Internal and external testing of our capabilities means our Security Operations Centre, who monitor for threats 24 hours a day, 7 days a week, are prepared to respond and keep our services running and our systems secure.
Along with our monitoring capabilities, we work with the wider financial services industry and the National Cyber Security Centre to share good practice and intelligence on new and evolving cyber threats. We also undertake the Bank of England’s CBEST framework, which delivers intelligence-led cyber security tests that replicate the behaviours of real-world threat actors. For the fourth year in a row, Nationwide continues to be recognised as compliant to the Payment Card Data Industry Data Security Standards (PCI DSS), for Merchant processes, following an external assessment.
From an audit perspective, this year we completed re-certification of ISO 27001, an international standard on managing information security. We also utilise PwC for an annual cybersecurity maturity assessment and external auditors, Ernst and Young, to assess the Security Controls as part of the annual IT and Security Risk Assurance Audit. External attestation is provided on our Cyber Security position to Swift on an annual basis, in addition to our annual commitment to satisfy the security requirements for each of the Payments schemes - Link, BACS and PayM.