Rules, policies and certifications
In order to prove the consistency of our processes with the best domestic and international standards, Intesa Sanpaolo obtained various types of certification from recognised external organisations.
CERTIFICATION | YEAR LAUNCHED | SCOPE OF APPLICATION | |
ISO 37001 | 2019 | International standard of reference for organisations in relation to the prevention of corruption and operational tool that adds to the anti-corruption measures already envisaged, at the regulatory level, by individual countries |
|
OHSAS 18001:2007 |
2017 | With the aim of enhancing the health and safety protection of its employees, since 2017 the Occupational Health and Safety Management System has undergone an annual inspection by an independent third party which certifies its compliance with current legislation and industry standards. In 2018 has been extended to all branches. | |
ISO 26000 | 2014 | International standard dedicated to the integration of corporate social responsibility in business practice. These are not certifiable guidelines, in keeping with the concept of responsibility that does not provide obligations but guidance. The areas covered by ISO 26000 are: organisation governance, human rights, workers’ protection, environment, fairness in operating practices, customer issues, community involvement and development |
|
PCI/DSS | 2013 | Certification relating payment card data security for Setefi systems managed by Intesa Sanpaolo Group Services | |
ISO/IEC 27001:2013 | 2013* | Development, delivery and management of applications by Risk Technology group, in support of business processes managed by the Market Risks and Financial Evaluation Unit of the Risk Management Department | |
UNI CEI EN ISO 50001:2011 |
2012 | Energy Management System (SGE) certification | |
ISO/IEC 27001:2013 | 2012* | Analysis, design, development, maintenance and provision of Electronic Signature on Digital Tablet service (Intesa Sanpaolo Group Services) | |
ISO 20001-1:2011 | 2011 | IT Service Management System that supports the Data Center services - Application Management and Facility Management (Intesa Sanpaolo Group Services) | |
UNI EN ISO 9001:2008 | 2010 | Design, development and provision of collection services and payment and treasury and cash management services to institution and public administrations | |
UNI EN ISO 9001:2008 | 2010 | Design and provision of services for the management of information security and Disaster Recovery of IT systems in the Intesa Sanpaolo Group (Intesa Sanpaolo Group Services) | |
ISO/IEC 27001:2013 | 2010* | Analisys, design, development, maintenance and provision of services for Corporate Internet Banking (Intesa Sanpaolo Group Services) | |
UNI EN ISO 9001:2015 |
2004 | Design and provision of prevention and protection services in terms of workers' health and safety and occupational health within the services sector | |
ISO/IEC 27001:2013 | 2005* | Analysis, planning, development, maintenance and provision of services for Internet and Phone Banking Retail (Intesa Sanpaolo Group Services) | |
ISO/IEC 27001:2013 | 2005* | Analysis, planning, development, maintenance and provision of Bankidentity service (Intesa Sanpaolo Group Services) | |
UNI EN ISO 14001:2015 | 2005 | Environment management system certification | |
PattiChiari | 2003 | This initiative aims at supplying clients with simple and reliable tools that make it easier to understand banking products and to compare offers from various banks enabling them to choose the product most suited to meet their needs. In this way clients, who become more conscious, can take on a more active role in their relations with the bank. For information on the various agreements and certifications of the banks in the Group please consult the following site: www.pattichiari.it |
* certification initially standard ISO/IEC 27001:2005, upgraded to version 2013
In addition to the certifications listed above, there are two other areas which, while not having a certificate issued by an independent body, are in any case subject to conformity assessment ("self-certification") conducted by the Planning and IT Security Standard Unit in compliance with international standards of reference:
TARGET 2: is the technical platform for the Europagamenti, launched in November 2007. The Critical Participants (including Intesa Sanpaolo) have a commitment to self-certify annually that the security of TARGET2 infrastructure is aligned with ISO / IEC 27002:2005 standard;
CAI: the Banca d’Italia regulation requires that the Banks must ensure the security of the computer archive, called Centrale d’Allarme Interbancaria (Interbank Alarm HEADQUARTERS); this result is obtained through the verification of compliance of the archive with the standard ISO / IEC 27002 : 2005.
Last updated 26 October 2019 at 15:33:23