activity, prevent the network attack;
• Plan - never underestimate the enemy, seek detection may break our line of attack;
• Management - imagine a problem situation.To prepare for the worst, ready to deal with and to attack and recovery.

Swift message transfer service

Swift message transfer services provided in the Swift internal environment, the environment including Swift and direct operation and its crew have (and control) of all workplaces, infrastructure, software, products and services.Swift message to the customer environment strict security, confidentiality and integrity protection.We implement control and adopt some procedures to prevent unauthorized data message was disclosed, guarantee the sources, prevent unauthorized to tamper with a message, and detect message destroy.And content authentication function to ensure that only allows for effective message processing and related sequence is transmitted to the designated recipient.

We engaged, message transfer service availability, and we guarantee that message and related customer data confidentiality and integrity, as well as the protection of privacy in Swift environment.

Our customer send messagedata* have been advanced security verification and recognition technology.Leave the messageThe customer* * enter the Swift environment before the technology first-class cryptographic operations.Subject to the confidentiality and integrity commitment of Swift, the message in the whole transmission process stay protected Swift environment, transmitted to the recipient until its safety.All customers in stored in Swift message system are encrypted.

availability

Swift message transfer service aims to provide all the year round, but certain limited planned downtime time exception.We maintain multiple operation center (OPC), provide total redundancy.In each operation center, the central system aims to avoid a single point of failure by multiple local machine room.In 2014, Swift in Sweden, first-class operation center fully put into operation.This new IT infrastructure has the capacity to support the global message transfer flow.Swift with all other measures for recovery and backup in the case of insufficient of extreme (this is unlikely to happen) to restore the limits of message transfer ability.

confidentiality

We prevent customer data disclosed without authorization.Our security measures for the physical and logical access all powerful control, including physical measures to protect the workplace and logic control based on business needs to implement access restrictions.All of the customers in the system or leave the Swift data stored in the Swift message center technology first-class cryptographic operations were carried out.In addition, customer message processing, and stored in the most accord with the requirement of customers in terms of data privacy laws and regulations of the operations center geographical area.

integrity

Swift proprietary public keys, digital certificate and digital signature verification in the ways of sent by the sender and the integrity of the message.Swift by verifying the signature to confirm message integrity, and through the verification certificate to verify the sender.Swift, to ensure that a message transmitted in proper sequence to the specified recipient and provide end-to-end security, let the sender to the receiver specified by how's signature, and can let the receiver to a message integrity and the sender for verification.As a result, the data message issued by sending and receiving device and control completely, and message originators can provide authentication to the recipient to ensure the newspaper article has not been tampered with during transmission.

resilience

Swift message transfer service for the world's financial markets seamless operation is very important, therefore, we pay special attention to our resilience message transfer service.Our infrastructure design, build and test is designed to make it in stress, interference, under the condition of fault or malicious act is still available, and satisfy the specified recovery time objectives.

Because we have high recovery characteristics of infrastructure, our message transfer service is unlikely to be sustained.Swift's founding has been highly available IT service leader, and the resilience commitment continues today.Swift has been using it according to the principle to design and implement written resilience highly renewable sexual experience in architecture.

We maintain multiple operation centers to provide total redundancy, and our operations center is widely distributed in more than one location, these positions are considered carefully chosen after potential man-made and natural disasters.In the center of each operation, the system architecture is designed to eliminate single points of failure.Each operation center system and network design and configuration is designed to meet the Swift in the related areas of users processing and storage requirements.

High security operations center, access to operations center is under strict control.Each operation center for critical equipment (from the server to the cooling device and power supply) to set aside the local redundancy.Packet data before the transfer is always stored in two geographically separate operations center.

In order to deal with multiple operations center at the same time the failure of the extreme situation, we can activate completely independent disaster recovery infrastructure to keep message transfer service continues to run.Service continuity test plan based on predefined condition and expected results, according to the plan published and audited.Swift, at least once a year to test if it can receive the disaster site within the given time.

Swift will affect its message transfer service prepared small probability events.We each year hundreds of business continuity testing, these tests involve all aspects of the different employees, the local government departments and customers, and covers the different situations, including network related events.We have established a dedicated network business continuity plan.After our test assessment to ensure that we take the related important improvement action.

Swift, its service recovery ability regularly accept external and internal audit, and will recover the ability to include within the scope of the external audit report.

Third-party verification was achieved by external audit

Swift, the external security audit institutions every year to our message transfer service for independent external audit.The audit in accordance with the applicable requirements of the "rule of the international authentication business.The resulting report is Swift in a specific range of services to provide security and reliability of the third party verification.We have according to ISAE 3402 standard draft report in 2015 and previous years, this report contains the opinions of the independent security audit institutions, suggests that such institutions reasonably sure that Swift implementation of enough to effectively control to achieve its governance, confidentiality, integrity, availability, and change control objectives set by management.Since 2016, we according to ISAE standard draft report 3000.Report in accordance with CPMI IOSCO's key Service provider code (Expectations for Critical Service will) requirements, risk management, security management, technology management, resilience and user communication, and other fields.ISAE 3402 and ISAE 3000 belong to the international standard, can make Swift such service providers with respect to its process and control to the customer and its auditors provide independent verification.

Each year, the report shall provide to the customer request, and according to the appropriate confidentiality arrangements to potential customers.

For electronic versions of the 3402 Type 2 ISAE report 2015, please clickHere,.

* file can also be sent via our FileAct message transfer service.Protect control message is equally applicable to file.

* * partners or the customer environment.