Rules, policies and certifications

PCI/DSS 3.2.1. Service Provider
Date of last certification (February 2020)
Certification of security in the processing of payment cards. The standard applies to all entities that store, process, transmit card holders' data and/or sensitive authentication data. In the case of the Intesa Sanpaolo Group, certification covers the systems managed in service for Mercury Payment Services S.p.A.

ISO 37001 2019 International standard of reference for organisations in relation to the prevention of corruption and operational tool that adds to the anti-corruption measures already envisaged, at the regulatory level, by individual countries.
ISO 22301
Date of last certification (December 2019)
Gross settlement processes in Central Bank currency.
ISO 27001
Date of last certification (November 2019)
Supply and management of technological infrastructure to support the operation of foreign banks at data centers in the Italian territory of Intesa Sanpaolo.
Regulation (EU) 910/2014 eIDAS
Date of last certification
 (September 2019)
For the delivery of the digital document retention service.
Regulation (EU) 910/2014 eIDAS
Date of last certification
 (May 2019)
For Qualified Trustees. For the Certification Authority service.
UNI ISO 45001:2018 2017 With the aim of enhancing the health and safety protection of its employees, since 2017 the Occupational Health and Safety Management System has undergone an annual inspection by an independent third party which certifies its compliance with current legislation and industry standards. In 2018 has been extended to all branches and in 2019 the transition from the previous standard (BS OHSAS 18001) to the current one has been made.
ISO 26000 2014 International standard dedicated to the integration of corporate social responsibility in business practice. These are not certifiable guidelines, in keeping with the concept of responsibility that does not provide obligations but guidance.
The areas covered by ISO 26000 are: organisation governance, human rights, workers’ protection, environment, fairness in operating practices, customer issues, community involvement and development
ISO/IEC 27001:2013 2013* Development, delivery and management of applications by Risk Technology group, in support of business processes managed by the Infrastructure IT Market Risk Management Unit of the Market and Financial Risk Department.
ISO 50001:2018
2012 Energy Management System (SGE) certification
ISO/IEC 27001:2013 2012* Analysis, design, development, maintenance and provision of Electronic Signature on Digital Tablet service (Intesa Sanpaolo)
ISO/IEC 27001:2013 2010* Analisys, design, development, maintenance and provision of services for Corporate Internet Banking (Intesa Sanpaolo)
ISO/IEC 27001:2013 2005* Analysis, planning, development, maintenance and provision of services for Internet and Phone Banking Retail (Intesa Sanpaolo)
ISO/IEC 27001:2013 2005* Analysis, planning, development, maintenance and provision of Bankidentity service  (Intesa Sanpaolo)
UNI EN ISO 14001:2015 2005 Environment management system certification
{"toolbar":[{"label":"Refresh","url":"","key":"update-page"},{"label":"Print","url":"","key":"print-page"},{"label":"Alert","url":"","key":"enable-alert"},{"label":"Request for Annual Reports","url":"/en/investor-relations/request-for-annual-reports","key":"business-budget"},{"label":"Financial Calendar","url":"/en/investor-relations/financial-calendar","key":"financial-calendar"}]}