Certifications

In order to prove the consistency of our processes with the best domestic and international standards, Intesa Sanpaolo obtained various types of certification from recognised external organisations.

CERTIFICATION	SCOPE OF APPLICATION

ISO 26000	International standard to which the bank adheres since 2014 dedicated to the integration of social responsibility in corporate practice. The areas covered by ISO 26000 are: governance of the organization, human rights, worker protection, environment, fairness of management practices, issues relating to customers, community involvement and development. Governance evaluation – Social Responsibility (ref. ISO 26000:2010)
ISO 37001	International standard of reference for organisations in relation to the prevention of corruption and operational tool that adds to the anti-corruption measures already envisaged, at the regulatory level, by individual countries. The certification has been active since 2019 for Intesa Sanpaolo and since 2022 for the Group's banking, financial and insurance companies.
UNI ISO 45001:2018	Since 2017 the Occupational Health and Safety Management System has undergone an annual inspection by an independent third party which certifies its compliance with current legislation and industry standards. In 2018 has been extended to all branches and in 2019 the transition from the previous standard (BS OHSAS 18001) to the current one has been made.
UNI CEI EN ISO 50001:2018	Energy Management System (SGE) certification. Certification active since 2012
UNI EN ISO 14001:2015	Environment management system certification. Certification active since 2005
UNI ISO 45003:2021	Certification of the process for managing risks from work-related stress, robberies and aggressive and discriminatory behaviour.
GEEIS-Diversity	Gender Equality European & International Standard is an international certification of the Arborus Association issued through Bureau Veritas and aimed at evaluating the commitment of organizations to include and foster all forms of diversity. The certificate, obtained in June 2021, refers to all the banks and companies of the Group in Italy.
UNI PDR 125:2022	Certification for gender equality envisaged by the National Recovery and Resilience Plan (NRRP). Intesa Sanpaolo obtained the certification issued by Bureau Veritas thanks to the involvement and commitment of the top management towards the diversity and inclusion initiatives, the Principles on Diversity & Inclusion, the D&I Strategic Plan for the enhancement of diversity as essential components for the growth of the Group, and the work of the D&I Operating Committee.
ISO 27001	ISO/IEC 27001:2022 specifies the requirements for a proper definition, implementation, management and improvement over time of an Information Security Management System. The certification obtained relates to the perimeters BancaIdentity, Electronic Signature on Digital Tablet and digital documents Conservation Service, Retail Internet Banking, Digital Branch, Corporate Internet Banking, Foreign Banks operations services and Market Risk IT Infrastructure.
ISO/IEC 20000 (Conservation according to law)	The international standard ISO/IEC 20000-1:2018 defines the requirements for designing, implementing, maintaining and continuously improving a Service Management System (SGS), aimed at ensuring the provision of high-quality and reliable IT services. As part of this management system, Intesa Sanpaolo has included the Compliant Archiving service, with specific reference to the storage of electronic documents, in accordance with the provisions of the AgID Regulation.
ISO 22301	The standard regulates the business continuity management model of processes and related resources according to the criticality necessary to deal with scenarios of unavailability of people, offices or IT services.
eIDAS (Trust Services)	The EU eIDAS Regulation 910/2014 (Electronic IDentification Authentication and Signature) aims to provide a regulatory basis at EU level for trust services and electronic identification instruments of member states.
PCI PIN Security	PCI PIN Security includes a comprehensive set of requirements (based on industry standards) for the secure management, processing and transmission of personal identification data (PIN) during card transaction processing payment machines participating in the online and offline International Circuits at automatic teller machines (ATMs and CSAs) and point of sale terminals (POS), to which Intesa Sanpaolo periodically certifies the relative compliance.
EURIBOR	The Corporate Governance Code issued by EBF and its annex define the general rules and safety levels applicable to the calculation process of the Euribor index, as well as the specific rules applicable to banks that contribute to the calculation of the Euribor index.
TARGET	TARGET is the ECB's European system comprising the T2 (Real Time Gross Settlement -RTGS), TIPS (Instant Payments) and T2S (Securities Settlement).
CAI	The creation of an IT archive, defined as the Interbank Alarm Center, is required in Legislative Decree no. 507 of 12/30/99. The subsequent Regulation of the Governor of the Bank of Italy of 29/01/02 defines the requirements that the Banking Institutions must comply with to ensure the security of the information system of the archive itself.
SIAnet Security Programme	The SIAnet Security Programme is a programme introduced by NEXI with the aim of raising the security level of the payment network. The SIAnet Security Programme defines and annually updates the security requirements for participants.
SWIFT CSP	The Customer Security Programme (CSP) is a programme introduced by SWIFT with the aim of raise the security level of the payment network. It defines and annually updates the framework of security requirements for BICs (Bank Identifier Codes) active on the network.

Last updated 12 May 2025 at 11:46:28