This website uses profiling cookies in order to send customised advertising messages and allows “third party” cookies (cookies set by a different website) to be sent. The cookie is used for 1 year. For more information, to opt-out of cookies, or customise the cookie settings, please visit the specific section (Privacy Cookie Policy).

Accept More Options
{"clientID":"2b71d197-0c21-4234-ba98-2689b888f985","signature":"664610f33aa0503128c41216cec8b65f079ea4ee9ece982d6c7d6715d0fc4e88","encryption":"68cad83b4246825bd81d4bc1059d4620","keyID":"183b753b-7f28-af43-f453-4bd93774f44a","user":"C1AAFC8C323DFDA567B3CD7D0E48C3DD"}
Homepage
Sustainability
Rules, policies and certifications

Rules, policies and certifications

Rules and policies
Certifications

In order to prove the consistency of our processes with the best domestic and international standards, Intesa Sanpaolo obtained various types of certification from recognised external organisations.

CERTIFICATION YEAR LAUNCHED SCOPE OF APPLICATION
 
PCI/DSS 3.2.1. Service Provider
 Date of last certification (February 2020)
 Certification of security in the processing of payment cards. The standard applies to all entities that store, process, transmit card holders' data and/or sensitive authentication data. In the case of the Intesa Sanpaolo Group, certification covers the systems managed in service for Mercury Payment Services S.p.A.
ISO 37001 2019 International standard of reference for organisations in relation to the prevention of corruption and operational tool that adds to the anti-corruption measures already envisaged, at the regulatory level, by individual countries.
ISO 22301
 Date of last certification (December 2019)
 Gross settlement processes in Central Bank currency.
ISO 27001
 Date of last certification (November 2019)
 Supply and management of technological infrastructure to support the operation of foreign banks at data centers in the Italian territory of Intesa Sanpaolo.
Regulation (EU) 910/2014 eIDAS
 Date of last certification
 (September 2019)
 For the delivery of the digital document retention service.
Regulation (EU) 910/2014 eIDAS
 Date of last certification
 (May 2019)
 For Qualified Trustees. For the Certification Authority service.
UNI ISO 45001:2018 2017 With the aim of enhancing the health and safety protection of its employees, since 2017 the Occupational Health and Safety Management System has undergone an annual inspection by an independent third party which certifies its compliance with current legislation and industry standards. In 2018 has been extended to all branches and in 2019 the transition from the previous standard (BS OHSAS 18001) to the current one has been made.
ISO 26000 2014 International standard dedicated to the integration of corporate social responsibility in business practice. These are not certifiable guidelines, in keeping with the concept of responsibility that does not provide obligations but guidance.
The areas covered by ISO 26000 are: organisation governance, human rights, workers’ protection, environment, fairness in operating practices, customer issues, community involvement and development
ISO/IEC 27001:2013 2013* Development, delivery and management of applications by Risk Technology group, in support of business processes managed by the Infrastructure IT Market Risk Management Unit of the Market and Financial Risk Department.
UNI CEI EN
ISO 50001:2011		 2012 Energy Management System (SGE) certification
ISO/IEC 27001:2013 2012* Analysis, design, development, maintenance and provision of Electronic Signature on Digital Tablet service (Intesa Sanpaolo)
ISO/IEC 27001:2013 2010* Analisys, design, development, maintenance and provision of services for Corporate Internet Banking (Intesa Sanpaolo)
ISO/IEC 27001:2013 2005* Analysis, planning, development, maintenance and provision of services for Internet and Phone Banking Retail (Intesa Sanpaolo)
ISO/IEC 27001:2013 2005* Analysis, planning, development, maintenance and provision of Bankidentity service  (Intesa Sanpaolo)
UNI EN ISO 14001:2015 2005 Environment management system certification

* certification initially standard ISO/IEC 27001:2005, upgraded to version 2013

In addition to the certifications listed above, there are other areas which, while not having a certificate issued by an independent body, are in any case subject to conformity assessment ("self-certification") conducted by the Cybersecurity and Business Continuity Management function in compliance with international standards of reference:

TARGET 2: is the technical platform for the Europagamenti, launched in November 2007. The Critical Participants (including Intesa Sanpaolo) have a commitment to self-certify annually that the security of TARGET2 infrastructure is aligned with ISO / IEC 27002:2005 standard.

CAI: the Banca d’Italia regulation requires that the Banks must ensure the security of the computer archive, called Centrale d’Allarme Interbancaria (Interbank Alarm HEADQUARTERS); this result is obtained through the verification of compliance of the archive with the standard ISO / IEC 27002 : 2005.  

EONIA/EURIBOR: are the two codes of Conduct issued by EMMI Eonia and Self-Discipline issued by EBF Euribor that define the rules that govern the process of determining and contributing the Eonia index, to which all banks contributing must comply ("Panel Banks") and the general rules and safety levels applicable to the Euribor index calculation process, as well as the specific rules applicable to banks contributing to the calculation of the Euribor (Panel Banks) index. Intesa Sanpaolo self-certifies for the FCHUB Infrastructure perimeter used for the contribution of EURIBOR / EONIA rates.

CSP SWIFT: the Customer Security Programme (CSP) introduced by SWIFT to combat cyber threats, in particular possible fraud, includes a series of controls to increase the security of SWIFT users and the entire financial ecosystem, who are required to self-certify their compliance with these controls. Intesa Sanpaolo self-certifies the SWIFT Messaging Management Infrastructure.

Last updated 8 October 2020 at 16:32:27

{"toolbar":[{"label":"Refresh","url":"","key":"update-page"},{"label":"Print","url":"","key":"print-page"},{"label":"Alert","url":"","key":"enable-alert"},{"label":"Request for Annual Reports","url":"/en/investor-relations/request-for-annual-reports","key":"business-budget"},{"label":"Financial Calendar","url":"/en/investor-relations/financial-calendar","key":"financial-calendar"}]}
Facebook Facebook YouTube YouTube Twitter Twitter LinkedIn LinkedIn Instagram Instagram
Intesa Sanpaolo
Transparency
Compara Conti
Fondo di garanzia
per le PMI del Ministero dello Sviluppo Economico (Legge 662/96 )

Copyright 2019 © Intesa Sanpaolo